diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms')
419 files changed, 31634 insertions, 32814 deletions
diff --git a/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java b/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java index 4cfe9a45..f53e65ea 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java +++ b/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - import java.io.IOException; import java.io.PushbackReader; import java.io.StringReader; @@ -36,24 +35,27 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.EAuthException; import com.netscape.certsrv.authentication.ECompSyntaxErr; - /** - * class for parsing a DN pattern used to construct a certificate - * subject name from ldap attributes and dn.<p> + * class for parsing a DN pattern used to construct a certificate subject name + * from ldap attributes and dn. + * <p> + * + * dnpattern is a string representing a subject name pattern to formulate from + * the directory attributes and entry dn. If empty or not set, the ldap entry DN + * will be used as the certificate subject name. + * <p> * - * dnpattern is a string representing a subject name pattern to formulate from - * the directory attributes and entry dn. If empty or not set, the - * ldap entry DN will be used as the certificate subject name. <p> + * The syntax is * - * The syntax is * <pre> - * dnPattern := rdnPattern *[ "," rdnPattern ] - * rdnPattern := avaPattern *[ "+" avaPattern ] + * dnPattern := rdnPattern *[ "," rdnPattern ] + * rdnPattern := avaPattern *[ "+" avaPattern ] * avaPattern := name "=" value | - * name "=" "$attr" "." attrName [ "." attrNumber ] | - * name "=" "$dn" "." attrName [ "." attrNumber ] | - * "$dn" "." "$rdn" "." number + * name "=" "$attr" "." attrName [ "." attrNumber ] | + * name "=" "$dn" "." attrName [ "." attrNumber ] | + * "$dn" "." "$rdn" "." number * </pre> + * * <pre> * Example1: <i>E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US </i> * Ldap entry: dn: UID=jjames, OU=IS, OU=people, O=acme.org @@ -80,11 +82,12 @@ import com.netscape.certsrv.authentication.ECompSyntaxErr; * E = the first 'mail' ldap attribute value in user's entry. <br> * CN = the (first) 'cn' ldap attribute value in the user's entry. <br> * OU = the second 'ou' value in the user's entry DN. note multiple AVAs - * in a RDN in this example. <br> + * in a RDN in this example. <br> * O = the (first) 'o' value in the user's entry DN. <br> * C = the string "US" * <p> * </pre> + * * <pre> * Example3: <i>CN=$attr.cn, $rdn.2, O=$dn.o, C=US</i> * Ldap entry: dn: UID=jjames, OU=IS+OU=people, O=acme.org @@ -109,15 +112,16 @@ import com.netscape.certsrv.authentication.ECompSyntaxErr; * <p> * CN = the (first) 'cn' ldap attribute value in the user's entry. <br> * OU = the second 'ou' value in the user's entry DN followed by the - * first 'ou' value in the user's entry. note multiple AVAs - * in a RDN in this example. <br> + * first 'ou' value in the user's entry. note multiple AVAs + * in a RDN in this example. <br> * O = the (first) 'o' value in the user's entry DN. <br> * C = the string "US" * <p> * </pre> - * If an attribute or subject DN component does not exist the attribute - * is skipped. - * + * + * If an attribute or subject DN component does not exist the attribute is + * skipped. + * * @version $Revision$, $Date$ */ class AVAPattern { @@ -130,8 +134,8 @@ class AVAPattern { private static final char[] endChars = new char[] { '+', ',' }; - private static final LdapV3DNStrConverter mLdapDNStrConverter = - new LdapV3DNStrConverter(); + private static final LdapV3DNStrConverter mLdapDNStrConverter = + new LdapV3DNStrConverter(); /* ldap attributes needed by this AVA (to retrieve from ldap) */ protected String[] mLdapAttrs = null; @@ -140,7 +144,7 @@ class AVAPattern { protected String mType = null; /* the attribute in the AVA pair */ - protected String mAttr = null; + protected String mAttr = null; /* value - could be name of an ldap attribute or entry dn attribute. */ protected String mValue = null; @@ -151,47 +155,47 @@ class AVAPattern { protected String mTestDN = null; public AVAPattern(String component) - throws EAuthException { - if (component == null || component.length() == 0) + throws EAuthException { + if (component == null || component.length() == 0) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", component)); parse(new PushbackReader(new StringReader(component))); } - public AVAPattern(PushbackReader in) - throws EAuthException { + public AVAPattern(PushbackReader in) + throws EAuthException { parse(in); } private void parse(PushbackReader in) - throws EAuthException { + throws EAuthException { int c; // mark ava beginning. // skip spaces - //System.out.println("============ AVAPattern Begin ==========="); - //System.out.println("skip spaces"); + // System.out.println("============ AVAPattern Begin ==========="); + // System.out.println("skip spaces"); try { - while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces read "+(char)c); + while ((c = in.read()) == ' ' || c == '\t') {// System.out.println("spaces read "+(char)c); ; } } catch (IOException e) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); } - if (c == -1) + if (c == -1) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); - // $rdn "." number syntax. + // $rdn "." number syntax. if (c == '$') { - //System.out.println("$rdn syntax"); + // System.out.println("$rdn syntax"); mType = TYPE_RDN; try { - if (in.read() != 'r' || - in.read() != 'd' || - in.read() != 'n' || - in.read() != '.') + if (in.read() != 'r' || + in.read() != 'd' || + in.read() != 'n' || + in.read() != '.') throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn")); } catch (IOException e) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn")); @@ -201,7 +205,7 @@ class AVAPattern { try { while ((c = in.read()) != ',' && c != -1 && c != '+') { - //System.out.println("rdnNumber read "+(char)c); + // System.out.println("rdnNumber read "+(char)c); rdnNumberBuf.append((char) c); } if (c != -1) // either ',' or '+' @@ -212,7 +216,7 @@ class AVAPattern { String rdnNumber = rdnNumberBuf.toString().trim(); - if (rdnNumber.length() == 0) + if (rdnNumber.length() == 0) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "$rdn number not set in ava pattern")); try { mElement = Integer.parseInt(rdnNumber) - 1; @@ -222,20 +226,20 @@ class AVAPattern { return; } - // name "=" ... syntax. + // name "=" ... syntax. - // read name - //System.out.println("reading name"); + // read name + // System.out.println("reading name"); - StringBuffer attrBuf = new StringBuffer(); + StringBuffer attrBuf = new StringBuffer(); try { while (c != '=' && c != -1 && c != ',' && c != '+') { attrBuf.append((char) c); c = in.read(); - //System.out.println("name read "+(char)c); - } - if (c == ',' || c == '+') + // System.out.println("name read "+(char)c); + } + if (c == ',' || c == '+') in.unread(c); } catch (IOException e) { throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString())); @@ -243,73 +247,73 @@ class AVAPattern { if (c != '=') throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Missing \"=\" in ava pattern")); - // read value - //System.out.println("reading value"); + // read value + // System.out.println("reading value"); - // skip spaces - //System.out.println("skip spaces for value"); + // skip spaces + // System.out.println("skip spaces for value"); try { - while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces2 read "+(char)c); + while ((c = in.read()) == ' ' || c == '\t') {// System.out.println("spaces2 read "+(char)c); ; } } catch (IOException e) { throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString())); } - if (c == -1) + if (c == -1) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "no value after = in ava pattern")); if (c == '$') { - // check for $dn or $attr + // check for $dn or $attr try { c = in.read(); - //System.out.println("check $dn or $attr read "+(char)c); + // System.out.println("check $dn or $attr read "+(char)c); } catch (IOException e) { throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString())); } - if (c == -1) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + if (c == -1) + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "expecting $dn or $attr in ava pattern")); if (c == 'a') { try { - if (in.read() != 't' || - in.read() != 't' || - in.read() != 'r' || - in.read() != '.') - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + if (in.read() != 't' || + in.read() != 't' || + in.read() != 'r' || + in.read() != '.') + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "expecting $attr in ava pattern")); } catch (IOException e) { throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString())); } mType = TYPE_ATTR; - //System.out.println("---- mtype $attr"); + // System.out.println("---- mtype $attr"); } else if (c == 'd') { try { - if (in.read() != 'n' || - in.read() != '.') + if (in.read() != 'n' || + in.read() != '.') throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "expecting $dn in ava pattern")); } catch (IOException e) { throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString())); } mType = TYPE_DN; - //System.out.println("----- mtype $dn"); + // System.out.println("----- mtype $dn"); } else { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "unknown keyword. expecting $dn or $attr.")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "unknown keyword. expecting $dn or $attr.")); } - // get attr name of dn pattern from above. + // get attr name of dn pattern from above. String attrName = attrBuf.toString().trim(); - //System.out.println("----- attrName "+attrName); - if (attrName.length() == 0) + // System.out.println("----- attrName "+attrName); + if (attrName.length() == 0) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "attribute name expected")); - try { - ObjectIdentifier attrOid = - mLdapDNStrConverter.parseAVAKeyword(attrName); + try { + ObjectIdentifier attrOid = + mLdapDNStrConverter.parseAVAKeyword(attrName); - mAttr = mLdapDNStrConverter.encodeOID(attrOid); - //System.out.println("----- mAttr "+mAttr); + mAttr = mLdapDNStrConverter.encodeOID(attrOid); + // System.out.println("----- mAttr "+mAttr); } catch (IOException e) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.getMessage())); } @@ -318,40 +322,40 @@ class AVAPattern { StringBuffer valueBuf = new StringBuffer(); try { - while ((c = in.read()) != ',' && - c != -1 && c != '.' && c != '+') { - //System.out.println("mValue read "+(char)c); + while ((c = in.read()) != ',' && + c != -1 && c != '.' && c != '+') { + // System.out.println("mValue read "+(char)c); valueBuf.append((char) c); } if (c == '+' || c == ',') // either ',' or '+' - in.unread(c); // pushback last , or + + in.unread(c); // pushback last , or + } catch (IOException e) { throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString())); } mValue = valueBuf.toString().trim(); - if (mValue.length() == 0) + if (mValue.length() == 0) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "$dn or $attr attribute name expected")); - //System.out.println("----- mValue "+mValue); + // System.out.println("----- mValue "+mValue); - // get nth dn or attribute from ldap search. + // get nth dn or attribute from ldap search. if (c == '.') { StringBuffer attrNumberBuf = new StringBuffer(); try { while ((c = in.read()) != ',' && c != -1 && c != '+') { - //System.out.println("mElement read "+(char)c); + // System.out.println("mElement read "+(char)c); attrNumberBuf.append((char) c); } if (c != -1) // either ',' or '+' - in.unread(c); // pushback last , or + + in.unread(c); // pushback last , or + } catch (IOException e) { throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString())); } String attrNumber = attrNumberBuf.toString().trim(); - if (attrNumber.length() == 0) + if (attrNumber.length() == 0) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "nth element $dn or $attr expected")); try { @@ -361,18 +365,18 @@ class AVAPattern { "Invalid format in nth element $dn or $attr")); } } - //System.out.println("----- mElement "+mElement); + // System.out.println("----- mElement "+mElement); } else { // value is constant. treat as regular ava. mType = TYPE_CONSTANT; - //System.out.println("----- mType constant"); - // parse ava value. + // System.out.println("----- mType constant"); + // parse ava value. StringBuffer valueBuf = new StringBuffer(); valueBuf.append((char) c); try { while ((c = in.read()) != ',' && - c != -1) { + c != -1) { valueBuf.append((char) c); } if (c == '+' || c == ',') { // either ',' or '+' @@ -381,11 +385,11 @@ class AVAPattern { } catch (IOException e) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.getMessage())); } - try { - AVA ava = mLdapDNStrConverter.parseAVA(attrBuf + "=" + valueBuf); + try { + AVA ava = mLdapDNStrConverter.parseAVA(attrBuf + "=" + valueBuf); mValue = ava.toLdapDNString(); - //System.out.println("----- mValue "+mValue); + // System.out.println("----- mValue "+mValue); } catch (IOException e) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.getMessage())); } @@ -393,19 +397,19 @@ class AVAPattern { } public String formAVA(LDAPEntry entry) - throws EAuthException { - if (mType == TYPE_CONSTANT) + throws EAuthException { + if (mType == TYPE_CONSTANT) return mValue; if (mType == TYPE_RDN) { String dn = entry.getDN(); - if (mTestDN != null) + if (mTestDN != null) dn = mTestDN; - //System.out.println("AVAPattern Using dn "+mTestDN); + // System.out.println("AVAPattern Using dn "+mTestDN); String[] rdns = LDAPDN.explodeDN(dn, false); - if (mElement >= rdns.length) + if (mElement >= rdns.length) return null; return rdns[mElement]; } @@ -413,9 +417,9 @@ class AVAPattern { if (mType == TYPE_DN) { String dn = entry.getDN(); - if (mTestDN != null) + if (mTestDN != null) dn = mTestDN; - //System.out.println("AVAPattern Using dn "+mTestDN); + // System.out.println("AVAPattern Using dn "+mTestDN); String[] rdns = LDAPDN.explodeDN(dn, false); String value = null; int nFound = -1; @@ -426,14 +430,14 @@ class AVAPattern { for (int j = 0; j < avas.length; j++) { String[] exploded = explodeAVA(avas[j]); - if (exploded[0].equalsIgnoreCase(mValue) && - ++nFound == mElement) { + if (exploded[0].equalsIgnoreCase(mValue) && + ++nFound == mElement) { value = exploded[1]; break; } } } - if (value == null) + if (value == null) return null; return mAttr + "=" + value; } @@ -441,11 +445,11 @@ class AVAPattern { if (mType == TYPE_ATTR) { LDAPAttribute ldapAttr = entry.getAttribute(mValue); - if (ldapAttr == null) + if (ldapAttr == null) return null; String value = null; @SuppressWarnings("unchecked") - Enumeration<String> ldapValues = ldapAttr.getStringValues(); + Enumeration<String> ldapValues = ldapAttr.getStringValues(); for (int i = 0; ldapValues.hasMoreElements(); i++) { String val = (String) ldapValues.nextElement(); @@ -455,7 +459,7 @@ class AVAPattern { break; } } - if (value == null) + if (value == null) return null; String v = escapeLdapString(value); @@ -486,16 +490,16 @@ class AVAPattern { int k = i + 1; if (i == len - 1 || - (c[k] == ',' || c[k] == '=' || c[k] == '+' || c[k] == '<' || - c[k] == '>' || c[k] == '#' || c[k] == ';')) { + (c[k] == ',' || c[k] == '=' || c[k] == '+' || c[k] == '<' || + c[k] == '>' || c[k] == '#' || c[k] == ';')) { newc[j++] = '\\'; newc[j++] = c[i]; } } // escape QUOTATION else if (c[i] == '"') { - if ((i == 0 && c[len - 1] != '"') || - (i == len - 1 && c[0] != '"') || - (i > 0 && i < len - 1)) { + if ((i == 0 && c[len - 1] != '"') || + (i == len - 1 && c[0] != '"') || + (i > 0 && i < len - 1)) { newc[j++] = '\\'; newc[j++] = c[i]; } @@ -513,20 +517,19 @@ class AVAPattern { } /** - * Explode RDN into AVAs. - * Does not handle escaped '+' - * Java ldap library does not yet support multiple avas per rdn. - * If RDN is malformed returns empty array. + * Explode RDN into AVAs. Does not handle escaped '+' Java ldap library does + * not yet support multiple avas per rdn. If RDN is malformed returns empty + * array. */ public static String[] explodeRDN(String rdn) { int plus = rdn.indexOf('+'); - if (plus == -1) + if (plus == -1) return new String[] { rdn }; Vector<String> avas = new Vector<String>(); StringTokenizer token = new StringTokenizer(rdn, "+"); - while (token.hasMoreTokens()) + while (token.hasMoreTokens()) avas.addElement(token.nextToken()); String[] theAvas = new String[avas.size()]; @@ -535,17 +538,15 @@ class AVAPattern { } /** - * Explode AVA into name and value. - * Does not handle escaped '=' - * If AVA is malformed empty array is returned. + * Explode AVA into name and value. Does not handle escaped '=' If AVA is + * malformed empty array is returned. */ public static String[] explodeAVA(String ava) { int equals = ava.indexOf('='); - if (equals == -1) + if (equals == -1) return null; return new String[] { - ava.substring(0, equals).trim(), ava.substring(equals + 1).trim()}; + ava.substring(0, equals).trim(), ava.substring(equals + 1).trim() }; } } - diff --git a/pki/base/common/src/com/netscape/cms/authentication/AgentCertAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/AgentCertAuthentication.java index 270d1fa2..d248c476 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/AgentCertAuthentication.java +++ b/pki/base/common/src/com/netscape/cms/authentication/AgentCertAuthentication.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.Enumeration; @@ -48,16 +47,14 @@ import com.netscape.certsrv.usrgrp.ICertUserLocator; import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; - /** - * Certificate server agent authentication. - * Maps a SSL client authenticate certificate to a user (agent) entry in the - * internal database. + * Certificate server agent authentication. Maps a SSL client authenticate + * certificate to a user (agent) entry in the internal database. * <P> - * + * * @version $Revision$, $Date$ */ -public class AgentCertAuthentication implements IAuthManager, +public class AgentCertAuthentication implements IAuthManager, IProfileAuthenticator { /* result auth token attributes */ @@ -91,14 +88,15 @@ public class AgentCertAuthentication implements IAuthManager, /** * initializes the CertUserDBAuthentication auth manager * <p> - * called by AuthSubsystem init() method, when initializing - * all available authentication managers. + * called by AuthSubsystem init() method, when initializing all available + * authentication managers. + * * @param name The name of this authentication manager instance. * @param implName The name of the authentication manager plugin. * @param config The configuration store for this authentication manager. */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; @@ -106,7 +104,7 @@ public class AgentCertAuthentication implements IAuthManager, mUGSub = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); mCULocator = mUGSub.getCertUserLocator(); } - + /** * Gets the name of this authentication manager. */ @@ -120,7 +118,7 @@ public class AgentCertAuthentication implements IAuthManager, public String getImplName() { return mImplName; } - + public boolean isSSLClientRequired() { return true; } @@ -128,29 +126,30 @@ public class AgentCertAuthentication implements IAuthManager, /** * authenticates user(agent) by certificate * <p> - * called by other subsystems or their servlets to authenticate - * users (agents) - * @param authCred - authentication credential that contains - * an usrgrp.Certificates of the user (agent) + * called by other subsystems or their servlets to authenticate users + * (agents) + * + * @param authCred - authentication credential that contains an + * usrgrp.Certificates of the user (agent) * @return the authentication token that contains the following - * + * * @exception EMissingCredential If a required credential for this - * authentication manager is missing. + * authentication manager is missing. * @exception EInvalidCredentials If credentials cannot be authenticated. * @exception EBaseException If an internal error occurred. * @see com.netscape.certsrv.authentication.AuthToken * @see com.netscape.certsrv.usrgrp.Certificates */ public IAuthToken authenticate(IAuthCredentials authCred) - throws EMissingCredential, EInvalidCredentials, EBaseException { - + throws EMissingCredential, EInvalidCredentials, EBaseException { + CMS.debug("AgentCertAuthentication: start"); - CMS.debug("authenticator instance name is "+getName()); + CMS.debug("authenticator instance name is " + getName()); // force SSL handshake SessionContext context = SessionContext.getExistingContext(); ISSLClientCertProvider provider = (ISSLClientCertProvider) - context.get("sslClientCertProvider"); + context.get("sslClientCertProvider"); if (provider == null) { CMS.debug("AgentCertAuthentication: No SSL Client Cert Provider Found"); @@ -185,15 +184,15 @@ public class AgentCertAuthentication implements IAuthManager, // check if certificate(s) is revoked boolean checkRevocation = true; try { - checkRevocation = mConfig.getBoolean("checkRevocation", true); + checkRevocation = mConfig.getBoolean("checkRevocation", true); } catch (EBaseException e) { - // do nothing; default to true + // do nothing; default to true } if (checkRevocation) { - if (CMS.isRevoked(ci)) { - CMS.debug("AgentCertAuthentication: certificate revoked"); - throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); - } + if (CMS.isRevoked(ci)) { + CMS.debug("AgentCertAuthentication: certificate revoked"); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + } } // map cert to user @@ -205,11 +204,11 @@ public class AgentCertAuthentication implements IAuthManager, } catch (EUsrGrpException e) { throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } catch (netscape.ldap.LDAPException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } - // any unexpected error occurs like internal db down, + // any unexpected error occurs like internal db down, // UGSubsystem only returns null for user. if (user == null) { throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); @@ -219,16 +218,16 @@ public class AgentCertAuthentication implements IAuthManager, IConfigStore sconfig = CMS.getConfigStore(); String groupname = ""; try { - groupname = sconfig.getString("auths.instance."+ getName() +".agentGroup", - ""); + groupname = sconfig.getString("auths.instance." + getName() + ".agentGroup", + ""); } catch (EBaseException ee) { } if (!groupname.equals("")) { - CMS.debug("check if "+user.getUserID()+" is in group "+groupname); - IUGSubsystem uggroup = (IUGSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_UG); + CMS.debug("check if " + user.getUserID() + " is in group " + groupname); + IUGSubsystem uggroup = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); if (!uggroup.isMemberOf(user, groupname)) { - CMS.debug(user.getUserID()+" is not in this group "+groupname); + CMS.debug(user.getUserID() + " is not in this group " + groupname); throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHORIZATION_ERROR")); } } @@ -237,7 +236,7 @@ public class AgentCertAuthentication implements IAuthManager, authToken.set(TOKEN_USERID, user.getUserID()); authToken.set(TOKEN_UID, user.getUserID()); authToken.set(TOKEN_GROUP, groupname); - authToken.set(CRED_CERT, certs); + authToken.set(CRED_CERT, certs); CMS.debug("AgentCertAuthentication: authenticated " + user.getUserDN()); @@ -245,11 +244,12 @@ public class AgentCertAuthentication implements IAuthManager, } /** - * get the list of authentication credential attribute names - * required by this authentication manager. Generally used by - * the servlets that handle agent operations to authenticate its - * users. It calls this method to know which are the - * required credentials from the user (e.g. Javascript form data) + * get the list of authentication credential attribute names required by + * this authentication manager. Generally used by the servlets that handle + * agent operations to authenticate its users. It calls this method to know + * which are the required credentials from the user (e.g. Javascript form + * data) + * * @return attribute names in Vector */ public String[] getRequiredCreds() { @@ -257,15 +257,15 @@ public class AgentCertAuthentication implements IAuthManager, } /** - * get the list of configuration parameter names - * required by this authentication manager. Generally used by - * the Certificate Server Console to display the table for - * configuration purposes. CertUserDBAuthentication is currently not - * exposed in this case, so this method is not to be used. - * @return configuration parameter names in Hashtable of Vectors - * where each hashtable entry's key is the substore name, value is a - * Vector of parameter names. If no substore, the parameter name - * is the Hashtable key itself, with value same as key. + * get the list of configuration parameter names required by this + * authentication manager. Generally used by the Certificate Server Console + * to display the table for configuration purposes. CertUserDBAuthentication + * is currently not exposed in this case, so this method is not to be used. + * + * @return configuration parameter names in Hashtable of Vectors where each + * hashtable entry's key is the substore name, value is a Vector of + * parameter names. If no substore, the parameter name is the + * Hashtable key itself, with value same as key. */ public String[] getConfigParams() { return (mConfigParams); @@ -278,8 +278,8 @@ public class AgentCertAuthentication implements IAuthManager, } /** - * gets the configuretion substore used by this authentication - * manager + * gets the configuretion substore used by this authentication manager + * * @return configuration store */ public IConfigStore getConfigStore() { @@ -289,7 +289,7 @@ public class AgentCertAuthentication implements IAuthManager, // Profile-related methods public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { } /** @@ -318,14 +318,13 @@ public class AgentCertAuthentication implements IAuthManager, } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { return null; } public void populate(IAuthToken token, IRequest request) - throws EProfileException { + throws EProfileException { } } diff --git a/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java b/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java index fef68c1c..a499796a 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java +++ b/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java @@ -20,7 +20,6 @@ package com.netscape.cms.authentication; - /////////////////////// // import statements // /////////////////////// @@ -101,142 +100,137 @@ import com.netscape.cmsutil.util.Utils; /** * UID/CMC authentication plug-in * <P> - * + * * @version $Revision$, $Date$ */ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, IProfileAuthenticator { - //////////////////////// + // ////////////////////// // default parameters // - //////////////////////// - - - - ///////////////////////////// + // ////////////////////// + + // /////////////////////////// // IAuthManager parameters // - ///////////////////////////// - + // /////////////////////////// + /* authentication plug-in configuration store */ private IConfigStore mConfig; private static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----"; private static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----"; - public static final String TOKEN_CERT_SERIAL = "certSerialToRevoke"; + public static final String TOKEN_CERT_SERIAL = "certSerialToRevoke"; public static final String REASON_CODE = "reasonCode"; /* authentication plug-in name */ private String mImplName = null; - + /* authentication plug-in instance name */ private String mName = null; - + /* authentication plug-in fields */ - - - - /* Holds authentication plug-in fields accepted by this implementation. - * This list is passed to the configuration console so configuration - * for instances of this implementation can be configured through the - * console. + + /* + * Holds authentication plug-in fields accepted by this implementation. This + * list is passed to the configuration console so configuration for + * instances of this implementation can be configured through the console. */ protected static String[] mConfigParams = - new String[] {}; - + new String[] {}; + /* authentication plug-in values */ - + /* authentication plug-in properties */ - - + /* required credentials to authenticate. UID and CMC are strings. */ public static final String CRED_CMC = "cmcRequest"; - + protected static String[] mRequiredCreds = {}; - - //////////////////////////////////// + + // ////////////////////////////////// // IExtendedPluginInfo parameters // - //////////////////////////////////// - + // ////////////////////////////////// + /* Vector of extendedPluginInfo strings */ protected static Vector mExtendedPluginInfo = null; - //public static final String AGENT_AUTHMGR_ID = "agentAuthMgr"; - //public static final String AGENT_PLUGIN_ID = "agentAuthPlugin"; - - + // public static final String AGENT_AUTHMGR_ID = "agentAuthMgr"; + // public static final String AGENT_PLUGIN_ID = "agentAuthPlugin"; + /* actual help messages */ static { mExtendedPluginInfo = new Vector(); - + mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT + - ";Authenticate the CMC request. The signer must be an agent. The \"Authentication Instance ID\" must be named \"CMCAuth\""); + ";Authenticate the CMC request. The signer must be an agent. The \"Authentication Instance ID\" must be named \"CMCAuth\""); mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-authentication"); + ";configuration-authentication"); } - - /////////////////////// + + // ///////////////////// // Logger parameters // - /////////////////////// - + // ///////////////////// + /* the system's logger */ private ILogger mLogger = CMS.getLogger(); - + /* signed audit parameters */ private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static String SIGNED_AUDIT_ENROLLMENT_REQUEST_TYPE = - "enrollment"; + "enrollment"; private final static String SIGNED_AUDIT_REVOCATION_REQUEST_TYPE = - "revocation"; - private final static String - LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY = - "LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY_5"; + "revocation"; + private final static String LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY = + "LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY_5"; - ///////////////////// + // /////////////////// // default methods // - ///////////////////// - + // /////////////////// + /** * Default constructor, initialization must follow. */ public CMCAuth() { } - - ////////////////////////// + + // //////////////////////// // IAuthManager methods // - ////////////////////////// - + // //////////////////////// + /** * Initializes the CMCAuth authentication plug-in. * <p> + * * @param name The name for this authentication plug-in instance. * @param implName The name of the authentication plug-in. * @param config - The configuration store for this instance. * @exception EBaseException If an error occurs during initialization. */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; - + log(ILogger.LL_INFO, "Initialization complete!"); } - + /** - * Authenticates user by their CMC; - * resulting AuthToken sets a TOKEN_SUBJECT for the subject name. + * Authenticates user by their CMC; resulting AuthToken sets a TOKEN_SUBJECT + * for the subject name. * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY - * used when CMC (agent-pre-signed) cert requests or revocation requests - * are submitted and signature is verified + * <li>signed.audit LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY used + * when CMC (agent-pre-signed) cert requests or revocation requests are + * submitted and signature is verified * </ul> + * * @param authCred Authentication credentials, CRED_UID and CRED_CMC. * @return an AuthToken - * @exception com.netscape.certsrv.authentication.EMissingCredential - * If a required authentication credential is missing. - * @exception com.netscape.certsrv.authentication.EInvalidCredentials - * If credentials failed authentication. - * @exception com.netscape.certsrv.base.EBaseException - * If an internal error occurred. + * @exception com.netscape.certsrv.authentication.EMissingCredential If a + * required authentication credential is missing. + * @exception com.netscape.certsrv.authentication.EInvalidCredentials If + * credentials failed authentication. + * @exception com.netscape.certsrv.base.EBaseException If an internal error + * occurred. * @see com.netscape.certsrv.authentication.AuthToken */ public IAuthToken authenticate(IAuthCredentials authCred) throws EMissingCredential, EInvalidCredentials, EBaseException { @@ -245,13 +239,13 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, String auditReqType = ILogger.UNIDENTIFIED; String auditCertSubject = ILogger.UNIDENTIFIED; String auditSignerInfo = ILogger.UNIDENTIFIED; - + // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { // get the CMC. - Object argblock = (Object)(authCred.getArgBlock()); + Object argblock = (Object) (authCred.getArgBlock()); Object returnVal = null; if (argblock == null) { returnVal = authCred.get("cert_request"); @@ -266,140 +260,139 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, if (cmc == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, - auditSubjectID, - ILogger.FAILURE, - auditReqType, - auditCertSubject, - auditSignerInfo ); + LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, + auditSubjectID, + ILogger.FAILURE, + auditReqType, + auditCertSubject, + auditSignerInfo); - audit( auditMessage ); + audit(auditMessage); throw new EMissingCredential(CMS.getUserMessage( - "CMS_AUTHENTICATION_NULL_CREDENTIAL",CRED_CMC)); + "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC)); } if (cmc.equals("")) { log(ILogger.LL_FAILURE, - "cmc : attempted login with empty CMC."); + "cmc : attempted login with empty CMC."); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, - auditSubjectID, - ILogger.FAILURE, - auditReqType, - auditCertSubject, - auditSignerInfo ); + LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, + auditSubjectID, + ILogger.FAILURE, + auditReqType, + auditCertSubject, + auditSignerInfo); - audit( auditMessage ); + audit(auditMessage); throw new EInvalidCredentials(CMS.getUserMessage( - "CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + "CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } - + // authenticate by checking CMC. - + // everything OK. // now formulate the certificate info. // set the subject name at a minimum. // set anything else like version, extensions, etc. // if nothing except subject name is set the rest of // cert info will be filled in by policies and CA defaults. - + AuthToken authToken = new AuthToken(this); - + try { String asciiBASE64Blob; - + int startIndex = cmc.indexOf(HEADER); int endIndex = cmc.indexOf(TRAILER); - if (startIndex!= -1 && endIndex!=-1) { + if (startIndex != -1 && endIndex != -1) { startIndex = startIndex + HEADER.length(); - asciiBASE64Blob=cmc.substring(startIndex, endIndex); - }else + asciiBASE64Blob = cmc.substring(startIndex, endIndex); + } else asciiBASE64Blob = cmc; - byte[] cmcBlob = CMS.AtoB(asciiBASE64Blob); - ByteArrayInputStream cmcBlobIn= new + ByteArrayInputStream cmcBlobIn = new ByteArrayInputStream(cmcBlob); - + org.mozilla.jss.pkix.cms.ContentInfo cmcReq = - (org.mozilla.jss.pkix.cms.ContentInfo) - org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode( - cmcBlobIn); + (org.mozilla.jss.pkix.cms.ContentInfo) + org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode( + cmcBlobIn); - if(!cmcReq.getContentType().equals( - org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) || - !cmcReq.hasContent()) { + if (!cmcReq.getContentType().equals( + org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) || + !cmcReq.hasContent()) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, - auditSubjectID, - ILogger.FAILURE, - auditReqType, - auditCertSubject, - auditSignerInfo ); + LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, + auditSubjectID, + ILogger.FAILURE, + auditReqType, + auditCertSubject, + auditSignerInfo); - audit( auditMessage ); + audit(auditMessage); // throw new ECMSGWException(CMSGWResources.NO_CMC_CONTENT); throw new EBaseException("NO_CMC_CONTENT"); } - + SignedData cmcFullReq = (SignedData) cmcReq.getInterpretedContent(); - + IConfigStore cmc_config = CMS.getConfigStore(); boolean checkSignerInfo = - cmc_config.getBoolean("cmc.signerInfo.verify", true); + cmc_config.getBoolean("cmc.signerInfo.verify", true); String userid = "defUser"; String uid = "defUser"; if (checkSignerInfo) { - IAuthToken agentToken = verifySignerInfo(authToken,cmcFullReq); + IAuthToken agentToken = verifySignerInfo(authToken, cmcFullReq); userid = agentToken.getInString("userid"); uid = agentToken.getInString("cn"); } else { CMS.debug("CMCAuth: authenticate() signerInfo verification bypassed"); } // reset value of auditSignerInfo - if( uid != null ) { + if (uid != null) { auditSignerInfo = uid.trim(); } EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); - + OBJECT_IDENTIFIER id = ci.getContentType(); if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) || - !ci.hasContent()) { + !ci.hasContent()) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, - auditSubjectID, - ILogger.FAILURE, - auditReqType, - auditCertSubject, - auditSignerInfo ); + LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, + auditSubjectID, + ILogger.FAILURE, + auditReqType, + auditCertSubject, + auditSignerInfo); - audit( auditMessage ); + audit(auditMessage); - // throw new ECMSGWException( + // throw new ECMSGWException( // CMSGWResources.NO_PKIDATA); throw new EBaseException("NO_PKIDATA"); } - + OCTET_STRING content = ci.getContent(); - + ByteArrayInputStream s = new - ByteArrayInputStream(content.toByteArray()); + ByteArrayInputStream(content.toByteArray()); PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s); - + SEQUENCE reqSequence = pkiData.getReqSequence(); - + int numReqs = reqSequence.size(); if (numReqs == 0) { @@ -414,14 +407,14 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, if (controlSize > 0) { for (int i = 0; i < controlSize; i++) { TaggedAttribute taggedAttribute = - (TaggedAttribute) controlSequence.elementAt(i); + (TaggedAttribute) controlSequence.elementAt(i); OBJECT_IDENTIFIER type = taggedAttribute.getType(); - if( type.equals( - OBJECT_IDENTIFIER.id_cmc_revokeRequest)) { + if (type.equals( + OBJECT_IDENTIFIER.id_cmc_revokeRequest)) { // if( i ==1 ) { - // taggedAttribute.getType() == - // OBJECT_IDENTIFIER.id_cmc_revokeRequest + // taggedAttribute.getType() == + // OBJECT_IDENTIFIER.id_cmc_revokeRequest // } SET values = taggedAttribute.getValues(); @@ -430,50 +423,48 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, bigIntArray = new BigInteger[numVals]; for (int j = 0; j < numVals; j++) { - // serialNumber INTEGER - + // serialNumber INTEGER + // SEQUENCE RevRequest = (SEQUENCE) - // values.elementAt(j); + // values.elementAt(j); byte[] encoded = ASN1Util.encode( - values.elementAt(j)); - org.mozilla.jss.asn1.ASN1Template - template = new - org.mozilla.jss.pkix.cmmf.RevRequest.Template(); - org.mozilla.jss.pkix.cmmf.RevRequest - revRequest = - (org.mozilla.jss.pkix.cmmf.RevRequest) - ASN1Util.decode(template, encoded); - + values.elementAt(j)); + org.mozilla.jss.asn1.ASN1Template template = new + org.mozilla.jss.pkix.cmmf.RevRequest.Template(); + org.mozilla.jss.pkix.cmmf.RevRequest revRequest = + (org.mozilla.jss.pkix.cmmf.RevRequest) + ASN1Util.decode(template, encoded); + // SEQUENCE RevRequest = (SEQUENCE) - // ASN1Util.decode( - // SEQUENCE.getTemplate(), - // ASN1Util.encode( - // values.elementAt(j))); + // ASN1Util.decode( + // SEQUENCE.getTemplate(), + // ASN1Util.encode( + // values.elementAt(j))); // SEQUENCE RevRequest = - // values.elementAt(j); + // values.elementAt(j); // int revReqSize = RevRequest.size(); // if( revReqSize > 3 ) { - // INTEGER serialNumber = - // new INTEGER((long)0); + // INTEGER serialNumber = + // new INTEGER((long)0); // } INTEGER temp = revRequest.getSerialNumber(); int temp2 = temp.intValue(); - + bigIntArray[j] = temp; - authToken.set(TOKEN_CERT_SERIAL,bigIntArray); - + authToken.set(TOKEN_CERT_SERIAL, bigIntArray); + long reasonCode = revRequest.getReason().getValue(); - Integer IntObject = Integer.valueOf((int)reasonCode); - authToken.set(REASON_CODE,IntObject); - - authToken.set("uid",uid); - authToken.set("userid",userid); + Integer IntObject = Integer.valueOf((int) reasonCode); + authToken.set(REASON_CODE, IntObject); + + authToken.set("uid", uid); + authToken.set("userid", userid); } } } - + } } else { // enrollment request @@ -487,48 +478,48 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, for (int i = 0; i < numReqs; i++) { // decode message. TaggedRequest taggedRequest = - (TaggedRequest) reqSequence.elementAt(i); + (TaggedRequest) reqSequence.elementAt(i); TaggedRequest.Type type = taggedRequest.getType(); if (type.equals(TaggedRequest.PKCS10)) { CMS.debug("CMCAuth: in PKCS10"); TaggedCertificationRequest tcr = - taggedRequest.getTcr(); + taggedRequest.getTcr(); int p10Id = tcr.getBodyPartID().intValue(); reqIdArray[i] = String.valueOf(p10Id); CertificationRequest p10 = - tcr.getCertificationRequest(); + tcr.getCertificationRequest(); // transfer to sun class ByteArrayOutputStream ostream = - new ByteArrayOutputStream(); + new ByteArrayOutputStream(); p10.encode(ostream); try { PKCS10 pkcs10 = - new PKCS10(ostream.toByteArray()); + new PKCS10(ostream.toByteArray()); // xxx do we need to do anything else? X509CertInfo certInfo = - CMS.getDefaultX509CertInfo(); + CMS.getDefaultX509CertInfo(); // fillPKCS10(certInfo,pkcs10,authToken,null); // authToken.set( - // pkcs10.getSubjectPublicKeyInfo()); + // pkcs10.getSubjectPublicKeyInfo()); X500Name tempName = pkcs10.getSubjectName(); // reset value of auditCertSubject - if( tempName != null ) { + if (tempName != null) { auditCertSubject = - tempName.toString().trim(); - if( auditCertSubject.equals( "" ) ) { + tempName.toString().trim(); + if (auditCertSubject.equals("")) { auditCertSubject = - ILogger.SIGNED_AUDIT_EMPTY_VALUE; + ILogger.SIGNED_AUDIT_EMPTY_VALUE; } authToken.set(AuthToken.TOKEN_CERT_SUBJECT, tempName.toString()); @@ -541,19 +532,19 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, - auditSubjectID, - ILogger.FAILURE, - auditReqType, - auditCertSubject, - auditSignerInfo ); + LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, + auditSubjectID, + ILogger.FAILURE, + auditReqType, + auditCertSubject, + auditSignerInfo); - audit( auditMessage ); + audit(auditMessage); - //throw new ECMSGWException( - //CMSGWResources.ERROR_PKCS101, e.toString()); + // throw new ECMSGWException( + // CMSGWResources.ERROR_PKCS101, e.toString()); - e.printStackTrace(); + e.printStackTrace(); throw new EBaseException(e.toString()); } } else if (type.equals(TaggedRequest.CRMF)) { @@ -561,7 +552,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, CMS.debug("CMCAuth: in CRMF"); try { CertReqMsg crm = - taggedRequest.getCrm(); + taggedRequest.getCrm(); CertRequest certReq = crm.getCertReq(); INTEGER reqID = certReq.getCertReqId(); reqIdArray[i] = reqID.toString(); @@ -570,16 +561,16 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, // xxx do we need to do anything else? X509CertInfo certInfo = - CMS.getDefaultX509CertInfo(); + CMS.getDefaultX509CertInfo(); // reset value of auditCertSubject - if( name != null ) { + if (name != null) { String ss = name.getRFC1485(); auditCertSubject = ss; - if( auditCertSubject.equals( "" ) ) { + if (auditCertSubject.equals("")) { auditCertSubject = - ILogger.SIGNED_AUDIT_EMPTY_VALUE; + ILogger.SIGNED_AUDIT_EMPTY_VALUE; } authToken.set(AuthToken.TOKEN_CERT_SUBJECT, ss); @@ -590,17 +581,17 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, - auditSubjectID, - ILogger.FAILURE, - auditReqType, - auditCertSubject, - auditSignerInfo ); + LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, + auditSubjectID, + ILogger.FAILURE, + auditReqType, + auditCertSubject, + auditSignerInfo); - audit( auditMessage ); + audit(auditMessage); - //throw new ECMSGWException( - //CMSGWResources.ERROR_PKCS101, e.toString()); + // throw new ECMSGWException( + // CMSGWResources.ERROR_PKCS101, e.toString()); e.printStackTrace(); throw new EBaseException(e.toString()); @@ -608,141 +599,144 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, } // authToken.set(AgentAuthentication.CRED_CERT, new - // com.netscape.certsrv.usrgrp.Certificates( - // x509Certs)); + // com.netscape.certsrv.usrgrp.Certificates( + // x509Certs)); } } } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, - auditSubjectID, - ILogger.FAILURE, - auditReqType, - auditCertSubject, - auditSignerInfo ); + LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, + auditSubjectID, + ILogger.FAILURE, + auditReqType, + auditCertSubject, + auditSignerInfo); - audit( auditMessage ); + audit(auditMessage); - //Debug.printStackTrace(e); + // Debug.printStackTrace(e); throw new EInvalidCredentials(CMS.getUserMessage( - "CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + "CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } - + // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, - auditSubjectID, - ILogger.SUCCESS, - auditReqType, - auditCertSubject, - auditSignerInfo ); + LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, + auditSubjectID, + ILogger.SUCCESS, + auditReqType, + auditCertSubject, + auditSignerInfo); - audit( auditMessage ); + audit(auditMessage); return authToken; - } catch( EMissingCredential eAudit1 ) { + } catch (EMissingCredential eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, - auditSubjectID, - ILogger.FAILURE, - auditReqType, - auditCertSubject, - auditSignerInfo ); + LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, + auditSubjectID, + ILogger.FAILURE, + auditReqType, + auditCertSubject, + auditSignerInfo); - audit( auditMessage ); + audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; - } catch( EInvalidCredentials eAudit2 ) { + } catch (EInvalidCredentials eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, - auditSubjectID, - ILogger.FAILURE, - auditReqType, - auditCertSubject, - auditSignerInfo ); + LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, + auditSubjectID, + ILogger.FAILURE, + auditReqType, + auditCertSubject, + auditSignerInfo); - audit( auditMessage ); + audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - } catch( EBaseException eAudit3 ) { + } catch (EBaseException eAudit3) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, - auditSubjectID, - ILogger.FAILURE, - auditReqType, - auditCertSubject, - auditSignerInfo ); + LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, + auditSubjectID, + ILogger.FAILURE, + auditReqType, + auditCertSubject, + auditSignerInfo); - audit( auditMessage ); + audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit3; } } - + /** - * Returns a list of configuration parameter names. - * The list is passed to the configuration console so instances of - * this implementation can be configured through the console. + * Returns a list of configuration parameter names. The list is passed to + * the configuration console so instances of this implementation can be + * configured through the console. * <p> + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { return (mConfigParams); } - + /** - * gets the configuration substore used by this authentication - * plug-in + * gets the configuration substore used by this authentication plug-in * <p> + * * @return configuration store */ public IConfigStore getConfigStore() { return mConfig; } - + /** * gets the plug-in name of this authentication plug-in. */ public String getImplName() { return mImplName; } - + /** * gets the name of this authentication plug-in instance */ public String getName() { return mName; } - + /** * get the list of required credentials. * <p> + * * @return list of required credentials as strings. */ public String[] getRequiredCreds() { return (mRequiredCreds); } - + /** * prepares for shutdown. */ public void shutdown() { } - - ///////////////////////////////// + + // /////////////////////////////// // IExtendedPluginInfo methods // - ///////////////////////////////// - + // /////////////////////////////// + /** * Activate the help system. * <p> + * * @return help messages */ public String[] getExtendedPluginInfo() { @@ -755,14 +749,15 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, } return s; } - - //////////////////// + + // ////////////////// // Logger methods // - //////////////////// - + // ////////////////// + /** * Logs a message for this class in the system log file. * <p> + * * @param level The log level. * @param msg The message to log. * @see com.netscape.certsrv.logging.ILogger @@ -771,45 +766,46 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, - level, "CMC Authentication: " + msg); + level, "CMC Authentication: " + msg); } - - protected IAuthToken verifySignerInfo(AuthToken authToken,SignedData cmcFullReq) throws EInvalidCredentials { - + + protected IAuthToken verifySignerInfo(AuthToken authToken, SignedData cmcFullReq) throws EInvalidCredentials { + EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); OBJECT_IDENTIFIER id = ci.getContentType(); OCTET_STRING content = ci.getContent(); - + try { ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray()); PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s); - + SET dais = cmcFullReq.getDigestAlgorithmIdentifiers(); int numDig = dais.size(); Hashtable digs = new Hashtable(); - //if request key is used for signing, there MUST be only one signerInfo - //object in the signedData object. + // if request key is used for signing, there MUST be only one + // signerInfo + // object in the signedData object. for (int i = 0; i < numDig; i++) { AlgorithmIdentifier dai = - (AlgorithmIdentifier) dais.elementAt(i); + (AlgorithmIdentifier) dais.elementAt(i); String name = - DigestAlgorithm.fromOID(dai.getOID()).toString(); - + DigestAlgorithm.fromOID(dai.getOID()).toString(); + MessageDigest md = - MessageDigest.getInstance(name); - + MessageDigest.getInstance(name); + byte[] digest = md.digest(content.toByteArray()); digs.put(name, digest); } - + SET sis = cmcFullReq.getSignerInfos(); int numSis = sis.size(); - + for (int i = 0; i < numSis; i++) { org.mozilla.jss.pkix.cms.SignerInfo si = (org.mozilla.jss.pkix.cms.SignerInfo) sis.elementAt(i); - + String name = si.getDigestAlgorithm().toString(); byte[] digest = (byte[]) digs.get(name); @@ -819,9 +815,9 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, pkiData.encode((OutputStream) ostream); digest = md.digest(ostream.toByteArray()); - + } - // signed by previously certified signature key + // signed by previously certified signature key SignerIdentifier sid = si.getSignerIdentifier(); if (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) { @@ -833,30 +829,30 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, SET certs = cmcFullReq.getCertificates(); int numCerts = certs.size(); java.security.cert.X509Certificate[] x509Certs = new java.security.cert.X509Certificate[1]; - byte[] certByteArray = new byte[0]; - for (int j = 0; j < numCerts; j++) { + byte[] certByteArray = new byte[0]; + for (int j = 0; j < numCerts; j++) { Certificate certJss = (Certificate) certs.elementAt(j); CertificateInfo certI = certJss.getInfo(); Name issuer = certI.getIssuer(); - + byte[] issuerB = ASN1Util.encode(issuer); - INTEGER sn = certI.getSerialNumber(); - // if this cert is the signer cert, not a cert in the chain + INTEGER sn = certI.getSerialNumber(); + // if this cert is the signer cert, not a cert in + // the chain if (new String(issuerB).equals(new String(ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) - && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString()) ) - { + && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { ByteArrayOutputStream os = new - ByteArrayOutputStream(); + ByteArrayOutputStream(); certJss.encode(os); - certByteArray = os.toByteArray(); - + certByteArray = os.toByteArray(); + X509CertImpl tempcert = new X509CertImpl(os.toByteArray()); cert = tempcert; x509Certs[0] = cert; - // xxx validate the cert length - + // xxx validate the cert length + } } CMS.debug("CMCAuth: start checking signature"); @@ -880,38 +876,38 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, si.verify(digest, id, pubK); } CMS.debug("CMCAuth: finished checking signature"); - // verify signer's certificate using the revocator - CryptoManager cm = CryptoManager.getInstance(); - if( ! cm.isCertValid( certByteArray, true,CryptoManager.CertUsage.SSLClient) ) + // verify signer's certificate using the revocator + CryptoManager cm = CryptoManager.getInstance(); + if (!cm.isCertValid(certByteArray, true, CryptoManager.CertUsage.SSLClient)) throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); - // authenticate signer's certificate using the userdb + // authenticate signer's certificate using the userdb IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); - - IAuthManager agentAuth = authSS.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);//AGENT_AUTHMGR_ID); - IAuthCredentials agentCred = new com.netscape.certsrv.authentication.AuthCredentials(); - + + IAuthManager agentAuth = authSS.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);// AGENT_AUTHMGR_ID); + IAuthCredentials agentCred = new com.netscape.certsrv.authentication.AuthCredentials(); + agentCred.set(IAuthManager.CRED_SSL_CLIENT_CERT, x509Certs); - + IAuthToken tempToken = agentAuth.authenticate(agentCred); netscape.security.x509.X500Name tempPrincipal = (X500Name) x509Certs[0].getSubjectDN(); - String CN = (String) tempPrincipal.getCommonName();//tempToken.get("userid"); - - BigInteger agentCertSerial = x509Certs[0].getSerialNumber(); - authToken.set(IAuthManager.CRED_SSL_CLIENT_CERT,agentCertSerial.toString()); - tempToken.set("cn",CN); + String CN = (String) tempPrincipal.getCommonName();// tempToken.get("userid"); + + BigInteger agentCertSerial = x509Certs[0].getSerialNumber(); + authToken.set(IAuthManager.CRED_SSL_CLIENT_CERT, agentCertSerial.toString()); + tempToken.set("cn", CN); return tempToken; - + } // find from internaldb if it's ca. (ra does not have that.) // find from internaldb usrgrp info - + // find from certDB - si.verify(digest, id); - - } // + si.verify(digest, id); + + } // } - }catch (InvalidBERException e) { + } catch (InvalidBERException e) { CMS.debug("CMCAuth: " + e.toString()); } catch (IOException e) { CMS.debug("CMCAuth: " + e.toString()); @@ -919,7 +915,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } return (IAuthToken) null; - + } public String[] getExtendedPluginInfo(Locale locale) { @@ -929,22 +925,20 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, // Profile-related methods public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { } /** * Retrieves the localizable name of this policy. */ - public String getName(Locale locale) - { + public String getName(Locale locale) { return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_CMS_SIGN_NAME"); } /** * Retrieves the localizable description of this policy. */ - public String getText(Locale locale) - { + public String getText(Locale locale) { return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_CMS_SIGN_TEXT"); } @@ -962,19 +956,18 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(CRED_CMC)) { return new Descriptor(IDescriptor.STRING_LIST, null, null, - "CMC request"); + "CMC request"); } return null; } public void populate(IAuthToken token, IRequest request) - throws EProfileException { + throws EProfileException { request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, token.getInString(AuthToken.TOKEN_CERT_SUBJECT)); } @@ -985,10 +978,10 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, /** * Signed Audit Log - * + * * This method is called to store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ private void audit(String msg) { @@ -1000,19 +993,19 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Subject ID - * - * This method is called to obtain the "SubjectID" for - * a signed audit log message. + * + * This method is called to obtain the "SubjectID" for a signed audit log + * message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ private String auditSubjectID() { @@ -1042,4 +1035,3 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, return subjectID; } } - diff --git a/pki/base/common/src/com/netscape/cms/authentication/Crypt.java b/pki/base/common/src/com/netscape/cms/authentication/Crypt.java index 95012039..db4fda5f 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/Crypt.java +++ b/pki/base/common/src/com/netscape/cms/authentication/Crypt.java @@ -17,151 +17,150 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - public class Crypt { // Static data: static byte[] - IP = // Initial permutation - { - 58, 50, 42, 34, 26, 18, 10, 2, - 60, 52, 44, 36, 28, 20, 12, 4, - 62, 54, 46, 38, 30, 22, 14, 6, - 64, 56, 48, 40, 32, 24, 16, 8, - 57, 49, 41, 33, 25, 17, 9, 1, - 59, 51, 43, 35, 27, 19, 11, 3, - 61, 53, 45, 37, 29, 21, 13, 5, - 63, 55, 47, 39, 31, 23, 15, 7 + IP = // Initial permutation + { + 58, 50, 42, 34, 26, 18, 10, 2, + 60, 52, 44, 36, 28, 20, 12, 4, + 62, 54, 46, 38, 30, 22, 14, 6, + 64, 56, 48, 40, 32, 24, 16, 8, + 57, 49, 41, 33, 25, 17, 9, 1, + 59, 51, 43, 35, 27, 19, 11, 3, + 61, 53, 45, 37, 29, 21, 13, 5, + 63, 55, 47, 39, 31, 23, 15, 7 }, - FP = // Final permutation, FP = IP^(-1) - { - 40, 8, 48, 16, 56, 24, 64, 32, - 39, 7, 47, 15, 55, 23, 63, 31, - 38, 6, 46, 14, 54, 22, 62, 30, - 37, 5, 45, 13, 53, 21, 61, 29, - 36, 4, 44, 12, 52, 20, 60, 28, - 35, 3, 43, 11, 51, 19, 59, 27, - 34, 2, 42, 10, 50, 18, 58, 26, - 33, 1, 41, 9, 49, 17, 57, 25 + FP = // Final permutation, FP = IP^(-1) + { + 40, 8, 48, 16, 56, 24, 64, 32, + 39, 7, 47, 15, 55, 23, 63, 31, + 38, 6, 46, 14, 54, 22, 62, 30, + 37, 5, 45, 13, 53, 21, 61, 29, + 36, 4, 44, 12, 52, 20, 60, 28, + 35, 3, 43, 11, 51, 19, 59, 27, + 34, 2, 42, 10, 50, 18, 58, 26, + 33, 1, 41, 9, 49, 17, 57, 25 }, - // Permuted-choice 1 from the key bits to yield C and D. - // Note that bits 8,16... are left out: - // They are intended for a parity check. - PC1_C = + // Permuted-choice 1 from the key bits to yield C and D. + // Note that bits 8,16... are left out: + // They are intended for a parity check. + PC1_C = { - 57, 49, 41, 33, 25, 17, 9, - 1, 58, 50, 42, 34, 26, 18, - 10, 2, 59, 51, 43, 35, 27, - 19, 11, 3, 60, 52, 44, 36 + 57, 49, 41, 33, 25, 17, 9, + 1, 58, 50, 42, 34, 26, 18, + 10, 2, 59, 51, 43, 35, 27, + 19, 11, 3, 60, 52, 44, 36 }, - PC1_D = + PC1_D = { - 63, 55, 47, 39, 31, 23, 15, - 7, 62, 54, 46, 38, 30, 22, - 14, 6, 61, 53, 45, 37, 29, - 21, 13, 5, 28, 20, 12, 4 + 63, 55, 47, 39, 31, 23, 15, + 7, 62, 54, 46, 38, 30, 22, + 14, 6, 61, 53, 45, 37, 29, + 21, 13, 5, 28, 20, 12, 4 }, - shifts = // Sequence of shifts used for the key schedule. - { - 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 + shifts = // Sequence of shifts used for the key schedule. + { + 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 }, - // Permuted-choice 2, to pick out the bits from - // the CD array that generate the key schedule. - PC2_C = + // Permuted-choice 2, to pick out the bits from + // the CD array that generate the key schedule. + PC2_C = { - 14, 17, 11, 24, 1, 5, - 3, 28, 15, 6, 21, 10, - 23, 19, 12, 4, 26, 8, - 16, 7, 27, 20, 13, 2 + 14, 17, 11, 24, 1, 5, + 3, 28, 15, 6, 21, 10, + 23, 19, 12, 4, 26, 8, + 16, 7, 27, 20, 13, 2 }, - PC2_D = + PC2_D = { - 41, 52, 31, 37, 47, 55, - 30, 40, 51, 45, 33, 48, - 44, 49, 39, 56, 34, 53, - 46, 42, 50, 36, 29, 32 + 41, 52, 31, 37, 47, 55, + 30, 40, 51, 45, 33, 48, + 44, 49, 39, 56, 34, 53, + 46, 42, 50, 36, 29, 32 }, - e2 = // The E-bit selection table. (see E below) - { - 32, 1, 2, 3, 4, 5, - 4, 5, 6, 7, 8, 9, - 8, 9, 10, 11, 12, 13, - 12, 13, 14, 15, 16, 17, - 16, 17, 18, 19, 20, 21, - 20, 21, 22, 23, 24, 25, - 24, 25, 26, 27, 28, 29, - 28, 29, 30, 31, 32, 1 + e2 = // The E-bit selection table. (see E below) + { + 32, 1, 2, 3, 4, 5, + 4, 5, 6, 7, 8, 9, + 8, 9, 10, 11, 12, 13, + 12, 13, 14, 15, 16, 17, + 16, 17, 18, 19, 20, 21, + 20, 21, 22, 23, 24, 25, + 24, 25, 26, 27, 28, 29, + 28, 29, 30, 31, 32, 1 }, - // P is a permutation on the selected combination of - // the current L and key. - P = + // P is a permutation on the selected combination of + // the current L and key. + P = { - 16, 7, 20, 21, - 29, 12, 28, 17, - 1, 15, 23, 26, - 5, 18, 31, 10, - 2, 8, 24, 14, - 32, 27, 3, 9, - 19, 13, 30, 6, - 22, 11, 4, 25 + 16, 7, 20, 21, + 29, 12, 28, 17, + 1, 15, 23, 26, + 5, 18, 31, 10, + 2, 8, 24, 14, + 32, 27, 3, 9, + 19, 13, 30, 6, + 22, 11, 4, 25 }; - // The 8 selection functions. For some reason, they gave a 0-origin + // The 8 selection functions. For some reason, they gave a 0-origin // index, unlike everything else. static byte[][] S = { - { - 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, - 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, - 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, - 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 - }, { - 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, - 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, - 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, - 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 - }, { - 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, - 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, - 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, - 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 - }, { - 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, - 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, - 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, - 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 - }, { - 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, - 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, - 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, - 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 - }, { - 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, - 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, - 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, - 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 - }, { - 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, - 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, - 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, - 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 - }, { - 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, - 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, - 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, - 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 - } + { + 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, + 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, + 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, + 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 + }, { + 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, + 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, + 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, + 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 + }, { + 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, + 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, + 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, + 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 + }, { + 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, + 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, + 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, + 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 + }, { + 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, + 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, + 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, + 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 + }, { + 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, + 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, + 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, + 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 + }, { + 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, + 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, + 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, + 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 + }, { + 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, + 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, + 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, + 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 + } }; // Dynamic data: - byte[] C = new byte[28], // The C and D arrays used to - D = new byte[28], // calculate the key schedule. - E = new byte[48], // The E bit-selection table. - L = new byte[32], // The current block, - R = new byte[32], // divided into two halves. - tempL = new byte[32], - f = new byte[32], - preS = new byte[48]; // The combination of the key and + byte[] C = new byte[28], // The C and D arrays used to + D = new byte[28], // calculate the key schedule. + E = new byte[48], // The E bit-selection table. + L = new byte[32], // The current block, + R = new byte[32], // divided into two halves. + tempL = new byte[32], + f = new byte[32], + preS = new byte[48]; // The combination of the key and // the input, before selection. - // The key schedule. Generated from the key. + // The key schedule. Generated from the key. byte[][] KS = new byte[16][48]; // Object fields: @@ -169,17 +168,17 @@ public class Crypt { // Public methods: /** - * Create Crypt object with no passwd or salt set. Must use setPasswd() - * and setSalt() before getEncryptedPasswd(). + * Create Crypt object with no passwd or salt set. Must use setPasswd() and + * setSalt() before getEncryptedPasswd(). */ public Crypt() { Passwd = Salt = Encrypt = ""; } /** - * Create a Crypt object with specified salt. Use setPasswd() before + * Create a Crypt object with specified salt. Use setPasswd() before * getEncryptedPasswd(). - * + * * @param salt the salt string for encryption */ public Crypt(String salt) { @@ -189,10 +188,9 @@ public class Crypt { } /** - * Create a Crypt object with specified passwd and salt (often the - * already encypted passwd). Get the encrypted result with - * getEncryptedPasswd(). - * + * Create a Crypt object with specified passwd and salt (often the already + * encypted passwd). Get the encrypted result with getEncryptedPasswd(). + * * @param passwd the passwd to encrypt * @param salt the salt string for encryption */ @@ -204,7 +202,7 @@ public class Crypt { /** * Retrieve the passwd string currently being encrypted. - * + * * @return the current passwd string */ public String getPasswd() { @@ -213,7 +211,7 @@ public class Crypt { /** * Retrieve the salt string currently being used for encryption. - * + * * @return the current salt string */ public String getSalt() { @@ -221,9 +219,9 @@ public class Crypt { } /** - * Retrieve the resulting encrypted string from the current passwd and - * salt settings. - * + * Retrieve the resulting encrypted string from the current passwd and salt + * settings. + * * @return the encrypted passwd */ public String getEncryptedPasswd() { @@ -231,9 +229,9 @@ public class Crypt { } /** - * Set a new passwd string for encryption. Use getEncryptedPasswd() to + * Set a new passwd string for encryption. Use getEncryptedPasswd() to * retrieve the new result. - * + * * @param passwd the new passwd string */ public void setPasswd(String passwd) { @@ -242,9 +240,9 @@ public class Crypt { } /** - * Set a new salt string for encryption. Use getEncryptedPasswd() to + * Set a new salt string for encryption. Use getEncryptedPasswd() to * retrieve the new result. - * + * * @param salt the new salt string */ public void setSalt(String salt) { @@ -254,19 +252,17 @@ public class Crypt { // Internal crypt methods: String crypt() { - if (Salt.length() == 0) return ""; + if (Salt.length() == 0) + return ""; int i, j, pwi; byte c, temp; - byte[] block = new byte[66], - iobuf = new byte[16], - salt = new byte[2], - pw = Passwd.getBytes(), //jdk1.1 - saltbytes = Salt.getBytes(); //jdk1.1 + byte[] block = new byte[66], iobuf = new byte[16], salt = new byte[2], pw = Passwd.getBytes(), // jdk1.1 + saltbytes = Salt.getBytes(); // jdk1.1 - // pw = new byte[Passwd.length()], //jdk1.0.2 - // saltbytes = new byte[Salt.length()]; //jdk1.0.2 - //Passwd.getBytes(0,Passwd.length(),pw,0); //jdk1.0.2 - //Salt.getBytes(0,Salt.length(),saltbytes,0); //jdk1.0.2 + // pw = new byte[Passwd.length()], //jdk1.0.2 + // saltbytes = new byte[Salt.length()]; //jdk1.0.2 + // Passwd.getBytes(0,Passwd.length(),pw,0); //jdk1.0.2 + // Salt.getBytes(0,Salt.length(),saltbytes,0); //jdk1.0.2 salt[0] = saltbytes[0]; salt[1] = (saltbytes.length > 1) ? saltbytes[1] : 0; @@ -288,8 +284,10 @@ public class Crypt { for (i = 0; i < 2; i++) { c = salt[i]; iobuf[i] = c; - if (c > 'Z') c -= 6; - if (c > '9') c -= 7; + if (c > 'Z') + c -= 6; + if (c > '9') + c -= 7; c -= '.'; for (j = 0; j < 6; j++) { if (((c >> j) & 1) != 0) { @@ -311,8 +309,10 @@ public class Crypt { c |= block[6 * i + j]; } c += '.'; - if (c > '9') c += 7; - if (c > 'Z') c += 6; + if (c > '9') + c += 7; + if (c > 'Z') + c += 6; iobuf[i + 2] = c; } @@ -320,16 +320,16 @@ public class Crypt { if (iobuf[1] == 0) iobuf[1] = iobuf[0]; - return new String(iobuf); //jdk1.1 - //return new String(iobuf,0); //jdk1.0.2 + return new String(iobuf); // jdk1.1 + // return new String(iobuf,0); //jdk1.0.2 } - void setkey(byte[] key) // Set up the key schedule from the key. + void setkey(byte[] key) // Set up the key schedule from the key. { int i, j, k; byte t; - // First, generate C and D by permuting the key. The low order bit + // First, generate C and D by permuting the key. The low order bit // of each 8-bit char is not used, so C and D are only 28 bits apiece. for (i = 0; i < 28; i++) { C[i] = key[PC1_C[i] - 1]; @@ -369,41 +369,41 @@ public class Crypt { byte k; // First, permute the bits in the input - //for (j = 0; j < 64; j++) - //{ - // L[j] = block[IP[j]-1]; - //} + // for (j = 0; j < 64; j++) + // { + // L[j] = block[IP[j]-1]; + // } for (j = 0; j < 32; j++) L[j] = block[IP[j] - 1]; for (j = 32; j < 64; j++) R[j - 32] = block[IP[j] - 1]; - // Perform an encryption operation 16 times. + // Perform an encryption operation 16 times. for (ii = 0; ii < 16; ii++) { i = ii; // Save the R array, which will be the new L. for (j = 0; j < 32; j++) tempL[j] = R[j]; - // Expand R to 48 bits using the E selector; - // exclusive-or with the current key bits. + // Expand R to 48 bits using the E selector; + // exclusive-or with the current key bits. for (j = 0; j < 48; j++) preS[j] = (byte) (R[E[j] - 1] ^ KS[i][j]); - // The pre-select bits are now considered in 8 groups of - // 6 bits each. The 8 selection functions map these 6-bit - // quantities into 4-bit quantities and the results permuted - // to make an f(R, K). The indexing into the selection functions - // is peculiar; it could be simplified by rewriting the tables. + // The pre-select bits are now considered in 8 groups of + // 6 bits each. The 8 selection functions map these 6-bit + // quantities into 4-bit quantities and the results permuted + // to make an f(R, K). The indexing into the selection functions + // is peculiar; it could be simplified by rewriting the tables. for (j = 0; j < 8; j++) { t = 6 * j; - k = S[j][ (preS[t ] << 5) + + k = S[j][(preS[t] << 5) + (preS[t + 1] << 3) + (preS[t + 2] << 2) + (preS[t + 3] << 1) + (preS[t + 4]) + - (preS[t + 5] << 4) ]; + (preS[t + 5] << 4)]; t = 4 * j; - f[t ] = (byte) ((k >> 3) & 1); + f[t] = (byte) ((k >> 3) & 1); f[t + 1] = (byte) ((k >> 2) & 1); f[t + 2] = (byte) ((k >> 1) & 1); f[t + 3] = (byte) ((k) & 1); @@ -430,7 +430,7 @@ public class Crypt { // The final output gets the inverse permutation of the very original. for (j = 0; j < 64; j++) { - //block[j] = L[FP[j]-1]; + // block[j] = L[FP[j]-1]; block[j] = (FP[j] > 32) ? R[FP[j] - 33] : L[FP[j] - 1]; } } diff --git a/pki/base/common/src/com/netscape/cms/authentication/DNPattern.java b/pki/base/common/src/com/netscape/cms/authentication/DNPattern.java index 1f2eb69a..a221f68f 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/DNPattern.java +++ b/pki/base/common/src/com/netscape/cms/authentication/DNPattern.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - import java.io.IOException; import java.io.PushbackReader; import java.io.StringReader; @@ -28,24 +27,27 @@ import netscape.ldap.LDAPEntry; import com.netscape.certsrv.authentication.EAuthException; import com.netscape.certsrv.base.EBaseException; - /** - * class for parsing a DN pattern used to construct a certificate - * subject name from ldap attributes and dn.<p> + * class for parsing a DN pattern used to construct a certificate subject name + * from ldap attributes and dn. + * <p> * - * dnpattern is a string representing a subject name pattern to formulate from - * the directory attributes and entry dn. If empty or not set, the - * ldap entry DN will be used as the certificate subject name. <p> + * dnpattern is a string representing a subject name pattern to formulate from + * the directory attributes and entry dn. If empty or not set, the ldap entry DN + * will be used as the certificate subject name. + * <p> + * + * The syntax is * - * The syntax is * <pre> - * dnPattern := rdnPattern *[ "," rdnPattern ] - * rdnPattern := avaPattern *[ "+" avaPattern ] + * dnPattern := rdnPattern *[ "," rdnPattern ] + * rdnPattern := avaPattern *[ "+" avaPattern ] * avaPattern := name "=" value | - * name "=" "$attr" "." attrName [ "." attrNumber ] | - * name "=" "$dn" "." attrName [ "." attrNumber ] | - * "$dn" "." "$rdn" "." number + * name "=" "$attr" "." attrName [ "." attrNumber ] | + * name "=" "$dn" "." attrName [ "." attrNumber ] | + * "$dn" "." "$rdn" "." number * </pre> + * * <pre> * Example1: <i>E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US </i> * Ldap entry: dn: UID=jjames, OU=IS, OU=people, O=acme.org @@ -72,11 +74,12 @@ import com.netscape.certsrv.base.EBaseException; * E = the first 'mail' ldap attribute value in user's entry. <br> * CN = the (first) 'cn' ldap attribute value in the user's entry. <br> * OU = the second 'ou' value in the user's entry DN. note multiple AVAs - * in a RDN in this example. <br> + * in a RDN in this example. <br> * O = the (first) 'o' value in the user's entry DN. <br> * C = the string "US" * <p> * </pre> + * * <pre> * Example3: <i>CN=$attr.cn, $rdn.2, O=$dn.o, C=US</i> * Ldap entry: dn: UID=jjames, OU=IS+OU=people, O=acme.org @@ -101,15 +104,16 @@ import com.netscape.certsrv.base.EBaseException; * <p> * CN = the (first) 'cn' ldap attribute value in the user's entry. <br> * OU = the second 'ou' value in the user's entry DN followed by the - * first 'ou' value in the user's entry. note multiple AVAs - * in a RDN in this example. <br> + * first 'ou' value in the user's entry. note multiple AVAs + * in a RDN in this example. <br> * O = the (first) 'o' value in the user's entry DN. <br> * C = the string "US" * <p> * </pre> - * If an attribute or subject DN component does not exist the attribute - * is skipped. - * + * + * If an attribute or subject DN component does not exist the attribute is + * skipped. + * * @version $Revision$, $Date$ */ public class DNPattern { @@ -125,15 +129,16 @@ public class DNPattern { protected String mTestDN = null; - /** + /** * Construct a DN pattern by parsing a pattern string. + * * @param pattern the DN pattern - * @exception EBaseException If parsing error occurs. + * @exception EBaseException If parsing error occurs. */ public DNPattern(String pattern) - throws EAuthException { + throws EAuthException { if (pattern == null || pattern.equals("")) { - // create an attribute list that is the dn. + // create an attribute list that is the dn. mLdapAttrs = new String[] { "dn" }; } else { mPatternString = pattern; @@ -143,13 +148,13 @@ public class DNPattern { } } - public DNPattern(PushbackReader in) - throws EAuthException { + public DNPattern(PushbackReader in) + throws EAuthException { parse(in); } private void parse(PushbackReader in) - throws EAuthException { + throws EAuthException { Vector rdnPatterns = new Vector(); RDNPattern rdnPattern = null; int lastChar = -1; @@ -162,8 +167,7 @@ public class DNPattern { } catch (IOException e) { throw new EAuthException("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()); } - } - while (lastChar == ','); + } while (lastChar == ','); mRDNPatterns = new RDNPattern[rdnPatterns.size()]; rdnPatterns.copyInto(mRDNPatterns); @@ -173,8 +177,8 @@ public class DNPattern { for (int i = 0; i < mRDNPatterns.length; i++) { String[] rdnAttrs = mRDNPatterns[i].getLdapAttrs(); - if (rdnAttrs != null && rdnAttrs.length > 0) - for (int j = 0; j < rdnAttrs.length; j++) + if (rdnAttrs != null && rdnAttrs.length > 0) + for (int j = 0; j < rdnAttrs.length; j++) ldapAttrs.addElement(rdnAttrs[j]); } mLdapAttrs = new String[ldapAttrs.size()]; @@ -183,11 +187,12 @@ public class DNPattern { /** * Form a Ldap v3 DN string from results of a ldap search. + * * @param entry LDAPentry from a ldap search - * @return Ldap v3 DN string to use for a subject name. + * @return Ldap v3 DN string to use for a subject name. */ public String formDN(LDAPEntry entry) - throws EAuthException { + throws EAuthException { StringBuffer formedDN = new StringBuffer(); for (int i = 0; i < mRDNPatterns.length; i++) { @@ -197,13 +202,13 @@ public class DNPattern { if (rdn != null) { if (rdn != null && rdn.length() != 0) { - if (formedDN.length() != 0) + if (formedDN.length() != 0) formedDN.append(","); formedDN.append(rdn); } } } - //System.out.println("formed DN "+formedDN.toString()); + // System.out.println("formed DN "+formedDN.toString()); return formedDN.toString(); } diff --git a/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java index c9b64fca..41fb9699 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java +++ b/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - // ldap java sdk import java.io.IOException; import java.security.cert.CertificateException; @@ -57,29 +56,28 @@ import com.netscape.certsrv.ldap.ILdapConnFactory; import com.netscape.certsrv.logging.ILogger; import com.netscape.cmsutil.util.Utils; - /** - * Abstract class for directory based authentication managers - * Uses a pattern for formulating subject names. - * The pattern is read from configuration file. + * Abstract class for directory based authentication managers Uses a pattern for + * formulating subject names. The pattern is read from configuration file. * Syntax of the pattern is described in the init() method. * * <P> + * * @version $Revision$, $Date$ */ -public abstract class DirBasedAuthentication - implements IAuthManager, IExtendedPluginInfo { +public abstract class DirBasedAuthentication + implements IAuthManager, IExtendedPluginInfo { - protected static final String USER_DN = "userDN"; + protected static final String USER_DN = "userDN"; /* configuration parameter keys */ - protected static final String PROP_LDAP = "ldap"; - protected static final String PROP_BASEDN = "basedn"; - protected static final String PROP_DNPATTERN = "dnpattern"; + protected static final String PROP_LDAP = "ldap"; + protected static final String PROP_BASEDN = "basedn"; + protected static final String PROP_DNPATTERN = "dnpattern"; protected static final String PROP_LDAPSTRINGATTRS = "ldapStringAttributes"; protected static final String PROP_LDAPBYTEATTRS = "ldapByteAttributes"; - // members + // members /* name of this authentication manager instance */ protected String mName = null; @@ -105,20 +103,24 @@ public abstract class DirBasedAuthentication /* the subject DN pattern */ protected DNPattern mPattern = null; - /* the list of LDAP attributes with string values to retrieve to - * save in the auth token including ones from the dn pattern. */ + /* + * the list of LDAP attributes with string values to retrieve to save in the + * auth token including ones from the dn pattern. + */ protected String[] mLdapStringAttrs = null; - /* the list of LDAP attributes with byte[] values to retrive to save - * in authtoken. */ + /* + * the list of LDAP attributes with byte[] values to retrive to save in + * authtoken. + */ protected String[] mLdapByteAttrs = null; - /* the combined list of LDAP attriubutes to retrieve*/ + /* the combined list of LDAP attriubutes to retrieve */ protected String[] mLdapAttrs = null; /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = - "E=$attr.mail, CN=$attr.cn, O=$dn.o, C=$dn.c"; + protected static String DEFAULT_DNPATTERN = + "E=$attr.mail, CN=$attr.cn, O=$dn.o, C=$dn.c"; /* Vector of extendedPluginInfo strings */ protected static Vector<String> mExtendedPluginInfo = null; @@ -126,31 +128,31 @@ public abstract class DirBasedAuthentication static { mExtendedPluginInfo = new Vector<String>(); mExtendedPluginInfo.add(PROP_DNPATTERN + ";string;Template for cert" + - " Subject Name. ($dn.xxx - get value from user's LDAP " + - "DN. $attr.yyy - get value from LDAP attributes in " + - "user's entry.) Default: " + DEFAULT_DNPATTERN); + " Subject Name. ($dn.xxx - get value from user's LDAP " + + "DN. $attr.yyy - get value from LDAP attributes in " + + "user's entry.) Default: " + DEFAULT_DNPATTERN); mExtendedPluginInfo.add(PROP_LDAPSTRINGATTRS + ";string;" + - "Comma-separated list of LDAP attributes to copy from " + - "the user's LDAP entry into the AuthToken. e.g use " + - "'mail' to copy user's email address for subjectAltName"); + "Comma-separated list of LDAP attributes to copy from " + + "the user's LDAP entry into the AuthToken. e.g use " + + "'mail' to copy user's email address for subjectAltName"); mExtendedPluginInfo.add(PROP_LDAPBYTEATTRS + ";string;" + - "Comma-separated list of binary LDAP attributes to copy" + - " from the user's LDAP entry into the AuthToken"); + "Comma-separated list of binary LDAP attributes to copy" + + " from the user's LDAP entry into the AuthToken"); mExtendedPluginInfo.add("ldap.ldapconn.host;string,required;" + - "LDAP host to connect to"); + "LDAP host to connect to"); mExtendedPluginInfo.add("ldap.ldapconn.port;number,required;" + - "LDAP port number (use 389, or 636 if SSL)"); + "LDAP port number (use 389, or 636 if SSL)"); mExtendedPluginInfo.add("ldap.ldapconn.secureConn;boolean;" + - "Use SSL to connect to directory?"); + "Use SSL to connect to directory?"); mExtendedPluginInfo.add("ldap.ldapconn.version;choice(3,2);" + - "LDAP protocol version"); + "LDAP protocol version"); mExtendedPluginInfo.add("ldap.basedn;string,required;Base DN to start searching " + - "under. If your user's DN is 'uid=jsmith, o=company', you " + - "might want to use 'o=company' here"); + "under. If your user's DN is 'uid=jsmith, o=company', you " + + "might want to use 'o=company' here"); mExtendedPluginInfo.add("ldap.minConns;number;number of connections " + - "to keep open to directory server. Default 5."); + "to keep open to directory server. Default 5."); mExtendedPluginInfo.add("ldap.maxConns;number;when needed, connection " + - "pool can grow to this many (multiplexed) connections. Default 1000."); + "pool can grow to this many (multiplexed) connections. Default 1000."); } /** @@ -163,24 +165,26 @@ public abstract class DirBasedAuthentication * Initializes the UidPwdDirBasedAuthentication auth manager. * * Takes the following configuration parameters: <br> + * * <pre> - * ldap.basedn - the ldap base dn. - * ldap.ldapconn.host - the ldap host. - * ldap.ldapconn.port - the ldap port - * ldap.ldapconn.secureConn - whether port should be secure - * ldap.minConns - minimum connections - * ldap.maxConns - max connections - * dnpattern - dn pattern. + * ldap.basedn - the ldap base dn. + * ldap.ldapconn.host - the ldap host. + * ldap.ldapconn.port - the ldap port + * ldap.ldapconn.secureConn - whether port should be secure + * ldap.minConns - minimum connections + * ldap.maxConns - max connections + * dnpattern - dn pattern. * </pre> * <p> - * <i><b>dnpattern</b></i> is a string representing a subject name pattern - * to formulate from the directory attributes and entry dn. If empty or - * not set, the ldap entry DN will be used as the certificate subject name. + * <i><b>dnpattern</b></i> is a string representing a subject name pattern + * to formulate from the directory attributes and entry dn. If empty or not + * set, the ldap entry DN will be used as the certificate subject name. * <p> - * The syntax is + * The syntax is + * * <pre> * dnpattern = SubjectNameComp *[ "," SubjectNameComp ] - * + * * SubjectNameComponent = DnComp | EntryComp | ConstantComp * DnComp = CertAttr "=" "$dn" "." DnAttr "." Num * EntryComp = CertAttr "=" "$attr" "." EntryAttr "." Num @@ -190,11 +194,12 @@ public abstract class DirBasedAuthentication * CertAttr = a Component in the Certificate Subject Name * (multiple AVA in one RDN not supported) * Num = the nth value of tha attribute in the dn or entry. - * Constant = Constant String, with any accepted ldap string value. + * Constant = Constant String, with any accepted ldap string value. * * </pre> * <p> * <b>Example:</b> + * * <pre> * dnpattern: * E=$attr.mail.1, CN=$attr.cn, OU=$attr.ou.2, O=$dn.o, C=US @@ -213,6 +218,7 @@ public abstract class DirBasedAuthentication * </pre> * <p> * The subject name formulated in the cert will be : <br> + * * <pre> * E=joesmith@acme.com, CN=Joe Smith, OU=Human Resources, O=Acme.com, C=US * @@ -229,19 +235,20 @@ public abstract class DirBasedAuthentication * @exception EBaseException If an error occurs during initialization. */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { init(name, implName, config, true); } public void init(String name, String implName, IConfigStore config, boolean needBaseDN) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; /* initialize ldap server configuration */ mLdapConfig = mConfig.getSubStore(PROP_LDAP); - if (needBaseDN) mBaseDN = mLdapConfig.getString(PROP_BASEDN); + if (needBaseDN) + mBaseDN = mLdapConfig.getString(PROP_BASEDN); if (needBaseDN && ((mBaseDN == null) || (mBaseDN.length() == 0) || (mBaseDN.trim().equals("")))) throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "basedn")); mConnFactory = CMS.getLdapAnonConnFactory(); @@ -250,7 +257,7 @@ public abstract class DirBasedAuthentication /* initialize dn pattern */ String pattern = mConfig.getString(PROP_DNPATTERN, null); - if (pattern == null || pattern.length() == 0) + if (pattern == null || pattern.length() == 0) pattern = DEFAULT_DNPATTERN; mPattern = new DNPattern(pattern); String[] patternLdapAttrs = mPattern.getLdapAttrs(); @@ -261,15 +268,15 @@ public abstract class DirBasedAuthentication if (ldapStringAttrs == null) { mLdapStringAttrs = patternLdapAttrs; } else { - StringTokenizer pAttrs = - new StringTokenizer(ldapStringAttrs, ",", false); + StringTokenizer pAttrs = + new StringTokenizer(ldapStringAttrs, ",", false); int begin = 0; if (patternLdapAttrs != null && patternLdapAttrs.length > 0) { - mLdapStringAttrs = new String[ + mLdapStringAttrs = new String[ patternLdapAttrs.length + pAttrs.countTokens()]; - System.arraycopy(patternLdapAttrs, 0, - mLdapStringAttrs, 0, patternLdapAttrs.length); + System.arraycopy(patternLdapAttrs, 0, + mLdapStringAttrs, 0, patternLdapAttrs.length); begin = patternLdapAttrs.length; } else { mLdapStringAttrs = new String[pAttrs.countTokens()]; @@ -285,11 +292,11 @@ public abstract class DirBasedAuthentication if (ldapByteAttrs == null) { mLdapByteAttrs = new String[0]; } else { - StringTokenizer byteAttrs = - new StringTokenizer(ldapByteAttrs, ",", false); + StringTokenizer byteAttrs = + new StringTokenizer(ldapByteAttrs, ",", false); mLdapByteAttrs = new String[byteAttrs.countTokens()]; - for (int j = 0; j < mLdapByteAttrs.length; j++) { + for (int j = 0; j < mLdapByteAttrs.length; j++) { mLdapByteAttrs[j] = ((String) byteAttrs.nextElement()).trim(); } } @@ -297,10 +304,10 @@ public abstract class DirBasedAuthentication /* make the combined list */ mLdapAttrs = new String[mLdapStringAttrs.length + mLdapByteAttrs.length]; - System.arraycopy(mLdapStringAttrs, 0, mLdapAttrs, - 0, mLdapStringAttrs.length); - System.arraycopy(mLdapByteAttrs, 0, mLdapAttrs, - mLdapStringAttrs.length, mLdapByteAttrs.length); + System.arraycopy(mLdapStringAttrs, 0, mLdapAttrs, + 0, mLdapStringAttrs.length); + System.arraycopy(mLdapByteAttrs, 0, mLdapAttrs, + mLdapStringAttrs.length, mLdapByteAttrs.length); log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_INIT_DONE")); } @@ -320,21 +327,22 @@ public abstract class DirBasedAuthentication } /** - * Authenticates user through LDAP by a set of credentials. - * Resulting AuthToken a TOKEN_CERTINFO field of a X509CertInfo + * Authenticates user through LDAP by a set of credentials. Resulting + * AuthToken a TOKEN_CERTINFO field of a X509CertInfo * <p> + * * @param authCred Authentication credentials, CRED_UID and CRED_PWD. * @return A AuthToken with a TOKEN_SUBJECT of X500name type. - * @exception com.netscape.certsrv.authentication.EMissingCredential - * If a required authentication credential is missing. - * @exception com.netscape.certsrv.authentication.EInvalidCredentials - * If credentials failed authentication. - * @exception com.netscape.certsrv.base.EBaseException - * If an internal error occurred. + * @exception com.netscape.certsrv.authentication.EMissingCredential If a + * required authentication credential is missing. + * @exception com.netscape.certsrv.authentication.EInvalidCredentials If + * credentials failed authentication. + * @exception com.netscape.certsrv.base.EBaseException If an internal error + * occurred. * @see com.netscape.certsrv.authentication.AuthToken */ public IAuthToken authenticate(IAuthCredentials authCred) - throws EMissingCredential, EInvalidCredentials, EBaseException { + throws EMissingCredential, EInvalidCredentials, EBaseException { String userdn = null; LDAPConnection conn = null; AuthToken authToken = new AuthToken(this); @@ -360,28 +368,28 @@ public abstract class DirBasedAuthentication // set subject name. try { CertificateSubjectName subjectname = (CertificateSubjectName) - certInfo.get(X509CertInfo.SUBJECT); + certInfo.get(X509CertInfo.SUBJECT); if (subjectname != null) - authToken.set(AuthToken.TOKEN_CERT_SUBJECT, - subjectname.toString()); + authToken.set(AuthToken.TOKEN_CERT_SUBJECT, + subjectname.toString()); } // error means it's not set. catch (CertificateException e) { } catch (IOException e) { } - // set validity if any + // set validity if any try { CertificateValidity validity = (CertificateValidity) - certInfo.get(X509CertInfo.VALIDITY); + certInfo.get(X509CertInfo.VALIDITY); if (validity != null) { - // the gets throws IOException but only if attribute - // not recognized. In these cases they are always. - authToken.set(AuthToken.TOKEN_CERT_NOTBEFORE, - (Date)validity.get(CertificateValidity.NOT_BEFORE)); - authToken.set(AuthToken.TOKEN_CERT_NOTAFTER, - (Date)validity.get(CertificateValidity.NOT_AFTER)); + // the gets throws IOException but only if attribute + // not recognized. In these cases they are always. + authToken.set(AuthToken.TOKEN_CERT_NOTBEFORE, + (Date) validity.get(CertificateValidity.NOT_BEFORE)); + authToken.set(AuthToken.TOKEN_CERT_NOTAFTER, + (Date) validity.get(CertificateValidity.NOT_AFTER)); } } // error means it's not set. catch (CertificateException e) { @@ -391,7 +399,7 @@ public abstract class DirBasedAuthentication // set extensions if any. try { CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); if (extensions != null) authToken.set(AuthToken.TOKEN_CERT_EXTENSIONS, extensions); @@ -401,7 +409,7 @@ public abstract class DirBasedAuthentication } } finally { - if (conn != null) + if (conn != null) mConnFactory.returnConn(conn); } @@ -410,15 +418,16 @@ public abstract class DirBasedAuthentication /** * get the list of required credentials. + * * @return list of required credentials as strings. */ public abstract String[] getRequiredCreds(); /** - * Returns a list of configuration parameter names. - * The list is passed to the configuration console so instances of - * this implementation can be configured through the console. - * + * Returns a list of configuration parameter names. The list is passed to + * the configuration console so instances of this implementation can be + * configured through the console. + * * @return String array of configuration parameter names. */ public abstract String[] getConfigParams(); @@ -440,6 +449,7 @@ public abstract class DirBasedAuthentication /** * Gets the configuration substore used by this authentication manager + * * @return configuration store */ public IConfigStore getConfigStore() { @@ -452,11 +462,11 @@ public abstract class DirBasedAuthentication * @param authCreds The authentication credentials. * @return The user's ldap entry dn. * @exception EInvalidCredentials If the uid and password are not valid - * @exception EBaseException If an internal error occurs. + * @exception EBaseException If an internal error occurs. */ protected abstract String authenticate( - LDAPConnection conn, IAuthCredentials authCreds, AuthToken token) - throws EBaseException; + LDAPConnection conn, IAuthCredentials authCreds, AuthToken token) + throws EBaseException; /** * Formulate the cert info. @@ -465,24 +475,24 @@ public abstract class DirBasedAuthentication * @param userdn The user's dn. * @param certinfo A certinfo object to fill. * @param token A authentication token to fill. - * @exception EBaseException If an internal error occurs. + * @exception EBaseException If an internal error occurs. */ - protected void formCertInfo(LDAPConnection conn, - String userdn, - X509CertInfo certinfo, - AuthToken token) - throws EBaseException { + protected void formCertInfo(LDAPConnection conn, + String userdn, + X509CertInfo certinfo, + AuthToken token) + throws EBaseException { String dn = null; // get ldap attributes to retrieve. String[] attrs = getLdapAttrs(); - // retrieve the attributes. + // retrieve the attributes. try { if (conn != null) { LDAPEntry entry = null; - LDAPSearchResults results = - conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", - attrs, false); + LDAPSearchResults results = + conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", + attrs, false); if (!results.hasMoreElements()) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_ATTR_ERROR")); @@ -490,11 +500,11 @@ public abstract class DirBasedAuthentication } entry = results.next(); - // formulate the subject dn + // formulate the subject dn try { dn = formSubjectName(entry); } catch (EBaseException e) { - //e.printStackTrace(); + // e.printStackTrace(); throw e; } // Put selected values from the entry into the token @@ -504,23 +514,23 @@ public abstract class DirBasedAuthentication } // add anything else in cert info such as validity, extensions - // (nothing now) + // (nothing now) // pack the dn into X500name and set subject name. if (dn.length() == 0) { - EBaseException ex = - new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_EMPTY_DN_FORMED", mName)); + EBaseException ex = + new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_EMPTY_DN_FORMED", mName)); log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_DN_ERROR", ex.toString())); throw ex; } X500Name subjectdn = new X500Name(dn); - certinfo.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(subjectdn)); + certinfo.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(subjectdn)); } catch (LDAPException e) { switch (e.getLDAPResultCode()) { - case LDAPException.SERVER_DOWN: + case LDAPException.SERVER_DOWN: log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_AUTH_ATTR_ERROR")); throw new ELdapException( CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); @@ -534,7 +544,7 @@ public abstract class DirBasedAuthentication log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.toString())); throw new ELdapException( CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", - e.errorCodeToString())); + e.errorCodeToString())); } } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_CREATE_SUBJECT_ERROR", userdn, e.getMessage())); @@ -546,26 +556,27 @@ public abstract class DirBasedAuthentication } /** - * Copy values from the LDAPEntry into the AuthToken. The - * list of values that should be store this way is given in - * a the ldapAttributes configuration parameter. + * Copy values from the LDAPEntry into the AuthToken. The list of values + * that should be store this way is given in a the ldapAttributes + * configuration parameter. */ protected void setAuthTokenValues(LDAPEntry e, AuthToken tok) { for (int i = 0; i < mLdapStringAttrs.length; i++) setAuthTokenStringValue(mLdapStringAttrs[i], e, tok); - for (int j = 0; j < mLdapByteAttrs.length; j++) + for (int j = 0; j < mLdapByteAttrs.length; j++) setAuthTokenByteValue(mLdapByteAttrs[j], e, tok); } protected void setAuthTokenStringValue( - String name, LDAPEntry entry, AuthToken tok) { + String name, LDAPEntry entry, AuthToken tok) { LDAPAttribute values = entry.getAttribute(name); - if (values == null) return; + if (values == null) + return; Vector<String> v = new Vector<String>(); @SuppressWarnings("unchecked") - Enumeration<String> e = values.getStringValues(); + Enumeration<String> e = values.getStringValues(); while (e.hasMoreElements()) { v.addElement(e.nextElement()); @@ -579,14 +590,15 @@ public abstract class DirBasedAuthentication } protected void setAuthTokenByteValue( - String name, LDAPEntry entry, AuthToken tok) { + String name, LDAPEntry entry, AuthToken tok) { LDAPAttribute values = entry.getAttribute(name); - if (values == null) return; + if (values == null) + return; Vector<byte[]> v = new Vector<byte[]>(); @SuppressWarnings("unchecked") - Enumeration<byte[]> e = values.getByteValues(); + Enumeration<byte[]> e = values.getByteValues(); while (e.hasMoreElements()) { v.addElement(e.nextElement()); @@ -602,6 +614,7 @@ public abstract class DirBasedAuthentication /** * Return a list of LDAP attributes with String values to retrieve. * Subclasses can override to return any set of attributes. + * * @return Array of LDAP attributes to retrieve from the directory. */ protected String[] getLdapAttrs() { @@ -611,6 +624,7 @@ public abstract class DirBasedAuthentication /** * Return a list of LDAP attributes with byte[] values to retrieve. * Subclasses can override to return any set of attributes. + * * @return Array of LDAP attributes to retrieve from the directory. */ protected String[] getLdapByteAttrs() { @@ -618,22 +632,21 @@ public abstract class DirBasedAuthentication } /** - * Formulate the subject name + * Formulate the subject name + * * @param entry The LDAP entry * @return The subject name string. * @exception EBaseException If an internal error occurs. */ protected String formSubjectName(LDAPEntry entry) - throws EAuthException { - if (mPattern.mPatternString == null) + throws EAuthException { + if (mPattern.mPatternString == null) return entry.getDN(); - - /* - if (mTestDNString != null) { - mPattern.mTestDN = mTestDNString; - //System.out.println("Set DNPattern.mTestDN to "+mPattern.mTestDN); - } - */ + + /* + * if (mTestDNString != null) { mPattern.mTestDN = mTestDNString; + * //System.out.println("Set DNPattern.mTestDN to "+mPattern.mTestDN); } + */ String dn = mPattern.formDN(entry); @@ -643,6 +656,7 @@ public abstract class DirBasedAuthentication /** * Logs a message for this class in the system log file. + * * @param level The log level. * @param msg The message to log. * @see com.netscape.certsrv.logging.ILogger @@ -651,15 +665,14 @@ public abstract class DirBasedAuthentication if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, - level, msg); + level, msg); } public String[] getExtendedPluginInfo(Locale locale) { String[] s = Utils.getStringArrayFromVector(mExtendedPluginInfo); return s; - + } } - diff --git a/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java b/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java index ab59c499..2bfc29c2 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java +++ b/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - // ldap java sdk import java.io.BufferedReader; import java.io.BufferedWriter; @@ -49,15 +48,14 @@ import com.netscape.certsrv.profile.IProfileAuthenticator; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This represents the authentication manager that authenticates - * user against a file where id, and password are stored. + * This represents the authentication manager that authenticates user against a + * file where id, and password are stored. * * @version $Revision$, $Date$ */ -public class FlatFileAuth - implements IProfileAuthenticator, IExtendedPluginInfo { +public class FlatFileAuth + implements IProfileAuthenticator, IExtendedPluginInfo { /* configuration parameter keys */ protected static final String PROP_FILENAME = "fileName"; @@ -66,39 +64,39 @@ public class FlatFileAuth protected static final String PROP_DEFERONFAILURE = "deferOnFailure"; protected String mFilename = "config/pwfile"; - protected long mFileLastRead = 0; + protected long mFileLastRead = 0; protected String mKeyAttributes = "UID"; protected String mAuthAttrs = "PWD"; protected boolean mDeferOnFailure = true; private static final String DATE_PATTERN = "yyyy-MM-dd-HH-mm-ss"; private static SimpleDateFormat mDateFormat = new SimpleDateFormat(DATE_PATTERN); - protected static String[] mConfigParams = - new String[] { - PROP_FILENAME, - PROP_KEYATTRIBUTES, - PROP_AUTHATTRS, - PROP_DEFERONFAILURE + protected static String[] mConfigParams = + new String[] { + PROP_FILENAME, + PROP_KEYATTRIBUTES, + PROP_AUTHATTRS, + PROP_DEFERONFAILURE }; public String[] getExtendedPluginInfo(Locale locale) { String s[] = { PROP_FILENAME + ";string;Pathname of password file", PROP_KEYATTRIBUTES + ";string;Comma-separated list of attributes" + - " which together form a unique identifier for the user", + " which together form a unique identifier for the user", PROP_AUTHATTRS + ";string;Comma-separated list of attributes" + - " which are used for further authentication", + " which are used for further authentication", PROP_DEFERONFAILURE + ";boolean;if user is not found, defer the " + - "request to the queue for manual-authentication (true), or " + - "simply rejected the request (false)" + "request to the queue for manual-authentication (true), or " + + "simply rejected the request (false)" }; return s; } - + /** name of this authentication manager instance */ protected String mName = null; - + protected String FFAUTH = "FlatFileAuth"; /** name of the authentication manager plugin */ @@ -109,30 +107,31 @@ public class FlatFileAuth /** system logger */ protected ILogger mLogger = CMS.getLogger(); - - /** This array is created as to include all the requested attributes - * + + /** + * This array is created as to include all the requested attributes + * */ String[] reqCreds = null; String[] authAttrs = null; String[] keyAttrs = null; - /** Hashtable of entries from Auth File. Hash index is the - * concatenation of the attributes from matchAttributes property + /** + * Hashtable of entries from Auth File. Hash index is the concatenation of + * the attributes from matchAttributes property */ protected Hashtable entries = null; /** - * Get the named property - * If the property is not set, use s as the default, and create - * a new value for the property in the config file. + * Get the named property If the property is not set, use s as the default, + * and create a new value for the property in the config file. * * @param propertyName Property name * @param s The default value of the property */ protected String getPropertyS(String propertyName, String s) - throws EBaseException { + throws EBaseException { String p; try { @@ -149,15 +148,14 @@ public class FlatFileAuth } /** - * Get the named property, - * If the property is not set, use b as the default, and create - * a new value for the property in the config file. + * Get the named property, If the property is not set, use b as the default, + * and create a new value for the property in the config file. * * @param propertyName Property name * @param b The default value of the property */ protected boolean getPropertyB(String propertyName, boolean b) - throws EBaseException { + throws EBaseException { boolean p; try { @@ -170,7 +168,7 @@ public class FlatFileAuth } public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; @@ -219,6 +217,7 @@ public class FlatFileAuth /** * Log a message. + * * @param level The logging level. * @param msg The message to log. */ @@ -226,16 +225,16 @@ public class FlatFileAuth if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, - level, msg); + level, msg); } - + void print(String s) { CMS.debug("FlatFileAuth: " + s); } /** - * Return a string array which is the union of all the string arrays - * passed in. The strings are treated as case sensitive + * Return a string array which is the union of all the string arrays passed + * in. The strings are treated as case sensitive */ public String[] unionOfStrings(String[][] stringArrays) { @@ -257,12 +256,11 @@ public class FlatFileAuth s[i] = (String) e.nextElement(); } return s; - + } - + /** - * Split a comma-delimited String into an array of individual - * Strings. + * Split a comma-delimited String into an array of individual Strings. */ private String[] splitOnComma(String s) { print("Splitting String: " + s + " on commas"); @@ -282,8 +280,8 @@ public class FlatFileAuth } /** - * Join an array of Strings into one string, with - * the specified string between each string + * Join an array of Strings into one string, with the specified string + * between each string */ private String joinStringArray(String[] s, String sep) { @@ -298,9 +296,9 @@ public class FlatFileAuth return sb.toString(); } - private synchronized void updateFile (String key) { + private synchronized void updateFile(String key) { try { - String name = writeFile (key); + String name = writeFile(key); if (name != null) { File orgFile = new File(mFilename); long lastModified = orgFile.lastModified(); @@ -310,15 +308,15 @@ public class FlatFileAuth } else { mFileLastRead = newFile.lastModified(); } - if (orgFile.renameTo(new File(name.substring(0, name.length()-1)))) { + if (orgFile.renameTo(new File(name.substring(0, name.length() - 1)))) { if (!newFile.renameTo(new File(mFilename))) { log(ILogger.LL_FAILURE, CMS.getLogMessage("RENAME_FILE_ERROR", name, mFilename)); - File file = new File(name.substring(0, name.length()-1)); + File file = new File(name.substring(0, name.length() - 1)); file.renameTo(new File(mFilename)); } } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("RENAME_FILE_ERROR", mFilename, - name.substring(0, name.length()-1))); + name.substring(0, name.length() - 1))); } } } catch (Exception e) { @@ -326,7 +324,7 @@ public class FlatFileAuth } } - private String writeFile (String key) { + private String writeFile(String key) { BufferedReader reader = null; BufferedWriter writer = null; String name = null; @@ -334,9 +332,9 @@ public class FlatFileAuth boolean done = false; String line = null; try { - reader = new BufferedReader (new FileReader (mFilename)); - name = mFilename+"."+mDateFormat.format(new Date())+"~"; - writer = new BufferedWriter (new FileWriter(name)); + reader = new BufferedReader(new FileReader(mFilename)); + name = mFilename + "." + mDateFormat.format(new Date()) + "~"; + writer = new BufferedWriter(new FileWriter(name)); if (reader != null && writer != null) { while ((line = reader.readLine()) != null) { if (commentOutNextLine) { @@ -374,12 +372,15 @@ public class FlatFileAuth long s2 = 0; File f1 = new File(mFilename); File f2 = new File(name); - if (f1.exists()) s1 = f1.length(); - if (f2.exists()) s2 = f2.length(); + if (f1.exists()) + s1 = f1.length(); + if (f2.exists()) + s2 = f2.length(); if (s1 > 0 && s2 > 0 && s2 > s1) { done = true; } else { - if (f2.exists()) f2.delete(); + if (f2.exists()) + f2.delete(); name = null; } } @@ -390,27 +391,28 @@ public class FlatFileAuth return name; } - /** - * Read a file with the following format: <p><pre> + * Read a file with the following format: + * <p> + * + * <pre> * param1: valuea * param2: valueb * -blank-line- * param1: valuec * param2: valued * </pre> - * + * * @param f The file to read - * @param keys The parameters to concat together to form the hash - * key + * @param keys The parameters to concat together to form the hash key * @return a hashtable of hashtables. */ protected Hashtable readFile(File f, String[] keys) - throws IOException { + throws IOException { log(ILogger.LL_INFO, "Reading file: " + f.getName()); BufferedReader file = new BufferedReader( new FileReader(f) - ); + ); String line; Hashtable allusers = new Hashtable(); @@ -429,7 +431,7 @@ public class FlatFileAuth entry = new Hashtable(); } - if (colon == -1) { // no colon -> empty line signifies end of record + if (colon == -1) { // no colon -> empty line signifies end of record if (!line.trim().equals("")) { if (file != null) { file.close(); @@ -458,8 +460,8 @@ public class FlatFileAuth } private void putEntry(Hashtable allUsers, - Hashtable entry, - String[] keys) { + Hashtable entry, + String[] keys) { if (entry == null) { return; } @@ -497,20 +499,20 @@ public class FlatFileAuth } /** - * Compare attributes provided by the user with those in - * in flat file. - * + * Compare attributes provided by the user with those in in flat file. + * */ private IAuthToken doAuthentication(Hashtable user, IAuthCredentials authCred) - throws EMissingCredential, EInvalidCredentials, EBaseException { + throws EMissingCredential, EInvalidCredentials, EBaseException { AuthToken authToken = new AuthToken(this); for (int i = 0; i < authAttrs.length; i++) { String ffvalue = (String) user.get(authAttrs[i]); String uservalue = (String) authCred.get(authAttrs[i]); - // print("checking authentication token (" + authAttrs[i] + ": " + uservalue + " against ff value: " + ffvalue); + // print("checking authentication token (" + authAttrs[i] + ": " + + // uservalue + " against ff value: " + ffvalue); if (!ffvalue.equals(uservalue)) { throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } @@ -536,10 +538,10 @@ public class FlatFileAuth /** * Authenticate the request - * + * */ public IAuthToken authenticate(IAuthCredentials authCred) - throws EMissingCredential, EInvalidCredentials, EBaseException { + throws EMissingCredential, EInvalidCredentials, EBaseException { IAuthToken authToken = null; String keyForUser = ""; @@ -579,7 +581,7 @@ public class FlatFileAuth } } - // if a dn was specified in the password file for this user, + // if a dn was specified in the password file for this user, // replace the requested dn with the one in the pwfile if (user != null) { String dn = (String) user.get("dn"); @@ -601,21 +603,21 @@ public class FlatFileAuth } /** - * Return a list of HTTP parameters which will be taken from the - * request posting and placed into the AuthCredentials block - * - * Note that this method will not be called until after the - * init() method is called + * Return a list of HTTP parameters which will be taken from the request + * posting and placed into the AuthCredentials block + * + * Note that this method will not be called until after the init() method is + * called */ public String[] getRequiredCreds() { print("getRequiredCreds returning: " + joinStringArray(reqCreds, ",")); return reqCreds; - + } /** - * Returns a list of configuration parameters, so the console - * can prompt the user when configuring. + * Returns a list of configuration parameters, so the console can prompt the + * user when configuring. */ public String[] getConfigParams() { return mConfigParams; @@ -640,7 +642,7 @@ public class FlatFileAuth } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { } /** @@ -666,7 +668,7 @@ public class FlatFileAuth } public void populate(IAuthToken token, IRequest request) - throws EProfileException { + throws EProfileException { } /** diff --git a/pki/base/common/src/com/netscape/cms/authentication/HashAuthData.java b/pki/base/common/src/com/netscape/cms/authentication/HashAuthData.java index 19bfab69..19e4f0e3 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/HashAuthData.java +++ b/pki/base/common/src/com/netscape/cms/authentication/HashAuthData.java @@ -17,17 +17,16 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - // java sdk imports. import java.util.Hashtable; import java.util.Vector; - /** - * The structure stores the information of which machine is enabled for - * the agent-initiated user enrollment, and whom agents enable this feature, - * and the value of the timeout. + * The structure stores the information of which machine is enabled for the + * agent-initiated user enrollment, and whom agents enable this feature, and the + * value of the timeout. * <P> + * * @version $Revision$, $Date$ */ public class HashAuthData extends Hashtable { @@ -54,7 +53,7 @@ public class HashAuthData extends Hashtable { Vector val = (Vector) get(hostname); if (val == null) { - val = new Vector(); + val = new Vector(); put(hostname, val); } val.setElementAt(agentName, 0); @@ -117,4 +116,3 @@ public class HashAuthData extends Hashtable { val.setElementAt(Long.valueOf(lastLogin), 3); } } - diff --git a/pki/base/common/src/com/netscape/cms/authentication/HashAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/HashAuthentication.java index 24a10e0a..4ef160ab 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/HashAuthentication.java +++ b/pki/base/common/src/com/netscape/cms/authentication/HashAuthentication.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - // ldap java sdk import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -40,11 +39,10 @@ import com.netscape.certsrv.base.IExtendedPluginInfo; import com.netscape.certsrv.logging.ILogger; import com.netscape.cmsutil.util.Utils; - /** * Hash uid/pwd directory based authentication manager * <P> - * + * * @version $Revision$, $Date$ */ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo { @@ -71,18 +69,18 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo { private ILogger mLogger = CMS.getLogger(); private static Vector mExtendedPluginInfo = null; private HashAuthData mHosts = null; - + static String[] mConfigParams = - new String[] {}; + new String[] {}; static { mExtendedPluginInfo = new Vector(); mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT + - ";Authenticate the username and password provided " + - "by the user against an LDAP directory. Works with the " + - "Dir Based Enrollment HTML form"); + ";Authenticate the username and password provided " + + "by the user against an LDAP directory. Works with the " + + "Dir Based Enrollment HTML form"); mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-authrules-uidpwddirauth"); + ";configuration-authrules-uidpwddirauth"); }; /** @@ -91,8 +89,8 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo { public HashAuthentication() { } - public void init(String name, String implName, IConfigStore config) - throws EBaseException { + public void init(String name, String implName, IConfigStore config) + throws EBaseException { mName = name; mImplName = implName; mConfig = config; @@ -124,7 +122,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo { } public void createEntry(String host, String dn, long timeout, - String secret, long lastLogin) { + String secret, long lastLogin) { Vector v = new Vector(); v.addElement(dn); @@ -141,7 +139,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo { public String getAgentName(String hostname) { return mHosts.getAgentName(hostname); } - + public void setAgentName(String hostname, String agentName) { mHosts.setAgentName(hostname, agentName); } @@ -184,7 +182,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, - level, msg); + level, msg); } public boolean validFingerprint(String host, String pageID, String uid, String fingerprint) { @@ -192,7 +190,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo { if (val.equals(fingerprint)) return true; - return false; + return false; } public Enumeration getHosts() { @@ -200,8 +198,8 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo { } public String hashFingerprint(String host, String pageID, String uid) { - byte[] hash = - mSHADigest.digest((SALT + pageID + getSecret(host) + uid).getBytes()); + byte[] hash = + mSHADigest.digest((SALT + pageID + getSecret(host) + uid).getBytes()); String b64E = com.netscape.osutil.OSUtil.BtoA(hash); return "{SHA}" + b64E; @@ -216,18 +214,18 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo { * @param authCreds The authentication credentials. * @return The user's ldap entry dn. * @exception EInvalidCredentials If the uid and password are not valid - * @exception EBaseException If an internal error occurs. + * @exception EBaseException If an internal error occurs. */ public IAuthToken authenticate(IAuthCredentials authCreds) - throws EBaseException { + throws EBaseException { AuthToken token = new AuthToken(this); String fingerprint = (String) authCreds.get(CRED_FINGERPRINT); String pageID = (String) authCreds.get(CRED_PAGEID); String uid = (String) authCreds.get(CRED_UID); String host = (String) authCreds.get(CRED_HOST); - if (fingerprint.equals("") || - !validFingerprint(host, pageID, uid, fingerprint)) { + if (fingerprint.equals("") || + !validFingerprint(host, pageID, uid, fingerprint)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_INVALID_FINGER_PRINT")); throw new EAuthException("Invalid Fingerprint"); } @@ -240,6 +238,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo { /** * Returns array of required credentials for this authentication manager. + * * @return Array of required credentials. */ public String[] getRequiredCreds() { @@ -248,6 +247,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo { /** * Gets the configuration substore used by this authentication manager + * * @return configuration store */ public IConfigStore getConfigStore() { @@ -276,14 +276,13 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo { } /** - * Returns a list of configuration parameter names. - * The list is passed to the configuration console so instances of - * this implementation can be configured through the console. - * + * Returns a list of configuration parameter names. The list is passed to + * the configuration console so instances of this implementation can be + * configured through the console. + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { return (mConfigParams); } } - diff --git a/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java b/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java index 56c8739a..491151bb 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java +++ b/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - // ldap java sdk import java.util.Enumeration; import java.util.Locale; @@ -49,26 +48,25 @@ import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.ldap.ILdapConnFactory; import com.netscape.certsrv.logging.ILogger; - /** * uid/pwd directory based authentication manager * <P> - * + * * @version $Revision$, $Date$ */ public class PortalEnroll extends DirBasedAuthentication { /* configuration parameter keys */ - protected static final String PROP_LDAPAUTH = "ldapauth"; - protected static final String PROP_AUTHTYPE = "authtype"; - protected static final String PROP_BINDDN = "bindDN"; - protected static final String PROP_BINDPW = "bindPW"; - protected static final String PROP_LDAPCONN = "ldapconn"; - protected static final String PROP_HOST = "host"; - protected static final String PROP_PORT = "port"; - protected static final String PROP_SECURECONN = "secureConn"; - protected static final String PROP_VERSION = "version"; - protected static final String PROP_OBJECTCLASS = "objectclass"; + protected static final String PROP_LDAPAUTH = "ldapauth"; + protected static final String PROP_AUTHTYPE = "authtype"; + protected static final String PROP_BINDDN = "bindDN"; + protected static final String PROP_BINDPW = "bindPW"; + protected static final String PROP_LDAPCONN = "ldapconn"; + protected static final String PROP_HOST = "host"; + protected static final String PROP_PORT = "port"; + protected static final String PROP_SECURECONN = "secureConn"; + protected static final String PROP_VERSION = "version"; + protected static final String PROP_OBJECTCLASS = "objectclass"; /* required credentials to authenticate. uid and pwd are strings. */ public static final String CRED_UID = "uid"; @@ -80,83 +78,84 @@ public class PortalEnroll extends DirBasedAuthentication { private String mObjectClass = null; private String mBindDN = null; private String mBaseDN = null; - private ILdapConnFactory mLdapFactory = null; - private LDAPConnection mLdapConn = null; + private ILdapConnFactory mLdapFactory = null; + private LDAPConnection mLdapConn = null; // contains all nested superiors' required attrs in the form of a - // vector of "required" attributes in Enumeration + // vector of "required" attributes in Enumeration Vector mRequiredAttrs = null; - + // contains all nested superiors' optional attrs in the form of a - // vector of "optional" attributes in Enumeration + // vector of "optional" attributes in Enumeration Vector mOptionalAttrs = null; // contains all the objclasses, including superiors and itself Vector mObjClasses = null; - - /* Holds configuration parameters accepted by this implementation. - * This list is passed to the configuration console so configuration - * for instances of this implementation can be configured through the - * console. + + /* + * Holds configuration parameters accepted by this implementation. This list + * is passed to the configuration console so configuration for instances of + * this implementation can be configured through the console. */ - protected static String[] mConfigParams = - new String[] { - PROP_DNPATTERN, - "ldap.ldapconn.host", - "ldap.ldapconn.port", - "ldap.ldapconn.secureConn", - "ldap.ldapconn.version", - "ldap.ldapauth.bindDN", - "ldap.ldapauth.bindPWPrompt", - "ldap.ldapauth.clientCertNickname", - "ldap.ldapauth.authtype", - "ldap.basedn", - "ldap.objectclass", - "ldap.minConns", - "ldap.maxConns", + protected static String[] mConfigParams = + new String[] { + PROP_DNPATTERN, + "ldap.ldapconn.host", + "ldap.ldapconn.port", + "ldap.ldapconn.secureConn", + "ldap.ldapconn.version", + "ldap.ldapauth.bindDN", + "ldap.ldapauth.bindPWPrompt", + "ldap.ldapauth.clientCertNickname", + "ldap.ldapauth.authtype", + "ldap.basedn", + "ldap.objectclass", + "ldap.minConns", + "ldap.maxConns", }; - + /** * Default constructor, initialization must follow. */ - public PortalEnroll() - throws EBaseException { + public PortalEnroll() + throws EBaseException { super(); } /** * Initializes the PortalEnrollment auth manager. * <p> + * * @param name - The name for this authentication manager instance. * @param implName - The name of the authentication manager plugin. * @param config - The configuration store for this instance. * @exception EBaseException If an error occurs during initialization. */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { super.init(name, implName, config); - + /* Get Bind DN for directory server */ mConfig = mLdapConfig.getSubStore(PROP_LDAPAUTH); mBindDN = mConfig.getString(PROP_BINDDN); - if ( (mBindDN == null) || (mBindDN.length() == 0) || (mBindDN == "")) + if ((mBindDN == null) || (mBindDN.length() == 0) || (mBindDN == "")) throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "binddn")); - - /* Get Bind DN for directory server */ + + /* Get Bind DN for directory server */ mBaseDN = mLdapConfig.getString(PROP_BASEDN); if ((mBaseDN == null) || (mBaseDN.length() == 0) || (mBaseDN == "")) throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "basedn")); - - /* Get Object clase name for enrollment */ + + /* Get Object clase name for enrollment */ mObjectClass = mLdapConfig.getString(PROP_OBJECTCLASS); - if (mObjectClass == null || mObjectClass.length() == 0) + if (mObjectClass == null || mObjectClass.length() == 0) throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "objectclass")); - /* Get connect parameter */ + /* Get connect parameter */ mLdapFactory = CMS.getLdapBoundConnFactory(); mLdapFactory.init(mLdapConfig); mLdapConn = mLdapFactory.getConn(); - + log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_PORTAL_INIT")); } @@ -166,18 +165,18 @@ public class PortalEnroll extends DirBasedAuthentication { * @param authCreds The authentication credentials. * @return The user's ldap entry dn. * @exception EInvalidCredentials If the uid and password are not valid - * @exception EBaseException If an internal error occurs. + * @exception EBaseException If an internal error occurs. */ - protected String authenticate(LDAPConnection conn, - IAuthCredentials authCreds, - AuthToken token) - throws EBaseException { + protected String authenticate(LDAPConnection conn, + IAuthCredentials authCreds, + AuthToken token) + throws EBaseException { String uid = null; String pwd = null; String dn = null; argblk = authCreds.getArgBlock(); - + // authenticate by binding to ldap server with password. try { // get the uid. @@ -185,7 +184,7 @@ public class PortalEnroll extends DirBasedAuthentication { if (uid == null) { throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID)); } - + // get the password. pwd = (String) authCreds.get(CRED_PWD); if (pwd == null) { @@ -206,8 +205,8 @@ public class PortalEnroll extends DirBasedAuthentication { throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "UID already exists.")); } else { dn = regist(token, uid); - if (dn == null) - throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE","Could not add user " + uid + ".")); + if (dn == null) + throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "Could not add user " + uid + ".")); } // bind as user dn and pwd - authenticates user with pwd. @@ -217,22 +216,21 @@ public class PortalEnroll extends DirBasedAuthentication { token.set(CRED_UID, uid); log(ILogger.LL_INFO, "portal authentication is done"); - + return dn; } catch (ELdapException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.toString())); throw e; } catch (LDAPException e) { switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - case LDAPException.LDAP_PARTIAL_RESULTS: + case LDAPException.NO_SUCH_OBJECT: + case LDAPException.LDAP_PARTIAL_RESULTS: log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_ADD_USER_ERROR", conn.getHost(), Integer.toString(conn.getPort()))); - throw new - EAuthInternalError(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", "Check Configuration detail.")); + throw new EAuthInternalError(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", "Check Configuration detail.")); case LDAPException.INVALID_CREDENTIALS: - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid)); + log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid)); throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); case LDAPException.SERVER_DOWN: @@ -240,24 +238,24 @@ public class PortalEnroll extends DirBasedAuthentication { throw new ELdapException( CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); - default: + default: log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.getMessage())); throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", - e.errorCodeToString())); + CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", + e.errorCodeToString())); } } catch (EBaseException e) { if (e.getMessage().equalsIgnoreCase(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND")) == true) log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_MAKE_DN_ERROR", e.toString())); throw e; - } + } } /** - * Returns a list of configuration parameter names. - * The list is passed to the configuration console so instances of - * this implementation can be configured through the console. - * + * Returns a list of configuration parameter names. The list is passed to + * the configuration console so instances of this implementation can be + * configured through the console. + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { @@ -267,43 +265,44 @@ public class PortalEnroll extends DirBasedAuthentication { public String[] getExtendedPluginInfo(Locale locale) { String[] s = { PROP_DNPATTERN + ";string;Template for cert" + - " Subject Name. ($dn.xxx - get value from user's LDAP " + - "DN. $attr.yyy - get value from LDAP attributes in " + - "user's entry.) Default: " + DEFAULT_DNPATTERN, + " Subject Name. ($dn.xxx - get value from user's LDAP " + + "DN. $attr.yyy - get value from LDAP attributes in " + + "user's entry.) Default: " + DEFAULT_DNPATTERN, "ldap.ldapconn.host;string,required;" + "LDAP host to connect to", "ldap.ldapconn.port;number,required;" + "LDAP port number (default 389, or 636 if SSL)", "ldap.objectclass;string,required;SEE DOCUMENTATION for Object Class. " - + "Default is inetOrgPerson.", + + "Default is inetOrgPerson.", "ldap.ldapconn.secureConn;boolean;" + "Use SSL to connect to directory?", "ldap.ldapconn.version;choice(3,2);" + "LDAP protocol version", "ldap.ldapauth.bindDN;string,required;DN to bind as for Directory Manager. " - + "For example 'CN=Directory Manager'", + + "For example 'CN=Directory Manager'", "ldap.ldapauth.bindPWPrompt;password;Enter password used to bind as " + - "the above user", + "the above user", "ldap.ldapauth.authtype;choice(BasicAuth,SslClientAuth);" - + "How to bind to the directory (for pin removal only)", + + "How to bind to the directory (for pin removal only)", "ldap.ldapauth.clientCertNickname;string;If you want to use " - + "SSL client auth to the directory, set the client " - + "cert nickname here", + + "SSL client auth to the directory, set the client " + + "cert nickname here", "ldap.basedn;string,required;Base DN to start searching " + - "under. If your user's DN is 'uid=jsmith, o=company', you " + - "might want to use 'o=company' here", + "under. If your user's DN is 'uid=jsmith, o=company', you " + + "might want to use 'o=company' here", "ldap.minConns;number;number of connections " + - "to keep open to directory server", + "to keep open to directory server", "ldap.maxConns;number;when needed, connection " + - "pool can grow to this many connections", + "pool can grow to this many connections", IExtendedPluginInfo.HELP_TEXT + - ";This authentication plugin checks to see if a user " + - "exists in the directory. If not, then the user is created " + - "with the requested password.", + ";This authentication plugin checks to see if a user " + + "exists in the directory. If not, then the user is created " + + "with the requested password.", IExtendedPluginInfo.HELP_TOKEN + ";configuration-authrules-portalauth" }; - + return s; } /** * Returns array of required credentials for this authentication manager. + * * @return Array of required credentials. */ public String[] getRequiredCreds() { @@ -312,6 +311,7 @@ public class PortalEnroll extends DirBasedAuthentication { /** * adds a user to the directory. + * * @return dn upon success and null upon failure. * @param token authentication token * @param uid the user's id. @@ -321,7 +321,7 @@ public class PortalEnroll extends DirBasedAuthentication { /* Specify the attributes of the entry */ Vector objectclass_values = null; - + LDAPAttributeSet attrs = new LDAPAttributeSet(); LDAPAttribute attr = new LDAPAttribute("objectclass"); @@ -334,8 +334,10 @@ public class PortalEnroll extends DirBasedAuthentication { try { - /* Construct a new LDAPSchema object to hold - the schema that you want to retrieve. */ + /* + * Construct a new LDAPSchema object to hold the schema that you + * want to retrieve. + */ dirSchema = new LDAPSchema(); /* Get the schema from the Directory. Anonymous access okay. */ @@ -369,7 +371,7 @@ public class PortalEnroll extends DirBasedAuthentication { } catch (EBaseException e) { if (e.getMessage().equalsIgnoreCase(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND")) == true) continue; - } + } CMS.debug("PortalEnroll: " + attrname + " = " + attrval); attrs.add(new LDAPAttribute(attrname, attrval)); @@ -386,17 +388,17 @@ public class PortalEnroll extends DirBasedAuthentication { while (attrnames.hasMoreElements()) { String attrname = (String) attrnames.nextElement(); String attrval = null; - + CMS.debug("PortalEnroll: attrname is: " + attrname); try { attrval = (String) argblk.getValueAsString(attrname); } catch (EBaseException e) { if (e.getMessage().equalsIgnoreCase(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND")) == true) continue; - } + } CMS.debug("PortalEnroll: " + attrname + " = " + attrval); if (attrval != null) { - attrs.add(new LDAPAttribute(attrname, attrval)); + attrs.add(new LDAPAttribute(attrname, attrval)); } } } @@ -417,15 +419,15 @@ public class PortalEnroll extends DirBasedAuthentication { } log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_REGISTRATION_DONE")); - + return dn; } /* - * get the superiors of "inetOrgPerson" so the "required - * attributes", "optional qttributes", and "object classes" are complete; - * should build up - * mRequiredAttrs, mOptionalAttrs, and mObjClasses when returned + * get the superiors of "inetOrgPerson" so the "required + * attributes", "optional qttributes", and "object classes" are complete; + * should build up mRequiredAttrs, mOptionalAttrs, and mObjClasses when + * returned */ public void initLdapAttrs(LDAPSchema dirSchema, String oclass) { CMS.debug("PortalEnroll: in initLdapAttrsAttrs"); @@ -461,4 +463,3 @@ public class PortalEnroll extends DirBasedAuthentication { } } } - diff --git a/pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java b/pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java index 1f21bc1d..cb028216 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java +++ b/pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - import java.io.IOException; import java.io.PushbackReader; import java.io.StringReader; @@ -29,24 +28,27 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.EAuthException; import com.netscape.certsrv.base.EBaseException; - /** - * class for parsing a DN pattern used to construct a certificate - * subject name from ldap attributes and dn.<p> + * class for parsing a DN pattern used to construct a certificate subject name + * from ldap attributes and dn. + * <p> * - * dnpattern is a string representing a subject name pattern to formulate from - * the directory attributes and entry dn. If empty or not set, the - * ldap entry DN will be used as the certificate subject name. <p> + * dnpattern is a string representing a subject name pattern to formulate from + * the directory attributes and entry dn. If empty or not set, the ldap entry DN + * will be used as the certificate subject name. + * <p> + * + * The syntax is * - * The syntax is * <pre> - * dnPattern := rdnPattern *[ "," rdnPattern ] - * rdnPattern := avaPattern *[ "+" avaPattern ] + * dnPattern := rdnPattern *[ "," rdnPattern ] + * rdnPattern := avaPattern *[ "+" avaPattern ] * avaPattern := name "=" value | - * name "=" "$attr" "." attrName [ "." attrNumber ] | - * name "=" "$dn" "." attrName [ "." attrNumber ] | - * "$dn" "." "$rdn" "." number + * name "=" "$attr" "." attrName [ "." attrNumber ] | + * name "=" "$dn" "." attrName [ "." attrNumber ] | + * "$dn" "." "$rdn" "." number * </pre> + * * <pre> * Example1: <i>E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US </i> * Ldap entry: dn: UID=jjames, OU=IS, OU=people, O=acme.org @@ -73,11 +75,12 @@ import com.netscape.certsrv.base.EBaseException; * E = the first 'mail' ldap attribute value in user's entry. <br> * CN = the (first) 'cn' ldap attribute value in the user's entry. <br> * OU = the second 'ou' value in the user's entry DN. note multiple AVAs - * in a RDN in this example. <br> + * in a RDN in this example. <br> * O = the (first) 'o' value in the user's entry DN. <br> * C = the string "US" * <p> * </pre> + * * <pre> * Example3: <i>CN=$attr.cn, $rdn.2, O=$dn.o, C=US</i> * Ldap entry: dn: UID=jjames, OU=IS+OU=people, O=acme.org @@ -102,15 +105,16 @@ import com.netscape.certsrv.base.EBaseException; * <p> * CN = the (first) 'cn' ldap attribute value in the user's entry. <br> * OU = the second 'ou' value in the user's entry DN followed by the - * first 'ou' value in the user's entry. note multiple AVAs - * in a RDN in this example. <br> + * first 'ou' value in the user's entry. note multiple AVAs + * in a RDN in this example. <br> * O = the (first) 'o' value in the user's entry DN. <br> * C = the string "US" * <p> * </pre> - * If an attribute or subject DN component does not exist the attribute - * is skipped. - * + * + * If an attribute or subject DN component does not exist the attribute is + * skipped. + * * @version $Revision$, $Date$ */ class RDNPattern { @@ -126,15 +130,16 @@ class RDNPattern { protected String mTestDN = null; - /** + /** * Construct a DN pattern by parsing a pattern string. + * * @param pattenr the DN pattern - * @exception EBaseException If parsing error occurs. + * @exception EBaseException If parsing error occurs. */ public RDNPattern(String pattern) - throws EAuthException { + throws EAuthException { if (pattern == null || pattern.equals("")) { - // create an attribute list that is the dn. + // create an attribute list that is the dn. mLdapAttrs = new String[] { "dn" }; } else { mPatternString = pattern; @@ -145,16 +150,16 @@ class RDNPattern { } /** - * Construct a DN pattern from a input stream of pattern + * Construct a DN pattern from a input stream of pattern */ - public RDNPattern(PushbackReader in) - throws EAuthException { + public RDNPattern(PushbackReader in) + throws EAuthException { parse(in); } private void parse(PushbackReader in) - throws EAuthException { - //System.out.println("_________ begin rdn _________"); + throws EAuthException { + // System.out.println("_________ begin rdn _________"); Vector avaPatterns = new Vector(); AVAPattern avaPattern = null; int lastChar; @@ -162,22 +167,21 @@ class RDNPattern { do { avaPattern = new AVAPattern(in); avaPatterns.addElement(avaPattern); - //System.out.println("added AVAPattern"+ - //" mType "+avaPattern.mType+ - //" mAttr "+avaPattern.mAttr+ - //" mValue "+avaPattern.mValue+ - //" mElement "+avaPattern.mElement); - try { - lastChar = in.read(); + // System.out.println("added AVAPattern"+ + // " mType "+avaPattern.mType+ + // " mAttr "+avaPattern.mAttr+ + // " mValue "+avaPattern.mValue+ + // " mElement "+avaPattern.mElement); + try { + lastChar = in.read(); } catch (IOException e) { throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString())); } - } - while (lastChar == '+'); + } while (lastChar == '+'); if (lastChar != -1) { try { - in.unread(lastChar); // pushback last , + in.unread(lastChar); // pushback last , } catch (IOException e) { throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString())); } @@ -191,7 +195,7 @@ class RDNPattern { for (int i = 0; i < mAVAPatterns.length; i++) { String avaAttr = mAVAPatterns[i].getLdapAttr(); - if (avaAttr == null || avaAttr.length() == 0) + if (avaAttr == null || avaAttr.length() == 0) continue; ldapAttrs.addElement(avaAttr); } @@ -201,15 +205,16 @@ class RDNPattern { /** * Form a Ldap v3 DN string from results of a ldap search. + * * @param entry LDAPentry from a ldap search - * @return Ldap v3 DN string to use for a subject name. + * @return Ldap v3 DN string to use for a subject name. */ public String formRDN(LDAPEntry entry) - throws EAuthException { + throws EAuthException { StringBuffer formedRDN = new StringBuffer(); for (int i = 0; i < mAVAPatterns.length; i++) { - if (mTestDN != null) + if (mTestDN != null) mAVAPatterns[i].mTestDN = mTestDN; String ava = mAVAPatterns[i].formAVA(entry); @@ -219,7 +224,7 @@ class RDNPattern { formedRDN.append(ava); } } - //System.out.println("formed RDN "+formedRDN.toString()); + // System.out.println("formed RDN "+formedRDN.toString()); return formedRDN.toString(); } diff --git a/pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java index e73a112c..50bdeab0 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java +++ b/pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - import java.security.Principal; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -47,15 +46,14 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.usrgrp.Certificates; - /** - * Certificate server SSL client authentication. - * + * Certificate server SSL client authentication. + * * @author Christina Fu - * <P> - * + * <P> + * */ -public class SSLclientCertAuthentication implements IAuthManager, +public class SSLclientCertAuthentication implements IAuthManager, IProfileAuthenticator { /* result auth token attributes */ @@ -86,19 +84,20 @@ public class SSLclientCertAuthentication implements IAuthManager, /** * initializes the SSLClientCertAuthentication auth manager * <p> - * called by AuthSubsystem init() method, when initializing - * all available authentication managers. + * called by AuthSubsystem init() method, when initializing all available + * authentication managers. + * * @param name The name of this authentication manager instance. * @param implName The name of the authentication manager plugin. * @param config The configuration store for this authentication manager. */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; } - + /** * Gets the name of this authentication manager. */ @@ -112,7 +111,7 @@ public class SSLclientCertAuthentication implements IAuthManager, public String getImplName() { return mImplName; } - + public boolean isSSLClientRequired() { return true; } @@ -120,29 +119,29 @@ public class SSLclientCertAuthentication implements IAuthManager, /** * authenticates user by certificate * <p> - * called by other subsystems or their servlets to authenticate - * users - * @param authCred - authentication credential that contains - * an usrgrp.Certificates of the user (agent) + * called by other subsystems or their servlets to authenticate users + * + * @param authCred - authentication credential that contains an + * usrgrp.Certificates of the user (agent) * @return the authentication token that contains the following - * + * * @exception EMissingCredential If a required credential for this - * authentication manager is missing. + * authentication manager is missing. * @exception EInvalidCredentials If credentials cannot be authenticated. * @exception EBaseException If an internal error occurred. * @see com.netscape.certsrv.authentication.AuthToken * @see com.netscape.certsrv.usrgrp.Certificates */ public IAuthToken authenticate(IAuthCredentials authCred) - throws EMissingCredential, EInvalidCredentials, EBaseException { - + throws EMissingCredential, EInvalidCredentials, EBaseException { + CMS.debug("SSLclientCertAuthentication: start"); - CMS.debug("authenticator instance name is "+getName()); + CMS.debug("authenticator instance name is " + getName()); // force SSL handshake SessionContext context = SessionContext.getExistingContext(); ISSLClientCertProvider provider = (ISSLClientCertProvider) - context.get("sslClientCertProvider"); + context.get("sslClientCertProvider"); if (provider == null) { CMS.debug("SSLclientCertAuthentication: No SSL Client Cert Provider Found"); @@ -173,7 +172,7 @@ public class SSLclientCertAuthentication implements IAuthManager, // find out which one is the leaf cert clientCert = ci[i]; - byte [] extBytes = clientCert.getExtensionValue("2.5.29.19"); + byte[] extBytes = clientCert.getExtensionValue("2.5.29.19"); // try to see if this is a leaf cert // look for BasicConstraint extension if (extBytes == null) { @@ -186,24 +185,24 @@ public class SSLclientCertAuthentication implements IAuthManager, // so it's not likely to be a leaf cert, // however, check the isCA field regardless try { - BasicConstraintsExtension bce = - new BasicConstraintsExtension(true, extBytes); - if (bce != null) { - if (!(Boolean)bce.get("is_ca")) { - CMS.debug("SSLclientCertAuthentication: authenticate: found CA cert in chain"); - break; - } // else found a ca cert, continue - } - } catch (Exception e) { - CMS.debug("SSLclientCertAuthentication: authenticate: exception:"+ + BasicConstraintsExtension bce = + new BasicConstraintsExtension(true, extBytes); + if (bce != null) { + if (!(Boolean) bce.get("is_ca")) { + CMS.debug("SSLclientCertAuthentication: authenticate: found CA cert in chain"); + break; + } // else found a ca cert, continue + } + } catch (Exception e) { + CMS.debug("SSLclientCertAuthentication: authenticate: exception:" + e.toString()); - throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); - } - } + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + } + } } if (clientCert == null) { - CMS.debug("SSLclientCertAuthentication: authenticate: client cert not found"); - throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + CMS.debug("SSLclientCertAuthentication: authenticate: client cert not found"); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } } catch (CertificateException e) { CMS.debug(e.toString()); @@ -213,15 +212,15 @@ public class SSLclientCertAuthentication implements IAuthManager, // check if certificate(s) is revoked boolean checkRevocation = true; try { - checkRevocation = mConfig.getBoolean("checkRevocation", true); + checkRevocation = mConfig.getBoolean("checkRevocation", true); } catch (EBaseException e) { - // do nothing; default to true + // do nothing; default to true } if (checkRevocation) { - if (CMS.isRevoked(ci)) { - CMS.debug("SSLclientCertAuthentication: certificate revoked"); - throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); - } + if (CMS.isRevoked(ci)) { + CMS.debug("SSLclientCertAuthentication: certificate revoked"); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + } } Certificates certs = new Certificates(ci); Principal p_dn = clientCert.getSubjectDN(); @@ -232,13 +231,13 @@ public class SSLclientCertAuthentication implements IAuthManager, authToken.set(TOKEN_UID, uid); authToken.set(TOKEN_USERID, uid); } -/* - authToken.set(TOKEN_USER_DN, user.getUserDN()); - authToken.set(TOKEN_USERID, user.getUserID()); - authToken.set(TOKEN_UID, user.getUserID()); - authToken.set(TOKEN_GROUP, groupname); -*/ - authToken.set(CRED_CERT, certs); + /* + * authToken.set(TOKEN_USER_DN, user.getUserDN()); + * authToken.set(TOKEN_USERID, user.getUserID()); + * authToken.set(TOKEN_UID, user.getUserID()); + * authToken.set(TOKEN_GROUP, groupname); + */ + authToken.set(CRED_CERT, certs); CMS.debug("SSLclientCertAuthentication: authenticated "); @@ -257,7 +256,7 @@ public class SSLclientCertAuthentication implements IAuthManager, String n = t.substring(0, i); if (n.equalsIgnoreCase("uid")) { String v = t.substring(i + 1); - CMS.debug("SSLclientCertAuthentication: getUidFromDN(): uid found:"+v); + CMS.debug("SSLclientCertAuthentication: getUidFromDN(): uid found:" + v); return v; } else { continue; @@ -267,11 +266,12 @@ public class SSLclientCertAuthentication implements IAuthManager, } /** - * get the list of authentication credential attribute names - * required by this authentication manager. Generally used by - * the servlets that handle agent operations to authenticate its - * users. It calls this method to know which are the - * required credentials from the user (e.g. Javascript form data) + * get the list of authentication credential attribute names required by + * this authentication manager. Generally used by the servlets that handle + * agent operations to authenticate its users. It calls this method to know + * which are the required credentials from the user (e.g. Javascript form + * data) + * * @return attribute names in Vector */ public String[] getRequiredCreds() { @@ -279,15 +279,15 @@ public class SSLclientCertAuthentication implements IAuthManager, } /** - * get the list of configuration parameter names - * required by this authentication manager. Generally used by - * the Certificate Server Console to display the table for - * configuration purposes. CertUserDBAuthentication is currently not - * exposed in this case, so this method is not to be used. - * @return configuration parameter names in Hashtable of Vectors - * where each hashtable entry's key is the substore name, value is a - * Vector of parameter names. If no substore, the parameter name - * is the Hashtable key itself, with value same as key. + * get the list of configuration parameter names required by this + * authentication manager. Generally used by the Certificate Server Console + * to display the table for configuration purposes. CertUserDBAuthentication + * is currently not exposed in this case, so this method is not to be used. + * + * @return configuration parameter names in Hashtable of Vectors where each + * hashtable entry's key is the substore name, value is a Vector of + * parameter names. If no substore, the parameter name is the + * Hashtable key itself, with value same as key. */ public String[] getConfigParams() { return (mConfigParams); @@ -300,8 +300,8 @@ public class SSLclientCertAuthentication implements IAuthManager, } /** - * gets the configuretion substore used by this authentication - * manager + * gets the configuretion substore used by this authentication manager + * * @return configuration store */ public IConfigStore getConfigStore() { @@ -311,7 +311,7 @@ public class SSLclientCertAuthentication implements IAuthManager, // Profile-related methods public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { } /** @@ -340,15 +340,14 @@ public class SSLclientCertAuthentication implements IAuthManager, } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { return null; } public void populate(IAuthToken token, IRequest request) - throws EProfileException { + throws EProfileException { request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, token.getInString(TOKEN_USERDN)); request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, diff --git a/pki/base/common/src/com/netscape/cms/authentication/SharedSecret.java b/pki/base/common/src/com/netscape/cms/authentication/SharedSecret.java index 8b0a7b9b..7a0784c5 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/SharedSecret.java +++ b/pki/base/common/src/com/netscape/cms/authentication/SharedSecret.java @@ -26,7 +26,7 @@ import com.netscape.certsrv.authentication.ISharedToken; public class SharedSecret implements ISharedToken { public SharedSecret() { - } + } public String getSharedToken(PKIData cmcdata) { return "testing"; diff --git a/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java index bb393767..001415be 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java +++ b/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java @@ -46,13 +46,12 @@ import com.netscape.cmsutil.http.JssSSLSocketFactory; import com.netscape.cmsutil.xml.XMLObject; /** - * Token authentication. - * Checked if the given token is valid. + * Token authentication. Checked if the given token is valid. * <P> - * + * * @version $Revision$, $Date$ */ -public class TokenAuthentication implements IAuthManager, +public class TokenAuthentication implements IAuthManager, IProfileAuthenticator { /* result auth token attributes */ @@ -79,21 +78,22 @@ public class TokenAuthentication implements IAuthManager, /** * initializes the TokenAuthentication auth manager * <p> - * called by AuthSubsystem init() method, when initializing - * all available authentication managers. + * called by AuthSubsystem init() method, when initializing all available + * authentication managers. + * * @param name The name of this authentication manager instance. * @param implName The name of the authentication manager plugin. * @param config The configuration store for this authentication manager. */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; mUGSub = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); } - + /** * Gets the name of this authentication manager. */ @@ -107,7 +107,7 @@ public class TokenAuthentication implements IAuthManager, public String getImplName() { return mImplName; } - + public boolean isSSLClientRequired() { return false; } @@ -115,21 +115,22 @@ public class TokenAuthentication implements IAuthManager, /** * authenticates user(agent) by certificate * <p> - * called by other subsystems or their servlets to authenticate - * users (agents) - * @param authCred - authentication credential that contains - * an usrgrp.Certificates of the user (agent) + * called by other subsystems or their servlets to authenticate users + * (agents) + * + * @param authCred - authentication credential that contains an + * usrgrp.Certificates of the user (agent) * @return the authentication token that contains the following - * @exception EMissingCredential If a required credential for this - * authentication manager is missing. + * @exception EMissingCredential If a required credential for this + * authentication manager is missing. * @exception EInvalidCredentials If credentials cannot be authenticated. * @exception EBaseException If an internal error occurred. * @see com.netscape.certsrv.authentication.AuthToken * @see com.netscape.certsrv.usrgrp.Certificates */ public IAuthToken authenticate(IAuthCredentials authCred) - throws EMissingCredential, EInvalidCredentials, EBaseException { - + throws EMissingCredential, EInvalidCredentials, EBaseException { + CMS.debug("TokenAuthentication: start"); // force SSL handshake @@ -141,8 +142,8 @@ public class TokenAuthentication implements IAuthManager, // get group name from configuration file IConfigStore sconfig = CMS.getConfigStore(); - String sessionId = (String)authCred.get(CRED_SESSION_ID); - String givenHost = (String)authCred.get("clientHost"); + String sessionId = (String) authCred.get(CRED_SESSION_ID); + String givenHost = (String) authCred.get("clientHost"); String auth_host = sconfig.getString("securitydomain.host"); int auth_port = sconfig.getInteger("securitydomain.httpseeport"); @@ -151,7 +152,7 @@ public class TokenAuthentication implements IAuthManager, try { JssSSLSocketFactory factory = new JssSSLSocketFactory(); httpclient = new HttpClient(factory); - String content = CRED_SESSION_ID+"="+sessionId+"&hostname="+givenHost; + String content = CRED_SESSION_ID + "=" + sessionId + "&hostname=" + givenHost; CMS.debug("TokenAuthentication: content=" + content); httpclient.connect(auth_host, auth_port); HttpRequest httprequest = new HttpRequest(); @@ -165,8 +166,8 @@ public class TokenAuthentication implements IAuthManager, HttpResponse httpresponse = httpclient.send(httprequest); c = httpresponse.getContent(); - } catch (Exception e) { - CMS.debug("TokenAuthentication authenticate Exception="+e.toString()); + } catch (Exception e) { + CMS.debug("TokenAuthentication authenticate Exception=" + e.toString()); } if (c != null) { @@ -177,9 +178,9 @@ public class TokenAuthentication implements IAuthManager, try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "TokenAuthentication::authenticate() - " - + "Exception="+e.toString() ); - throw new EBaseException( e.toString() ); + CMS.debug("TokenAuthentication::authenticate() - " + + "Exception=" + e.toString()); + throw new EBaseException(e.toString()); } String status = parser.getValue("Status"); @@ -195,13 +196,13 @@ public class TokenAuthentication implements IAuthManager, authToken.set(TOKEN_UID, uid); authToken.set(TOKEN_GID, gid); - if(context != null) { + if (context != null) { CMS.debug("SessionContext.USER_ID " + uid + " SessionContext.GROUP_ID " + gid); - context.put(SessionContext.USER_ID, uid ); - context.put(SessionContext.GROUP_ID, gid ); + context.put(SessionContext.USER_ID, uid); + context.put(SessionContext.GROUP_ID, gid); } - CMS.debug("TokenAuthentication: authenticated uid="+uid+", gid="+gid); + CMS.debug("TokenAuthentication: authenticated uid=" + uid + ", gid=" + gid); } catch (EBaseException e) { throw e; } catch (Exception e) { @@ -212,11 +213,12 @@ public class TokenAuthentication implements IAuthManager, } /** - * get the list of authentication credential attribute names - * required by this authentication manager. Generally used by - * the servlets that handle agent operations to authenticate its - * users. It calls this method to know which are the - * required credentials from the user (e.g. Javascript form data) + * get the list of authentication credential attribute names required by + * this authentication manager. Generally used by the servlets that handle + * agent operations to authenticate its users. It calls this method to know + * which are the required credentials from the user (e.g. Javascript form + * data) + * * @return attribute names in Vector */ public String[] getRequiredCreds() { @@ -224,15 +226,15 @@ public class TokenAuthentication implements IAuthManager, } /** - * get the list of configuration parameter names - * required by this authentication manager. Generally used by - * the Certificate Server Console to display the table for - * configuration purposes. CertUserDBAuthentication is currently not - * exposed in this case, so this method is not to be used. - * @return configuration parameter names in Hashtable of Vectors - * where each hashtable entry's key is the substore name, value is a - * Vector of parameter names. If no substore, the parameter name - * is the Hashtable key itself, with value same as key. + * get the list of configuration parameter names required by this + * authentication manager. Generally used by the Certificate Server Console + * to display the table for configuration purposes. CertUserDBAuthentication + * is currently not exposed in this case, so this method is not to be used. + * + * @return configuration parameter names in Hashtable of Vectors where each + * hashtable entry's key is the substore name, value is a Vector of + * parameter names. If no substore, the parameter name is the + * Hashtable key itself, with value same as key. */ public String[] getConfigParams() { return (mConfigParams); @@ -245,8 +247,8 @@ public class TokenAuthentication implements IAuthManager, } /** - * gets the configuretion substore used by this authentication - * manager + * gets the configuretion substore used by this authentication manager + * * @return configuration store */ public IConfigStore getConfigStore() { @@ -256,7 +258,7 @@ public class TokenAuthentication implements IAuthManager, // Profile-related methods public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { } /** @@ -288,14 +290,13 @@ public class TokenAuthentication implements IAuthManager, } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { return null; } public void populate(IAuthToken token, IRequest request) - throws EProfileException { + throws EProfileException { } } diff --git a/pki/base/common/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java index 565bca1a..3a20a994 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java +++ b/pki/base/common/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - // ldap java sdk import netscape.ldap.LDAPConnection; import netscape.ldap.LDAPException; @@ -33,11 +32,10 @@ import com.netscape.certsrv.base.IExtendedPluginInfo; import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.logging.ILogger; - /** * udn/pwd directory based authentication manager * <P> - * + * * @version $Revision$, $Date$ */ public class UdnPwdDirAuthentication extends DirBasedAuthentication { @@ -47,30 +45,30 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication { public static final String CRED_PWD = "pwd"; protected static String[] mRequiredCreds = { CRED_UDN, CRED_PWD }; - /* Holds configuration parameters accepted by this implementation. - * This list is passed to the configuration console so configuration - * for instances of this implementation can be configured through the - * console. + /* + * Holds configuration parameters accepted by this implementation. This list + * is passed to the configuration console so configuration for instances of + * this implementation can be configured through the console. */ - protected static String[] mConfigParams = - new String[] { PROP_DNPATTERN, - PROP_LDAPSTRINGATTRS, - PROP_LDAPBYTEATTRS, - "ldap.ldapconn.host", - "ldap.ldapconn.port", - "ldap.ldapconn.secureConn", - "ldap.ldapconn.version", - "ldap.minConns", - "ldap.maxConns", + protected static String[] mConfigParams = + new String[] { PROP_DNPATTERN, + PROP_LDAPSTRINGATTRS, + PROP_LDAPBYTEATTRS, + "ldap.ldapconn.host", + "ldap.ldapconn.port", + "ldap.ldapconn.secureConn", + "ldap.ldapconn.version", + "ldap.minConns", + "ldap.maxConns", }; static { mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT + - ";Authenticate the user distinguished name and password provided " + - "by the user against an LDAP directory. Works with the " + - "Dir Based Enrollment HTML form"); + ";Authenticate the user distinguished name and password provided " + + "by the user against an LDAP directory. Works with the " + + "Dir Based Enrollment HTML form"); mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-authentication"); + ";configuration-authentication"); }; /** @@ -83,13 +81,14 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication { /** * Initializes the UdnPwdDirAuthentication auth manager. * <p> + * * @param name - The name for this authentication manager instance. * @param implName - The name of the authentication manager plugin. * @param config - The configuration store for this instance. * @exception EBaseException If an error occurs during initialization. */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { super.init(name, implName, config, false); } @@ -99,12 +98,12 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication { * @param authCreds The authentication credentials. * @return The user's ldap entry dn. * @exception EInvalidCredentials If the udn and password are not valid - * @exception EBaseException If an internal error occurs. + * @exception EBaseException If an internal error occurs. */ - protected String authenticate(LDAPConnection conn, - IAuthCredentials authCreds, - AuthToken token) - throws EBaseException { + protected String authenticate(LDAPConnection conn, + IAuthCredentials authCreds, + AuthToken token) + throws EBaseException { String userdn = null; // authenticate by binding to ldap server with password. @@ -114,7 +113,7 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication { if (userdn == null) { throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UDN)); } - + // get the password. String pwd = (String) authCreds.get(CRED_PWD); @@ -123,8 +122,8 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication { } if (pwd.equals("")) { // anonymous binding not allowed - log(ILogger.LL_FAILURE, - "user " + userdn + " attempted login with empty password."); + log(ILogger.LL_FAILURE, + "user " + userdn + " attempted login with empty password."); throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } @@ -135,21 +134,21 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication { return userdn; } catch (ELdapException e) { - log(ILogger.LL_FAILURE, - "Couldn't get ldap connection. Error: " + e.toString()); + log(ILogger.LL_FAILURE, + "Couldn't get ldap connection. Error: " + e.toString()); throw e; } catch (LDAPException e) { switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - case LDAPException.LDAP_PARTIAL_RESULTS: - log(ILogger.LL_SECURITY, - "user " + userdn + " does not exist in ldap server host " + - conn.getHost() + ", port " + conn.getPort() + "."); + case LDAPException.NO_SUCH_OBJECT: + case LDAPException.LDAP_PARTIAL_RESULTS: + log(ILogger.LL_SECURITY, + "user " + userdn + " does not exist in ldap server host " + + conn.getHost() + ", port " + conn.getPort() + "."); throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); case LDAPException.INVALID_CREDENTIALS: - log(ILogger.LL_SECURITY, - "authenticate user " + userdn + " with bad password."); + log(ILogger.LL_SECURITY, + "authenticate user " + userdn + " with bad password."); throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); case LDAPException.SERVER_DOWN: @@ -157,21 +156,21 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication { throw new ELdapException( CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); - default: - log(ILogger.LL_FAILURE, - "Ldap error encountered. " + e.getMessage()); + default: + log(ILogger.LL_FAILURE, + "Ldap error encountered. " + e.getMessage()); throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", - e.errorCodeToString())); + CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", + e.errorCodeToString())); } - } + } } /** - * Returns a list of configuration parameter names. - * The list is passed to the configuration console so instances of - * this implementation can be configured through the console. - * + * Returns a list of configuration parameter names. The list is passed to + * the configuration console so instances of this implementation can be + * configured through the console. + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { @@ -180,6 +179,7 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication { /** * Returns array of required credentials for this authentication manager. + * * @return Array of required credentials. */ public String[] getRequiredCreds() { @@ -187,4 +187,3 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication { } } - diff --git a/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java index e97fee8b..61333345 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java +++ b/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - // ldap java sdk import java.util.Enumeration; import java.util.Locale; @@ -47,46 +46,45 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * uid/pwd directory based authentication manager * <P> - * + * * @version $Revision$, $Date$ */ -public class UidPwdDirAuthentication extends DirBasedAuthentication - implements IProfileAuthenticator { +public class UidPwdDirAuthentication extends DirBasedAuthentication + implements IProfileAuthenticator { /* required credentials to authenticate. uid and pwd are strings. */ public static final String CRED_UID = "uid"; public static final String CRED_PWD = "pwd"; protected static String[] mRequiredCreds = { CRED_UID, CRED_PWD }; - /* Holds configuration parameters accepted by this implementation. - * This list is passed to the configuration console so configuration - * for instances of this implementation can be configured through the - * console. + /* + * Holds configuration parameters accepted by this implementation. This list + * is passed to the configuration console so configuration for instances of + * this implementation can be configured through the console. */ - protected static String[] mConfigParams = - new String[] { PROP_DNPATTERN, - PROP_LDAPSTRINGATTRS, - PROP_LDAPBYTEATTRS, - "ldap.ldapconn.host", - "ldap.ldapconn.port", - "ldap.ldapconn.secureConn", - "ldap.ldapconn.version", - "ldap.basedn", - "ldap.minConns", - "ldap.maxConns", + protected static String[] mConfigParams = + new String[] { PROP_DNPATTERN, + PROP_LDAPSTRINGATTRS, + PROP_LDAPBYTEATTRS, + "ldap.ldapconn.host", + "ldap.ldapconn.port", + "ldap.ldapconn.secureConn", + "ldap.ldapconn.version", + "ldap.basedn", + "ldap.minConns", + "ldap.maxConns", }; static { mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT + - ";Authenticate the username and password provided " + - "by the user against an LDAP directory. Works with the " + - "Dir Based Enrollment HTML form"); + ";Authenticate the username and password provided " + + "by the user against an LDAP directory. Works with the " + + "Dir Based Enrollment HTML form"); mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-authrules-uidpwddirauth"); + ";configuration-authrules-uidpwddirauth"); }; /** @@ -102,12 +100,12 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication * @param authCreds The authentication credentials. * @return The user's ldap entry dn. * @exception EInvalidCredentials If the uid and password are not valid - * @exception EBaseException If an internal error occurs. + * @exception EBaseException If an internal error occurs. */ - protected String authenticate(LDAPConnection conn, - IAuthCredentials authCreds, - AuthToken token) - throws EBaseException { + protected String authenticate(LDAPConnection conn, + IAuthCredentials authCreds, + AuthToken token) + throws EBaseException { String userdn = null; String uid = null; @@ -119,12 +117,12 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication if (uid == null) { throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID)); } - + // get the password. String pwd = (String) authCreds.get(CRED_PWD); if (pwd == null) { - throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL",CRED_PWD)); + throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD)); } if (pwd.equals("")) { // anonymous binding not allowed @@ -133,13 +131,13 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication } // get user dn. - CMS.debug("Authenticating: Searching for UID=" + uid + + CMS.debug("Authenticating: Searching for UID=" + uid + " base DN=" + mBaseDN); LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null, false); if (res.hasMoreElements()) { - //LDAPEntry entry = (LDAPEntry)res.nextElement(); + // LDAPEntry entry = (LDAPEntry)res.nextElement(); LDAPEntry entry = res.next(); userdn = entry.getDN(); @@ -160,8 +158,8 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication throw e; } catch (LDAPException e) { switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - case LDAPException.LDAP_PARTIAL_RESULTS: + case LDAPException.NO_SUCH_OBJECT: + case LDAPException.LDAP_PARTIAL_RESULTS: log(ILogger.LL_SECURITY, CMS.getLogMessage("USER_NOT_EXIST", uid)); throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); @@ -174,20 +172,20 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication throw new ELdapException( CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); - default: + default: log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.getMessage())); throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", - e.errorCodeToString())); + CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", + e.errorCodeToString())); } - } + } } /** - * Returns a list of configuration parameter names. - * The list is passed to the configuration console so instances of - * this implementation can be configured through the console. - * + * Returns a list of configuration parameter names. The list is passed to + * the configuration console so instances of this implementation can be + * configured through the console. + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { @@ -196,6 +194,7 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication /** * Returns array of required credentials for this authentication manager. + * * @return Array of required credentials. */ public String[] getRequiredCreds() { @@ -203,9 +202,9 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication } // Profile-related methods - + public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { } /** @@ -243,23 +242,22 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(CRED_UID)) { + if (name.equals(CRED_UID)) { return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_UID")); } else if (name.equals(CRED_PWD)) { return new Descriptor(IDescriptor.PASSWORD, null, null, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_PWD")); - + } return null; } - public void populate(IAuthToken token, IRequest request) - throws EProfileException { + public void populate(IAuthToken token, IRequest request) + throws EProfileException { request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, token.getInString(USER_DN)); } diff --git a/pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java index ce60bf8d..f305648b 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java +++ b/pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - // ldap java sdk import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -53,15 +52,14 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * uid/pwd/pin directory based authentication manager * <P> - * + * * @version $Revision$, $Date$ */ public class UidPwdPinDirAuthentication extends DirBasedAuthentication - implements IExtendedPluginInfo, IProfileAuthenticator { + implements IExtendedPluginInfo, IProfileAuthenticator { /* required credentials to authenticate. uid and pwd are strings. */ public static final String CRED_UID = "uid"; @@ -79,54 +77,54 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication protected static final byte SENTINEL_MD5 = 1; protected static final byte SENTINEL_NONE = 0x2d; - /* Holds configuration parameters accepted by this implementation. - * This list is passed to the configuration console so configuration - * for instances of this implementation can be configured through the - * console. + /* + * Holds configuration parameters accepted by this implementation. This list + * is passed to the configuration console so configuration for instances of + * this implementation can be configured through the console. */ - protected static String[] mConfigParams = - new String[] { PROP_REMOVE_PIN, - PROP_PIN_ATTR, - PROP_DNPATTERN, - PROP_LDAPSTRINGATTRS, - PROP_LDAPBYTEATTRS, - "ldap.ldapconn.host", - "ldap.ldapconn.port", - "ldap.ldapconn.secureConn", - "ldap.ldapconn.version", - "ldap.ldapauth.bindDN", - "ldap.ldapauth.bindPWPrompt", - "ldap.ldapauth.clientCertNickname", - "ldap.ldapauth.authtype", - "ldap.basedn", - "ldap.minConns", - "ldap.maxConns", + protected static String[] mConfigParams = + new String[] { PROP_REMOVE_PIN, + PROP_PIN_ATTR, + PROP_DNPATTERN, + PROP_LDAPSTRINGATTRS, + PROP_LDAPBYTEATTRS, + "ldap.ldapconn.host", + "ldap.ldapconn.port", + "ldap.ldapconn.secureConn", + "ldap.ldapconn.version", + "ldap.ldapauth.bindDN", + "ldap.ldapauth.bindPWPrompt", + "ldap.ldapauth.clientCertNickname", + "ldap.ldapauth.authtype", + "ldap.basedn", + "ldap.minConns", + "ldap.maxConns", }; static { mExtendedPluginInfo.add( - PROP_REMOVE_PIN + ";boolean;SEE DOCUMENTATION for pin removal"); + PROP_REMOVE_PIN + ";boolean;SEE DOCUMENTATION for pin removal"); mExtendedPluginInfo.add( - PROP_PIN_ATTR + ";string;directory attribute to use for pin (default 'pin')"); + PROP_PIN_ATTR + ";string;directory attribute to use for pin (default 'pin')"); mExtendedPluginInfo.add( - "ldap.ldapauth.bindDN;string;DN to bind as for pin removal. " - + "For example 'CN=PinRemoval User'"); + "ldap.ldapauth.bindDN;string;DN to bind as for pin removal. " + + "For example 'CN=PinRemoval User'"); mExtendedPluginInfo.add( - "ldap.ldapauth.bindPWPrompt;password;Enter password used to bind as " + - "the above user"); + "ldap.ldapauth.bindPWPrompt;password;Enter password used to bind as " + + "the above user"); mExtendedPluginInfo.add( - "ldap.ldapauth.clientCertNickname;string;If you want to use " - + "SSL client auth to the directory, set the client " - + "cert nickname here"); + "ldap.ldapauth.clientCertNickname;string;If you want to use " + + "SSL client auth to the directory, set the client " + + "cert nickname here"); mExtendedPluginInfo.add( - "ldap.ldapauth.authtype;choice(BasicAuth,SslClientAuth),required;" - + "How to bind to the directory (for pin removal only)"); + "ldap.ldapauth.authtype;choice(BasicAuth,SslClientAuth),required;" + + "How to bind to the directory (for pin removal only)"); mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT - + ";Authenticate the username, password and pin provided " - + "by the user against an LDAP directory. Works with the " - + "Dir/Pin Based Enrollment HTML form"); + + ";Authenticate the username, password and pin provided " + + "by the user against an LDAP directory. Works with the " + + "Dir/Pin Based Enrollment HTML form"); mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-authrules-uidpwdpindirauth"); + ";configuration-authrules-uidpwdpindirauth"); } @@ -135,12 +133,12 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication protected MessageDigest mSHADigest = null; protected MessageDigest mMD5Digest = null; - private String mBindDN = null; - private String mBindPassword = null; + private String mBindDN = null; + private String mBindPassword = null; - private ILdapConnFactory removePinLdapFactory = null; - private LDAPConnection removePinLdapConnection = null; - private IConfigStore removePinLdapConfigStore = null; + private ILdapConnFactory removePinLdapFactory = null; + private LDAPConnection removePinLdapConnection = null; + private IConfigStore removePinLdapConfigStore = null; /** * Default constructor, initialization must follow. @@ -149,12 +147,12 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication super(); } - public void init(String name, String implName, IConfigStore config) - throws EBaseException { + public void init(String name, String implName, IConfigStore config) + throws EBaseException { super.init(name, implName, config); - mRemovePin = + mRemovePin = config.getBoolean(PROP_REMOVE_PIN, DEF_REMOVE_PIN); - mPinAttr = + mPinAttr = config.getString(PROP_PIN_ATTR, DEF_PIN_ATTR); if (mPinAttr.equals("")) { mPinAttr = DEF_PIN_ATTR; @@ -166,7 +164,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication removePinLdapFactory.init(removePinLdapConfigStore); removePinLdapConnection = removePinLdapFactory.getConn(); } - + try { mSHADigest = MessageDigest.getInstance("SHA1"); mMD5Digest = MessageDigest.getInstance("MD5"); @@ -177,7 +175,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication } protected void verifyPassword(String Password) { - } + } /** * Authenticates a user based on its uid, pwd, pin in the directory. @@ -185,16 +183,16 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication * @param authCreds The authentication credentials with uid, pwd, pin. * @return The user's ldap entry dn. * @exception EInvalidCredentials If the uid and password are not valid - * @exception EBaseException If an internal error occurs. + * @exception EBaseException If an internal error occurs. */ - protected String authenticate(LDAPConnection conn, - IAuthCredentials authCreds, - AuthToken token) - throws EBaseException { + protected String authenticate(LDAPConnection conn, + IAuthCredentials authCreds, + AuthToken token) + throws EBaseException { String userdn = null; - String uid = null; - String pwd = null; - String pin = null; + String uid = null; + String pwd = null; + String pin = null; try { // get the uid. @@ -202,7 +200,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication if (uid == null) { throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID)); } - + // get the password. pwd = (String) authCreds.get(CRED_PWD); if (pwd == null) { @@ -244,7 +242,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_AUTHENTICATED", uid)); // log(ILogger.LL_SECURITY, "found user : " + userdn); - // check pin. + // check pin. checkpin(conn, userdn, uid, pin); // set uid in the token. @@ -256,8 +254,8 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication throw e; } catch (LDAPException e) { switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - case LDAPException.LDAP_PARTIAL_RESULTS: + case LDAPException.NO_SUCH_OBJECT: + case LDAPException.LDAP_PARTIAL_RESULTS: log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_USER_NOT_EXIST", uid)); throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); @@ -270,24 +268,24 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication throw new ELdapException( CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); - default: + default: log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.getMessage())); throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", - e.errorCodeToString())); + CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", + e.errorCodeToString())); } - } + } } - protected void checkpin(LDAPConnection conn, String userdn, - String uid, String pin) - throws EBaseException, LDAPException { + protected void checkpin(LDAPConnection conn, String userdn, + String uid, String pin) + throws EBaseException, LDAPException { LDAPSearchResults res = null; LDAPEntry entry = null; // get pin. - res = conn.search(userdn, LDAPv2.SCOPE_BASE, + res = conn.search(userdn, LDAPv2.SCOPE_BASE, "(objectclass=*)", new String[] { mPinAttr }, false); if (res.hasMoreElements()) { entry = (LDAPEntry) res.nextElement(); @@ -309,7 +307,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid)); throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } - byte[] entrypin = (byte[]) pinValues.nextElement(); + byte[] entrypin = (byte[]) pinValues.nextElement(); // compare value digest. @@ -317,14 +315,14 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid)); throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } - + byte hashtype = entrypin[0]; byte[] pinDigest = null; String toBeDigested = userdn + pin; if (hashtype == SENTINEL_SHA) { - + pinDigest = mSHADigest.digest(toBeDigested.getBytes()); } else if (hashtype == SENTINEL_MD5) { pinDigest = mMD5Digest.digest(toBeDigested.getBytes()); @@ -343,7 +341,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication int i; for (i = 0; i < (entrypin.length - 1); i++) { - if (pinDigest[i] != entrypin[i + 1]) + if (pinDigest[i] != entrypin[i + 1]) break; } if (i != (entrypin.length - 1)) { @@ -354,17 +352,17 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication // pin ok. remove pin if so configured // Note that this means that a policy may reject this request later, // but the user will not be able to enroll again as his pin is gone. - + // We remove the pin using a different connection which is bound as // a more privileged user. if (mRemovePin) { try { - removePinLdapConnection.modify(userdn, - new LDAPModification( - LDAPModification.DELETE, - new LDAPAttribute(mPinAttr, entrypin))); + removePinLdapConnection.modify(userdn, + new LDAPModification( + LDAPModification.DELETE, + new LDAPAttribute(mPinAttr, entrypin))); } catch (LDAPException e) { log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_CANT_REMOVE_PIN", userdn)); @@ -374,10 +372,10 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication } /** - * Returns a list of configuration parameter names. - * The list is passed to the configuration console so instances of - * this implementation can be configured through the console. - * + * Returns a list of configuration parameter names. The list is passed to + * the configuration console so instances of this implementation can be + * configured through the console. + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { @@ -386,6 +384,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication /** * Returns array of required credentials for this authentication manager. + * * @return Array of required credentials. */ public String[] getRequiredCreds() { @@ -395,7 +394,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication // Profile-related methods public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { } /** @@ -434,8 +433,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(CRED_UID)) { @@ -453,7 +451,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication } public void populate(IAuthToken token, IRequest request) - throws EProfileException { + throws EProfileException { request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, token.getInString(USER_DN)); } @@ -462,4 +460,3 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication return false; } } - diff --git a/pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java b/pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java index 0bb36f28..df15dd1c 100644 --- a/pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java +++ b/pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authorization; - import java.util.Enumeration; import java.util.Hashtable; import java.util.Locale; @@ -37,30 +36,32 @@ import com.netscape.certsrv.evaluators.IAccessEvaluator; import com.netscape.certsrv.logging.ILogger; import com.netscape.cmsutil.util.Utils; - /** - * An abstract class represents an authorization manager that governs the - * access of internal resources such as servlets. - * It parses in the ACLs associated with each protected - * resources, and provides protected method <CODE>checkPermission</CODE> - * for code that needs to verify access before performing - * actions. + * An abstract class represents an authorization manager that governs the access + * of internal resources such as servlets. It parses in the ACLs associated with + * each protected resources, and provides protected method + * <CODE>checkPermission</CODE> for code that needs to verify access before + * performing actions. * <P> * Here is a sample resourceACLS for a resource + * * <PRE> * certServer.UsrGrpAdminServlet: * execute: * deny (execute) user="tempAdmin"; * allow (execute) group="Administrators"; * </PRE> - * To perform permission checking, code call authz mgr authorize() - * method to verify access. See AuthzMgr for calling example. + * + * To perform permission checking, code call authz mgr authorize() method to + * verify access. See AuthzMgr for calling example. * <P> - * default "evaluators" are used to evaluate the "group=.." or "user=.." - * rules. See evaluator for more info + * default "evaluators" are used to evaluate the "group=.." or "user=.." rules. + * See evaluator for more info * * @version $Revision$, $Date$ - * @see <A HREF="http://developer.netscape.com/library/documentation/enterprise/admnunix/aclfiles.htm">ACL Files</A> + * @see <A + * HREF="http://developer.netscape.com/library/documentation/enterprise/admnunix/aclfiles.htm">ACL + * Files</A> */ public abstract class AAclAuthz { @@ -92,10 +93,10 @@ public abstract class AAclAuthz { } /** - * Initializes + * Initializes */ - protected void init(IConfigStore config) - throws EBaseException { + protected void init(IConfigStore config) + throws EBaseException { mLogger = CMS.getLogger(); CMS.debug("AAclAuthz: init begins"); @@ -123,16 +124,15 @@ public abstract class AAclAuthz { type + "." + PROP_CLASS)); } - // instantiate evaluator + // instantiate evaluator try { evaluator = (IAccessEvaluator) Class.forName(evalClassPath).newInstance(); } catch (Exception e) { String errMsg = "init(): failed to load class: " + - evalClassPath + ":" + e.toString(); + evalClassPath + ":" + e.toString(); - throw new - EACLsException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", + throw new EACLsException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", evalClassPath)); } @@ -151,16 +151,18 @@ public abstract class AAclAuthz { } /** - * Parse ACL resource attributes, then update the ACLs memory store - * This is intended to be used if storing ACLs on ldap is not desired, - * and the caller is expected to call this method to add resource - * and acl info into acls memory store. The resACLs format should conform - * to the following: - * <resource ID>:right-1[,right-n]:[allow,deny](right(s))<evaluatorType>=<value>:<comment for this resource acl + * Parse ACL resource attributes, then update the ACLs memory store This is + * intended to be used if storing ACLs on ldap is not desired, and the + * caller is expected to call this method to add resource and acl info into + * acls memory store. The resACLs format should conform to the following: + * <resource + * ID>:right-1[,right-n]:[allow,deny](right(s))<evaluatorType>=<value + * >:<comment for this resource acl * <P> - * Example: - * resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties - * @param resACLs same format as the resourceACLs attribute + * Example: resTurnKnob:left,right:allow(left) group="lefties":door knobs + * for lefties + * + * @param resACLs same format as the resourceACLs attribute * @throws EBaseException parsing error from <code>parseACL</code> */ public void addACLs(String resACLs) throws EBaseException { @@ -180,7 +182,7 @@ public abstract class AAclAuthz { public IACL getACL(String target) { return (ACL) mACLs.get(target); } - + protected Enumeration<String> getTargetNames() { return mACLs.keys(); } @@ -204,10 +206,10 @@ public abstract class AAclAuthz { } /** - * Returns a list of configuration parameter names. - * The list is passed to the configuration console so instances of - * this implementation can be configured through the console. - * + * Returns a list of configuration parameter names. The list is passed to + * the configuration console so instances of this implementation can be + * configured through the console. + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { @@ -220,8 +222,7 @@ public abstract class AAclAuthz { public abstract void shutdown(); /** - * Registers new handler for the given attribute type - * in the expressions. + * Registers new handler for the given attribute type in the expressions. */ public void registerEvaluator(String type, IAccessEvaluator evaluator) { mEvaluators.put(type, evaluator); @@ -233,45 +234,42 @@ public abstract class AAclAuthz { *******************************************************/ /** - * Checks if the permission is granted or denied in - * the current execution context. If the code is - * marked as privileged, this methods will simply + * Checks if the permission is granted or denied in the current execution + * context. If the code is marked as privileged, this methods will simply * return. * <P> - * note that if a resource does not exist in the aclResources - * entry, but a higher level node exist, it will still be - * evaluated. The highest level node's acl determines the - * permission. If the higher level node doesn't contain any acl - * information, then it's passed down to the lower node. If - * a node has no aci in its resourceACLs, then it's considered - * passed. + * note that if a resource does not exist in the aclResources entry, but a + * higher level node exist, it will still be evaluated. The highest level + * node's acl determines the permission. If the higher level node doesn't + * contain any acl information, then it's passed down to the lower node. If + * a node has no aci in its resourceACLs, then it's considered passed. * <p> * example: certServer.common.users, if failed permission check for - * "certServer", then it's considered failed, and there is no need to - * continue the check. If passed permission check for "certServer", - * then it's considered passed, and no need to continue the - * check. If certServer contains no aci then "certServer.common" will be - * checked for permission instead. If down to the leaf level, - * the node still contains no aci, then it's considered passed. - * If at the leaf level, no such resource exist, or no acis, it's - * considered passed. + * "certServer", then it's considered failed, and there is no need to + * continue the check. If passed permission check for "certServer", then + * it's considered passed, and no need to continue the check. If certServer + * contains no aci then "certServer.common" will be checked for permission + * instead. If down to the leaf level, the node still contains no aci, then + * it's considered passed. If at the leaf level, no such resource exist, or + * no acis, it's considered passed. * <p> - * If there are multiple aci's for a resource, ALL aci's will be - * checked, and only if all passed permission checks, will the - * eventual access be granted. + * If there are multiple aci's for a resource, ALL aci's will be checked, + * and only if all passed permission checks, will the eventual access be + * granted. + * * @param name resource name * @param perm permission requested * @exception EACLsException access permission denied */ - protected synchronized void checkPermission(String name, String perm) - throws EACLsException { + protected synchronized void checkPermission(String name, String perm) + throws EACLsException { String resource = ""; StringTokenizer st = new StringTokenizer(name, "."); while (st.hasMoreTokens()) { String node = st.nextToken(); - if (! "".equals(resource)) { + if (!"".equals(resource)) { resource = resource + "." + node; } else { resource = node; @@ -288,18 +286,17 @@ public abstract class AAclAuthz { params[1] = perm; String errMsg = "checkPermission(): permission denied for the resource " + - name + " on operation " + perm; + name + " on operation " + perm; log(ILogger.LL_SECURITY, CMS.getLogMessage("AUTHZ_EVALUATOR_ACCESS_DENIED", name, perm)); - throw new - EACLsException(CMS.getUserMessage("CMS_ACL_NO_PERMISSION", + throw new EACLsException(CMS.getUserMessage("CMS_ACL_NO_PERMISSION", (String[]) params)); } if (passed) { String infoMsg = "checkPermission(): permission granted for the resource " + - name + " on operation " + perm; + name + " on operation " + perm; log(ILogger.LL_INFO, infoMsg); @@ -309,38 +306,37 @@ public abstract class AAclAuthz { } /** - * Checks if the permission is granted or denied in - * the current execution context. + * Checks if the permission is granted or denied in the current execution + * context. * <P> * An <code>ACL</code> may contain one or more <code>ACLEntry</code>. - * However, in case of multiple <code>ACLEntry</code>, a subject must - * pass ALL of the <code>ACLEntry</code> evaluation for permission - * to be granted + * However, in case of multiple <code>ACLEntry</code>, a subject must pass + * ALL of the <code>ACLEntry</code> evaluation for permission to be granted * <P> - * negative ("deny") aclEntries are treated differently than - * positive ("allow") statements. If a negative aclEntries - * fails the acl check, the permission check will return "false" - * right away; while in the case of a positive aclEntry, if the - * the aclEntry fails the acl check, the next aclEntry will be - * evaluated. + * negative ("deny") aclEntries are treated differently than positive + * ("allow") statements. If a negative aclEntries fails the acl check, the + * permission check will return "false" right away; while in the case of a + * positive aclEntry, if the the aclEntry fails the acl check, the next + * aclEntry will be evaluated. + * * @param name resource name * @param perm permission requested - * @return true if access allowed - * false if should be passed down to the next node + * @return true if access allowed false if should be passed down to the next + * node * @exception EACLsException if access disallowed */ - private boolean checkACLs(String name, String perm) - throws EACLsException { + private boolean checkACLs(String name, String perm) + throws EACLsException { ACL acl = (ACL) mACLs.get(name); // no such resource, pass it down if (acl == null) { String infoMsg = "checkACLs(): no acl for" + - name + "...pass down to next node"; + name + "...pass down to next node"; log(ILogger.LL_INFO, infoMsg); - return false; + return false; } Enumeration<ACLEntry> e = acl.entries(); @@ -348,7 +344,7 @@ public abstract class AAclAuthz { if ((e == null) || (e.hasMoreElements() == false)) { // no acis for node, pass down to next node String infoMsg = " AAclAuthz.checkACLs(): no acis for " + - name + " acl entry...pass down to next node"; + name + " acl entry...pass down to next node"; log(ILogger.LL_INFO, infoMsg); @@ -380,10 +376,8 @@ public abstract class AAclAuthz { } /** - * Resolves the given expressions. - * expression || expression || ... - * example: - * group="Administrators" || group="Operators" + * Resolves the given expressions. expression || expression || ... example: + * group="Administrators" || group="Operators" */ private boolean evaluateExpressions(String s) { // XXX - just handle "||" (or) among multiple expressions for now @@ -449,8 +443,8 @@ public abstract class AAclAuthz { private boolean evaluateExpression(String expression) { // XXX - just recognize "=" for now!! int i = expression.indexOf("="); - String type = expression.substring(0, i); - String value = expression.substring(i + 1); + String type = expression.substring(0, i); + String value = expression.substring(i + 1); IAccessEvaluator evaluator = (IAccessEvaluator) mEvaluators.get(type); if (evaluator == null) { @@ -468,76 +462,73 @@ public abstract class AAclAuthz { *******************************************************/ /** - * Checks if the permission is granted or denied with id from authtoken + * Checks if the permission is granted or denied with id from authtoken * gotten from authentication that precedes authorization. If the code is - * marked as privileged, this methods will simply - * return. + * marked as privileged, this methods will simply return. * <P> - * note that if a resource does not exist in the aclResources - * entry, but a higher level node exist, it will still be - * evaluated. The highest level node's acl determines the - * permission. If the higher level node doesn't contain any acl - * information, then it's passed down to the lower node. If - * a node has no aci in its resourceACLs, then it's considered - * passed. + * note that if a resource does not exist in the aclResources entry, but a + * higher level node exist, it will still be evaluated. The highest level + * node's acl determines the permission. If the higher level node doesn't + * contain any acl information, then it's passed down to the lower node. If + * a node has no aci in its resourceACLs, then it's considered passed. * <p> * example: certServer.common.users, if failed permission check for - * "certServer", then it's considered failed, and there is no need to - * continue the check. If passed permission check for "certServer", - * then it's considered passed, and no need to continue the - * check. If certServer contains no aci then "certServer.common" will be - * checked for permission instead. If down to the leaf level, - * the node still contains no aci, then it's considered passed. - * If at the leaf level, no such resource exist, or no acis, it's - * considered passed. + * "certServer", then it's considered failed, and there is no need to + * continue the check. If passed permission check for "certServer", then + * it's considered passed, and no need to continue the check. If certServer + * contains no aci then "certServer.common" will be checked for permission + * instead. If down to the leaf level, the node still contains no aci, then + * it's considered passed. If at the leaf level, no such resource exist, or + * no acis, it's considered passed. * <p> - * If there are multiple aci's for a resource, ALL aci's will be - * checked, and only if all passed permission checks, will the - * eventual access be granted. + * If there are multiple aci's for a resource, ALL aci's will be checked, + * and only if all passed permission checks, will the eventual access be + * granted. + * * @param authToken authentication token gotten from authentication * @param name resource name * @param perm permission requested * @exception EACLsException access permission denied */ - public synchronized void checkPermission(IAuthToken authToken, String name, - String perm) - throws EACLsException { - + public synchronized void checkPermission(IAuthToken authToken, String name, + String perm) + throws EACLsException { + Vector<String> nodev = getNodes(name); Enumeration<String> nodes = nodev.elements(); String order = getOrder(); Enumeration<ACLEntry> entries = null; - if (order.equals("deny")) + if (order.equals("deny")) entries = getDenyEntries(nodes, perm); - else + else entries = getAllowEntries(nodes, perm); - + boolean permitted = false; while (entries.hasMoreElements()) { ACLEntry entry = (ACLEntry) entries.nextElement(); CMS.debug("checkACLS(): ACLEntry expressions= " + - entry.getAttributeExpressions()); + entry.getAttributeExpressions()); if (evaluateExpressions(authToken, entry.getAttributeExpressions())) { - log(ILogger.LL_SECURITY, - " checkACLs(): permission denied"); + log(ILogger.LL_SECURITY, + " checkACLs(): permission denied"); throw new EACLsException(CMS.getUserMessage("CMS_ACL_PERMISSION_DENIED")); } } nodes = nodev.elements(); - if (order.equals("deny")) + if (order.equals("deny")) entries = getAllowEntries(nodes, perm); - else + else entries = getDenyEntries(nodes, perm); - while (entries.hasMoreElements()) { + while (entries.hasMoreElements()) { ACLEntry entry = (ACLEntry) entries.nextElement(); CMS.debug("checkACLS(): ACLEntry expressions= " + - entry.getAttributeExpressions()); + entry.getAttributeExpressions()); if (evaluateExpressions(authToken, entry.getAttributeExpressions())) { permitted = true; } @@ -546,7 +537,7 @@ public abstract class AAclAuthz { nodev = null; if (permitted) { String infoMsg = "checkPermission(): permission granted for the resource " + - name + " on operation " + perm; + name + " on operation " + perm; log(ILogger.LL_INFO, infoMsg); return; @@ -557,10 +548,10 @@ public abstract class AAclAuthz { params[1] = perm; String errMsg = "checkPermission(): permission denied for the resource " + - name + " on operation " + perm; + name + " on operation " + perm; - log(ILogger.LL_SECURITY, - CMS.getLogMessage("AUTHZ_EVALUATOR_ACCESS_DENIED", name, perm)); + log(ILogger.LL_SECURITY, + CMS.getLogMessage("AUTHZ_EVALUATOR_ACCESS_DENIED", name, perm)); throw new EACLsException(CMS.getUserMessage("CMS_ACL_NO_PERMISSION", (String[]) params)); @@ -582,13 +573,13 @@ public abstract class AAclAuthz { while (e.hasMoreElements()) { ACLEntry entry = (ACLEntry) e.nextElement(); - if (!entry.isNegative() && - entry.containPermission(operation)) { + if (!entry.isNegative() && + entry.containPermission(operation)) { v.addElement(entry); } } } - + return v.elements(); } @@ -607,21 +598,19 @@ public abstract class AAclAuthz { while (e.hasMoreElements()) { ACLEntry entry = e.nextElement(); - if (entry.isNegative() && - entry.containPermission(operation)) { + if (entry.isNegative() && + entry.containPermission(operation)) { v.addElement(entry); } } } - + return v.elements(); } /** - * Resolves the given expressions. - * expression || expression || ... - * example: - * group="Administrators" || group="Operators" + * Resolves the given expressions. expression || expression || ... example: + * group="Administrators" || group="Operators" */ private boolean evaluateExpressions(IAuthToken authToken, String s) { // XXX - just handle "||" (or) among multiple expressions for now @@ -703,7 +692,7 @@ public abstract class AAclAuthz { while (index != -1) { name = name.substring(0, index); v.addElement(name); - index = name.lastIndexOf("."); + index = name.lastIndexOf("."); } return v; @@ -745,7 +734,7 @@ public abstract class AAclAuthz { i = exp.indexOf(">"); if (i == -1) { i = exp.indexOf("<"); - if (i == -1) { + if (i == -1) { log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_OP_NOT_SUPPORTED", exp)); } else { return "<"; @@ -780,19 +769,19 @@ public abstract class AAclAuthz { *******************************************************/ /** - * This one only updates the memory. Classes extend this class should - * also update to a permanent storage + * This one only updates the memory. Classes extend this class should also + * update to a permanent storage */ - public void updateACLs(String id, String rights, String strACLs, - String desc) throws EACLsException { + public void updateACLs(String id, String rights, String strACLs, + String desc) throws EACLsException { ACL acl = (ACL) getACL(id); - + String resourceACLs = id; if (rights != null) resourceACLs = id + ":" + rights + ":" + strACLs + ":" + desc; - // memory update + // memory update ACL ac = null; try { @@ -806,6 +795,7 @@ public abstract class AAclAuthz { /** * gets an enumeration of resources + * * @return an enumeration of resources contained in the ACL table */ public Enumeration<ACL> aclResElements() { @@ -814,6 +804,7 @@ public abstract class AAclAuthz { /** * gets an enumeration of access evaluators + * * @return an enumeraton of access evaluators */ public Enumeration<IAccessEvaluator> aclEvaluatorElements() { @@ -822,6 +813,7 @@ public abstract class AAclAuthz { /** * gets the access evaluators + * * @return handle to the access evaluators table */ public Hashtable<String, IAccessEvaluator> getAccessEvaluators() { @@ -830,6 +822,7 @@ public abstract class AAclAuthz { /** * is this resource name unique + * * @return true if unique; false otherwise */ public boolean isTypeUnique(String type) { @@ -844,7 +837,7 @@ public abstract class AAclAuthz { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION, - level, msg); + level, msg); } /********************************* @@ -852,17 +845,16 @@ public abstract class AAclAuthz { **********************************/ /** - * update acls. called after memory upate is done to flush to permanent + * update acls. called after memory upate is done to flush to permanent * storage. * <p> */ protected abstract void flushResourceACLs() throws EACLsException; /** - * an abstract class that enforces implementation of the - * authorize() method that will authorize an operation on a - * particular resource - * + * an abstract class that enforces implementation of the authorize() method + * that will authorize an operation on a particular resource + * * @param authToken the authToken associated with a user * @param resource - the protected resource name * @param operation - the protected resource operation name diff --git a/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java b/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java index 29cb671e..d2d29996 100644 --- a/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java +++ b/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authorization; - // cert server imports. import com.netscape.certsrv.acls.EACLsException; import com.netscape.certsrv.apps.CMS; @@ -31,14 +30,13 @@ import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.IExtendedPluginInfo; import com.netscape.certsrv.logging.ILogger; - /** * A class for basic acls authorization manager - * + * * @version $Revision$, $Date$ */ public class BasicAclAuthz extends AAclAuthz - implements IAuthzManager, IExtendedPluginInfo { + implements IAuthzManager, IExtendedPluginInfo { // members @@ -67,13 +65,14 @@ public class BasicAclAuthz extends AAclAuthz */ public BasicAclAuthz() { - /* Holds configuration parameters accepted by this implementation. - * This list is passed to the configuration console so configuration - * for instances of this implementation can be configured through the + /* + * Holds configuration parameters accepted by this implementation. This + * list is passed to the configuration console so configuration for + * instances of this implementation can be configured through the * console. */ mConfigParams = - new String[] { + new String[] { "dummy" }; } @@ -82,7 +81,7 @@ public class BasicAclAuthz extends AAclAuthz * */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; @@ -108,20 +107,22 @@ public class BasicAclAuthz extends AAclAuthz } /** - * check the authorization permission for the user associated with - * authToken on operation + * check the authorization permission for the user associated with authToken + * on operation * <p> * Example: * <p> - * For example, if UsrGrpAdminServlet needs to authorize the caller - * it would do be done in the following fashion: + * For example, if UsrGrpAdminServlet needs to authorize the caller it would + * do be done in the following fashion: + * * <PRE> - * try { - * authzTok = mAuthz.authorize("DirACLBasedAuthz", authToken, RES_GROUP, "read"); - * } catch (EBaseException e) { - * log(ILogger.LL_FAILURE, "authorize call: "+ e.toString()); - * } - * </PRE> + * try { + * authzTok = mAuthz.authorize("DirACLBasedAuthz", authToken, RES_GROUP, "read"); + * } catch (EBaseException e) { + * log(ILogger.LL_FAILURE, "authorize call: " + e.toString()); + * } + * </PRE> + * * @param authToken the authToken associated with a user * @param resource - the protected resource name * @param operation - the protected resource operation name @@ -130,7 +131,7 @@ public class BasicAclAuthz extends AAclAuthz * @return authzToken if success */ public AuthzToken authorize(IAuthToken authToken, String resource, String operation) - throws EAuthzInternalError, EAuthzAccessDenied { + throws EAuthzInternalError, EAuthzAccessDenied { AuthzToken authzToken = new AuthzToken(this); try { @@ -142,11 +143,11 @@ public class BasicAclAuthz extends AAclAuthz authzToken.set(AuthzToken.TOKEN_AUTHZ_RESOURCE, resource); authzToken.set(AuthzToken.TOKEN_AUTHZ_OPERATION, operation); authzToken.set(AuthzToken.TOKEN_AUTHZ_STATUS, - AuthzToken.AUTHZ_STATUS_SUCCESS); + AuthzToken.AUTHZ_STATUS_SUCCESS); } catch (EACLsException e) { - // audit here later + // audit here later log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_AUTHORIZATION_FAILED")); - String params[] = {resource, operation}; + String params[] = { resource, operation }; throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params)); } @@ -155,32 +156,33 @@ public class BasicAclAuthz extends AAclAuthz } public AuthzToken authorize(IAuthToken authToken, String expression) - throws EAuthzAccessDenied { + throws EAuthzAccessDenied { if (evaluateACLs(authToken, expression)) { return (new AuthzToken(this)); } else { - String params[] = {expression}; + String params[] = { expression }; throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params)); } } /** * This currently does not flush to permanent storage + * * @param id is the resource id - * @param strACLs + * @param strACLs */ public void updateACLs(String id, String rights, String strACLs, - String desc) throws EACLsException { + String desc) throws EACLsException { try { super.updateACLs(id, rights, strACLs, desc); - // flushResourceACLs(); + // flushResourceACLs(); needsFlush = false; } catch (EACLsException ex) { // flushing failed, set flag needsFlush = true; String errMsg = "updateACLs: failed to flushResourceACLs(): " - + ex.toString(); + + ex.toString(); log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_FLUSH_RESOURCES", ex.toString())); @@ -189,8 +191,8 @@ public class BasicAclAuthz extends AAclAuthz } /** - * updates resourceACLs to permanent storage. - * currently not implemented for this authzMgr + * updates resourceACLs to permanent storage. currently not implemented for + * this authzMgr */ protected void flushResourceACLs() throws EACLsException { log(ILogger.LL_FAILURE, "flushResourceACL() is not implemented"); @@ -198,7 +200,7 @@ public class BasicAclAuthz extends AAclAuthz } /** - * graceful shutdown + * graceful shutdown */ public void shutdown() { log(ILogger.LL_INFO, "shutting down"); @@ -206,6 +208,7 @@ public class BasicAclAuthz extends AAclAuthz /** * Logs a message for this class in the system log file. + * * @param level The log level. * @param msg The message to log. * @see com.netscape.certsrv.logging.ILogger @@ -214,6 +217,6 @@ public class BasicAclAuthz extends AAclAuthz if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION, - level, msg); + level, msg); } } diff --git a/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java b/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java index 820bf97b..0938b498 100644 --- a/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java +++ b/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authorization; - import java.util.Enumeration; import netscape.ldap.LDAPAttribute; @@ -44,15 +43,14 @@ import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.ldap.ILdapConnFactory; import com.netscape.certsrv.logging.ILogger; - /** - * A class for ldap acls based authorization manager - * The ldap server used for acls is the cms internal ldap db. - * + * A class for ldap acls based authorization manager The ldap server used for + * acls is the cms internal ldap db. + * * @version $Revision$, $Date$ */ public class DirAclAuthz extends AAclAuthz - implements IAuthzManager, IExtendedPluginInfo { + implements IAuthzManager, IExtendedPluginInfo { // members @@ -76,21 +74,21 @@ public class DirAclAuthz extends AAclAuthz static { mExtendedPluginInfo.add("ldap.ldapconn.host;string,required;" + - "LDAP host to connect to"); + "LDAP host to connect to"); mExtendedPluginInfo.add("ldap.ldapconn.port;number,required;" + - "LDAP port number (use 389, or 636 if SSL)"); + "LDAP port number (use 389, or 636 if SSL)"); mExtendedPluginInfo.add("ldap.ldapconn.secureConn;boolean;" + - "Use SSL to connect to directory?"); + "Use SSL to connect to directory?"); mExtendedPluginInfo.add("ldap.ldapconn.version;choice(3,2);" + - "LDAP protocol version"); + "LDAP protocol version"); mExtendedPluginInfo.add("ldap.basedn;string,required;Base DN to start sarching " + - "under. If the ACL's DN is 'cn=resourceACL, o=NetscapeCertificateServer' you " + - "might want to use 'o=NetscapeCertificateServer' here"); + "under. If the ACL's DN is 'cn=resourceACL, o=NetscapeCertificateServer' you " + + "might want to use 'o=NetscapeCertificateServer' here"); mExtendedPluginInfo.add("ldap.minConns;number;number of connections " + - "to keep open to directory server. Default 5."); + "to keep open to directory server. Default 5."); mExtendedPluginInfo.add("ldap.maxConns;number;when needed, connection " - + - "pool can grow to this many (multiplexed) connections. Default 1000"); + + + "pool can grow to this many (multiplexed) connections. Default 1000"); } /** @@ -98,20 +96,21 @@ public class DirAclAuthz extends AAclAuthz */ public DirAclAuthz() { - /* Holds configuration parameters accepted by this implementation. - * This list is passed to the configuration console so configuration - * for instances of this implementation can be configured through the + /* + * Holds configuration parameters accepted by this implementation. This + * list is passed to the configuration console so configuration for + * instances of this implementation can be configured through the * console. */ mConfigParams = - new String[] { - "ldap.ldapconn.host", - "ldap.ldapconn.port", - "ldap.ldapconn.secureConn", - "ldap.ldapconn.version", - "ldap.basedn", - "ldap.minConns", - "ldap.maxConns", + new String[] { + "ldap.ldapconn.host", + "ldap.ldapconn.port", + "ldap.ldapconn.secureConn", + "ldap.ldapconn.version", + "ldap.basedn", + "ldap.minConns", + "ldap.maxConns", }; } @@ -119,7 +118,7 @@ public class DirAclAuthz extends AAclAuthz * */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; @@ -154,7 +153,7 @@ public class DirAclAuthz extends AAclAuthz CMS.debug("DirAclAuthz: about to ldap search aclResources"); try { conn = getConn(); - LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB, + LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB, "cn=aclResources", null, false); returnConn(conn); @@ -165,7 +164,7 @@ public class DirAclAuthz extends AAclAuthz LDAPAttribute aclRes = entry.getAttribute("resourceACLS"); @SuppressWarnings("unchecked") - Enumeration<String> en = (Enumeration<String> )aclRes.getStringValues(); + Enumeration<String> en = (Enumeration<String>) aclRes.getStringValues(); for (; en != null && en.hasMoreElements();) { addACLs(en.nextElement()); @@ -200,20 +199,22 @@ public class DirAclAuthz extends AAclAuthz } /** - * check the authorization permission for the user associated with - * authToken on operation + * check the authorization permission for the user associated with authToken + * on operation * <p> * Example: * <p> - * For example, if UsrGrpAdminServlet needs to authorize the caller - * it would do be done in the following fashion: + * For example, if UsrGrpAdminServlet needs to authorize the caller it would + * do be done in the following fashion: + * * <PRE> - * try { - * authzTok = mAuthz.authorize("DirAclAuthz", authToken, RES_GROUP, "read"); - * } catch (EBaseException e) { - * log(ILogger.LL_FAILURE, "authorize call: "+ e.toString()); - * } - * </PRE> + * try { + * authzTok = mAuthz.authorize("DirAclAuthz", authToken, RES_GROUP, "read"); + * } catch (EBaseException e) { + * log(ILogger.LL_FAILURE, "authorize call: " + e.toString()); + * } + * </PRE> + * * @param authToken the authToken associated with a user * @param resource - the protected resource name * @param operation - the protected resource operation name @@ -221,7 +222,7 @@ public class DirAclAuthz extends AAclAuthz * @return authzToken */ public AuthzToken authorize(IAuthToken authToken, String resource, String operation) - throws EAuthzInternalError, EAuthzAccessDenied { + throws EAuthzInternalError, EAuthzAccessDenied { AuthzToken authzToken = new AuthzToken(this); try { @@ -232,42 +233,42 @@ public class DirAclAuthz extends AAclAuthz authzToken.set(AuthzToken.TOKEN_AUTHZ_STATUS, AuthzToken.AUTHZ_STATUS_SUCCESS); CMS.debug("DirAclAuthz: authorization passed"); } catch (EACLsException e) { - // audit here later + // audit here later log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_AUTHORIZATION_FAILED")); - String params[] = {resource, operation}; + String params[] = { resource, operation }; throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params)); } - + return authzToken; } public AuthzToken authorize(IAuthToken authToken, String expression) - throws EAuthzAccessDenied { + throws EAuthzAccessDenied { if (evaluateACLs(authToken, expression)) { return (new AuthzToken(this)); } else { - String params[] = {expression}; + String params[] = { expression }; throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params)); } } /** - * update acls. when memory update is done, flush to ldap. + * update acls. when memory update is done, flush to ldap. * <p> - * Currently, it is possible that when the memory is updated - * successfully, and the ldap isn't, the memory upates lingers. - * The result is that the changes will only be done on ldap at the - * next update, or when the system shuts down, another flush will be - * attempted. + * Currently, it is possible that when the memory is updated successfully, + * and the ldap isn't, the memory upates lingers. The result is that the + * changes will only be done on ldap at the next update, or when the system + * shuts down, another flush will be attempted. + * * @param id is the resource id * @param rights The allowable rights for this resource - * @param strACLs has the same format as a resourceACLs entry acis - * on the ldap server + * @param strACLs has the same format as a resourceACLs entry acis on the + * ldap server * @param desc The description for this resource */ public void updateACLs(String id, String rights, String strACLs, - String desc) throws EACLsException { + String desc) throws EACLsException { try { super.updateACLs(id, rights, strACLs, desc); flushResourceACLs(); @@ -277,7 +278,7 @@ public class DirAclAuthz extends AAclAuthz needsFlush = true; String errMsg = "updateACLs: failed to flushResourceACLs(): " - + ex.toString(); + + ex.toString(); log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_FLUSH_RESOURCES", ex.toString())); @@ -335,7 +336,7 @@ public class DirAclAuthz extends AAclAuthz } /** - * graceful shutdown + * graceful shutdown */ public void shutdown() { if (needsFlush) { @@ -351,13 +352,14 @@ public class DirAclAuthz extends AAclAuthz try { mLdapConnFactory.reset(); mLdapConnFactory = null; - } catch (ELdapException e) { + } catch (ELdapException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_LDAP_ERROR", e.toString())); } } /** * Logs a message for this class in the system log file. + * * @param level The log level. * @param msg The message to log. * @see com.netscape.certsrv.logging.ILogger @@ -366,6 +368,6 @@ public class DirAclAuthz extends AAclAuthz if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION, - level, msg); + level, msg); } } diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java index 6fe802e7..19b6180d 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.crl; - import java.io.IOException; import java.util.Locale; @@ -38,14 +37,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.logging.ILogger; - /** * This represents a Authority Information Access CRL extension. - * + * * @version $Revision$, $Date$ */ public class CMSAuthInfoAccessExtension - implements ICMSCRLExtension, IExtendedPluginInfo { + implements ICMSCRLExtension, IExtendedPluginInfo { public static final String PROP_NUM_ADS = "numberOfAccessDescriptions"; public static final String PROP_ACCESS_METHOD = "accessMethod"; public static final String PROP_ACCESS_LOCATION_TYPE = "accessLocationType"; @@ -62,7 +60,7 @@ public class CMSAuthInfoAccessExtension } public Extension setCRLExtensionCriticality(Extension ext, - boolean critical) { + boolean critical) { AuthInfoAccessExtension authInfoAccessExt = (AuthInfoAccessExtension) ext; authInfoAccessExt.setCritical(critical); @@ -71,7 +69,7 @@ public class CMSAuthInfoAccessExtension } public Extension getCRLExtension(IConfigStore config, Object ip, - boolean critical) { + boolean critical) { ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip; AuthInfoAccessExtension authInfoAccessExt = new AuthInfoAccessExtension(critical); @@ -138,7 +136,7 @@ public class CMSAuthInfoAccessExtension String hostname = CMS.getEENonSSLHost(); String port = CMS.getEENonSSLPort(); if (hostname != null && port != null) { - accessLocation = "http://"+hostname+":"+port+"/ca/ee/ca/getCAChain?op=downloadBIN"; + accessLocation = "http://" + hostname + ":" + port + "/ca/ee/ca/getCAChain?op=downloadBIN"; } URIName uriName = new URIName(accessLocation); authInfoAccessExt.addAccessDescription(AuthInfoAccessExtension.METHOD_CA_ISSUERS, new GeneralName(uriName)); @@ -211,7 +209,7 @@ public class CMSAuthInfoAccessExtension String hostname = CMS.getEENonSSLHost(); String port = CMS.getEENonSSLPort(); if (hostname != null && port != null) { - accessLocation = "http://"+hostname+":"+port+"/ca/ee/ca/getCAChain?op=downloadBIN"; + accessLocation = "http://" + hostname + ":" + port + "/ca/ee/ca/getCAChain?op=downloadBIN"; } nvp.add(PROP_ACCESS_LOCATION + i, accessLocation); } @@ -224,32 +222,32 @@ public class CMSAuthInfoAccessExtension "critical;boolean;Set criticality for Authority Information Access extension.", PROP_NUM_ADS + ";number;Set number of Access Descriptions.", PROP_ACCESS_METHOD + "0;choice(" + PROP_ACCESS_METHOD_CAISSUERS + "," + - PROP_ACCESS_METHOD_OCSP +");Select access description method.", + PROP_ACCESS_METHOD_OCSP + ");Select access description method.", PROP_ACCESS_LOCATION_TYPE + "0;choice(" + PROP_URINAME + "," + - PROP_DIRNAME + ");Select access location type.", + PROP_DIRNAME + ");Select access location type.", PROP_ACCESS_LOCATION + "0;string;Enter access location " + - "corresponding to the selected access location type.", + "corresponding to the selected access location type.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-authorityinformationaccess", + ";configuration-ca-edit-crlextension-authorityinformationaccess", PROP_ACCESS_METHOD + "1;choice(" + PROP_ACCESS_METHOD_CAISSUERS + "," + - PROP_ACCESS_METHOD_OCSP +");Select access description method.", + PROP_ACCESS_METHOD_OCSP + ");Select access description method.", PROP_ACCESS_LOCATION_TYPE + "1;choice(" + PROP_URINAME + "," + - PROP_DIRNAME + ");Select access location type.", + PROP_DIRNAME + ");Select access location type.", PROP_ACCESS_LOCATION + "1;string;Enter access location " + - "corresponding to the selected access location type.", + "corresponding to the selected access location type.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-authorityinformationaccess", + ";configuration-ca-edit-crlextension-authorityinformationaccess", PROP_ACCESS_METHOD + "2;choice(" + PROP_ACCESS_METHOD_CAISSUERS + "," + - PROP_ACCESS_METHOD_OCSP +");Select access description method.", + PROP_ACCESS_METHOD_OCSP + ");Select access description method.", PROP_ACCESS_LOCATION_TYPE + "2;choice(" + PROP_URINAME + "," + - PROP_DIRNAME + ");Select access location type.", + PROP_DIRNAME + ");Select access location type.", PROP_ACCESS_LOCATION + "2;string;Enter access location " + - "corresponding to the selected access location type.", + "corresponding to the selected access location type.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-authorityinformationaccess", + ";configuration-ca-edit-crlextension-authorityinformationaccess", IExtendedPluginInfo.HELP_TEXT + - ";The Freshest CRL is a non critical CRL extension " + - "that identifies the delta CRL distribution points for a particular CRL." + ";The Freshest CRL is a non critical CRL extension " + + "that identifies the delta CRL distribution points for a particular CRL." }; return params; @@ -257,6 +255,6 @@ public class CMSAuthInfoAccessExtension private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, - "CMSAuthInfoAccessExtension - " + msg); + "CMSAuthInfoAccessExtension - " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java index 4cdb0bdc..4981702a 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.crl; - import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.CertificateParsingException; @@ -43,21 +42,20 @@ import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.logging.ILogger; - /** * This represents an authority key identifier extension. - * + * * @version $Revision$, $Date$ */ public class CMSAuthorityKeyIdentifierExtension - implements ICMSCRLExtension, IExtendedPluginInfo { + implements ICMSCRLExtension, IExtendedPluginInfo { private ILogger mLogger = CMS.getLogger(); public CMSAuthorityKeyIdentifierExtension() { } public Extension setCRLExtensionCriticality(Extension ext, - boolean critical) { + boolean critical) { AuthorityKeyIdentifierExtension authKeyIdExt = null; KeyIdentifier keyId = null; GeneralNames names = null; @@ -78,8 +76,8 @@ public class CMSAuthorityKeyIdentifierExtension } public Extension getCRLExtension(IConfigStore config, - Object ip, - boolean critical) { + Object ip, + boolean critical) { AuthorityKeyIdentifierExtension authKeyIdExt = null; ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip; @@ -88,12 +86,12 @@ public class CMSAuthorityKeyIdentifierExtension try { X509CertInfo info = (X509CertInfo) - ((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()).getCACert().get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + ((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()).getCACert().get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); if (info != null) { - CertificateExtensions caCertExtensions = (CertificateExtensions) - info.get(X509CertInfo.EXTENSIONS); + CertificateExtensions caCertExtensions = (CertificateExtensions) + info.get(X509CertInfo.EXTENSIONS); if (caCertExtensions != null) { for (int i = 0; i < caCertExtensions.size(); i++) { @@ -101,7 +99,7 @@ public class CMSAuthorityKeyIdentifierExtension if (caCertExt instanceof SubjectKeyIdentifierExtension) { SubjectKeyIdentifierExtension id = - (SubjectKeyIdentifierExtension) caCertExt; + (SubjectKeyIdentifierExtension) caCertExt; keyId = (KeyIdentifier) id.get(SubjectKeyIdentifierExtension.KEY_ID); @@ -143,16 +141,16 @@ public class CMSAuthorityKeyIdentifierExtension public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - //"type;choice(CRLExtension,CRLEntryExtension);CRL Extension Type. "+ - //"This field is not editable.", + // "type;choice(CRLExtension,CRLEntryExtension);CRL Extension Type. "+ + // "This field is not editable.", "enable;boolean;Check to enable Authority Key Identifier CRL extension.", "critical;boolean;Set criticality for Authority Key Identifier CRL extension.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-authoritykeyidentifier", + ";configuration-ca-edit-crlextension-authoritykeyidentifier", IExtendedPluginInfo.HELP_TEXT + - ";The authority key identifier extension provides a means " + - "of identifying the public key corresponding to the private " + - "key used to sign a CRL." + ";The authority key identifier extension provides a means " + + "of identifying the public key corresponding to the private " + + "key used to sign a CRL." }; return params; @@ -160,6 +158,6 @@ public class CMSAuthorityKeyIdentifierExtension private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, - "CMSAuthorityKeyIdentifierExtension - " + msg); + "CMSAuthorityKeyIdentifierExtension - " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java index e4bb4cb6..958a4d56 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.crl; - import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -34,21 +33,20 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.logging.ILogger; - /** * This represents a CRL number extension. - * + * * @version $Revision$, $Date$ */ public class CMSCRLNumberExtension - implements ICMSCRLExtension, IExtendedPluginInfo { + implements ICMSCRLExtension, IExtendedPluginInfo { private ILogger mLogger = CMS.getLogger(); public CMSCRLNumberExtension() { } public Extension setCRLExtensionCriticality(Extension ext, - boolean critical) { + boolean critical) { BigInteger crlNumber = null; CRLNumberExtension crlNumberExt = null; @@ -64,8 +62,8 @@ public class CMSCRLNumberExtension } public Extension getCRLExtension(IConfigStore config, - Object ip, - boolean critical) { + Object ip, + boolean critical) { CRLNumberExtension crlNumberExt = null; ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip; @@ -87,16 +85,16 @@ public class CMSCRLNumberExtension public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - //"type;choice(CRLExtension,CRLEntryExtension);"+ - //"CRL Extension type. This field is not editable.", + // "type;choice(CRLExtension,CRLEntryExtension);"+ + // "CRL Extension type. This field is not editable.", "enable;boolean;Check to enable CRL Number extension.", "critical;boolean;Set criticality for CRL Number extension.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-crlnumber", + ";configuration-ca-edit-crlextension-crlnumber", IExtendedPluginInfo.HELP_TEXT + - ";The CRL number is a non-critical CRL extension " + - "which conveys a monotonically increasing sequence number " + - "for each CRL issued by a CA" + ";The CRL number is a non-critical CRL extension " + + "which conveys a monotonically increasing sequence number " + + "for each CRL issued by a CA" }; return params; @@ -104,6 +102,6 @@ public class CMSCRLNumberExtension private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, - "CMSCRLNumberExtension - " + msg); + "CMSCRLNumberExtension - " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java index 245428a6..614d672d 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.crl; - import java.io.IOException; import java.util.Locale; @@ -33,21 +32,20 @@ import com.netscape.certsrv.ca.ICMSCRLExtension; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.logging.ILogger; - /** * This represents a CRL reason extension. - * + * * @version $Revision$, $Date$ */ public class CMSCRLReasonExtension - implements ICMSCRLExtension, IExtendedPluginInfo { + implements ICMSCRLExtension, IExtendedPluginInfo { private ILogger mLogger = CMS.getLogger(); public CMSCRLReasonExtension() { } public Extension setCRLExtensionCriticality(Extension ext, - boolean critical) { + boolean critical) { RevocationReason reason = null; CRLReasonExtension crlReasonExt = null; @@ -61,8 +59,8 @@ public class CMSCRLReasonExtension } public Extension getCRLExtension(IConfigStore config, - Object crlIssuingPoint, - boolean critical) { + Object crlIssuingPoint, + boolean critical) { CRLReasonExtension crlReasonExt = null; return crlReasonExt; @@ -77,15 +75,15 @@ public class CMSCRLReasonExtension public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - //"type;choice(CRLExtension,CRLEntryExtension);"+ - //"CRL Entry Extension type. This field is not editable.", + // "type;choice(CRLExtension,CRLEntryExtension);"+ + // "CRL Entry Extension type. This field is not editable.", "enable;boolean;Check to enable reason code CRL entry extension.", "critical;boolean;Set criticality for reason code CRL entry extension.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-crlreason", + ";configuration-ca-edit-crlextension-crlreason", IExtendedPluginInfo.HELP_TEXT + - ";The CRL reason code is a non-critical CRL entry extension " + - "that identifies the reason for the certificate revocation." + ";The CRL reason code is a non-critical CRL entry extension " + + "that identifies the reason for the certificate revocation." }; return params; @@ -93,6 +91,6 @@ public class CMSCRLReasonExtension private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, - "CMSCRLReasonExtension - " + msg); + "CMSCRLReasonExtension - " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java index 601e15d2..4d8fc8b9 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.crl; - import java.io.IOException; import java.util.Locale; @@ -40,18 +39,18 @@ import com.netscape.certsrv.logging.ILogger; /** * This represents a certificate issuer extension. - * + * * @version $Revision$, $Date$ */ public class CMSCertificateIssuerExtension - implements ICMSCRLExtension, IExtendedPluginInfo { + implements ICMSCRLExtension, IExtendedPluginInfo { private ILogger mLogger = CMS.getLogger(); public CMSCertificateIssuerExtension() { } public Extension setCRLExtensionCriticality(Extension ext, - boolean critical) { + boolean critical) { CertificateIssuerExtension certIssuerExt = null; GeneralNames names = null; @@ -67,8 +66,8 @@ public class CMSCertificateIssuerExtension } public Extension getCRLExtension(IConfigStore config, - Object ip, - boolean critical) { + Object ip, + boolean critical) { CertificateIssuerExtension certIssuerExt = null; int numNames = 0; @@ -195,8 +194,8 @@ public class CMSCertificateIssuerExtension public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - //"type;choice(CRLExtension,CRLEntryExtension);CRL Entry Extension type."+ - //" This field is not editable.", + // "type;choice(CRLExtension,CRLEntryExtension);CRL Entry Extension type."+ + // " This field is not editable.", "enable;boolean;Check to enable Certificate Issuer CRL entry extension.", "critical;boolean;Set criticality for Certificate Issuer CRL entry extension.", "numNames;number;Set number of certificate issuer names for the CRL entry.", @@ -207,10 +206,10 @@ public class CMSCertificateIssuerExtension "nameType2;choice(DirectoryName,URI);Select Certificate Issuer name type.", "name2;string;Enter Certificate Issuer name corresponding to the selected name type.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-certificateissuer", + ";configuration-ca-edit-crlextension-certificateissuer", IExtendedPluginInfo.HELP_TEXT + - ";This CRL entry extension identifies the certificate issuer" + - " associated with an entry in an indirect CRL." + ";This CRL entry extension identifies the certificate issuer" + + " associated with an entry in an indirect CRL." }; return params; @@ -219,4 +218,4 @@ public class CMSCertificateIssuerExtension private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java index 35d21e5c..e3290c34 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.crl; - import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -34,21 +33,20 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.logging.ILogger; - /** * This represents a delta CRL indicator extension. - * + * * @version $Revision$, $Date$ */ public class CMSDeltaCRLIndicatorExtension - implements ICMSCRLExtension, IExtendedPluginInfo { + implements ICMSCRLExtension, IExtendedPluginInfo { private ILogger mLogger = CMS.getLogger(); public CMSDeltaCRLIndicatorExtension() { } public Extension setCRLExtensionCriticality(Extension ext, - boolean critical) { + boolean critical) { BigInteger baseCRLNumber = null; DeltaCRLIndicatorExtension deltaCRLIndicatorExt = null; @@ -65,8 +63,8 @@ public class CMSDeltaCRLIndicatorExtension } public Extension getCRLExtension(IConfigStore config, - Object ip, - boolean critical) { + Object ip, + boolean critical) { DeltaCRLIndicatorExtension deltaCRLIndicatorExt = null; ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip; @@ -89,15 +87,15 @@ public class CMSDeltaCRLIndicatorExtension public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - //"type;choice(CRLExtension,CRLEntryExtension);"+ - //"CRL Extension type. This field is not editable.", + // "type;choice(CRLExtension,CRLEntryExtension);"+ + // "CRL Extension type. This field is not editable.", "enable;boolean;Check to enable Delta CRL Indicator extension.", "critical;boolean;Set criticality for Delta CRL Indicator extension.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-crlnumber", + ";configuration-ca-edit-crlextension-crlnumber", IExtendedPluginInfo.HELP_TEXT + - ";The Delta CRL Indicator is a critical CRL extension " + - "which identifies a delta-CRL." + ";The Delta CRL Indicator is a critical CRL extension " + + "which identifies a delta-CRL." }; return params; @@ -105,7 +103,6 @@ public class CMSDeltaCRLIndicatorExtension private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, - "CMSDeltaCRLIndicatorExtension - " + msg); + "CMSDeltaCRLIndicatorExtension - " + msg); } } - diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java index 86bdd05e..38eb7a1c 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.crl; - import java.io.IOException; import java.util.Locale; @@ -40,14 +39,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.logging.ILogger; - /** * This represents a freshest CRL extension. - * + * * @version $Revision$, $Date$ */ public class CMSFreshestCRLExtension - implements ICMSCRLExtension, IExtendedPluginInfo { + implements ICMSCRLExtension, IExtendedPluginInfo { public static final String PROP_NUM_POINTS = "numPoints"; public static final String PROP_POINTTYPE = "pointType"; public static final String PROP_POINTNAME = "pointName"; @@ -60,7 +58,7 @@ public class CMSFreshestCRLExtension } public Extension setCRLExtensionCriticality(Extension ext, - boolean critical) { + boolean critical) { FreshestCRLExtension freshestCRLExt = (FreshestCRLExtension) ext; freshestCRLExt.setCritical(critical); @@ -69,7 +67,7 @@ public class CMSFreshestCRLExtension } public Extension getCRLExtension(IConfigStore config, Object ip, - boolean critical) { + boolean critical) { ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip; FreshestCRLExtension freshestCRLExt = null; @@ -159,7 +157,7 @@ public class CMSFreshestCRLExtension numPoints = config.getInteger(PROP_NUM_POINTS, 0); } catch (EBaseException e) { log(ILogger.LL_FAILURE, "Invalid numPoints property for CRL " + - "Freshest CRL extension - " + e); + "Freshest CRL extension - " + e); } nvp.add(PROP_NUM_POINTS, String.valueOf(numPoints)); @@ -204,26 +202,26 @@ public class CMSFreshestCRLExtension "critical;boolean;Set criticality for Freshest CRL extension.", PROP_NUM_POINTS + ";number;Set number of CRL distribution points.", PROP_POINTTYPE + "0;choice(" + PROP_DIRNAME + "," + PROP_URINAME + - ");Select CRL distribution point name type.", + ");Select CRL distribution point name type.", PROP_POINTNAME + "0;string;Enter CRL distribution point name " + - "corresponding to the selected point type.", + "corresponding to the selected point type.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-issuingdistributionpoint", + ";configuration-ca-edit-crlextension-issuingdistributionpoint", PROP_POINTTYPE + "1;choice(" + PROP_DIRNAME + "," + PROP_URINAME + - ");Select CRL distribution point name type.", + ");Select CRL distribution point name type.", PROP_POINTNAME + "1;string;Enter CRL distribution point name " + - "corresponding to the selected point type.", + "corresponding to the selected point type.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-issuingdistributionpoint", + ";configuration-ca-edit-crlextension-issuingdistributionpoint", PROP_POINTTYPE + "2;choice(" + PROP_DIRNAME + "," + PROP_URINAME + - ");Select CRL distribution point name type.", + ");Select CRL distribution point name type.", PROP_POINTNAME + "2;string;Enter CRL distribution point name " + - "corresponding to the selected point type.", + "corresponding to the selected point type.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-issuingdistributionpoint", + ";configuration-ca-edit-crlextension-issuingdistributionpoint", IExtendedPluginInfo.HELP_TEXT + - ";The Freshest CRL is a non critical CRL extension " + - "that identifies the delta CRL distribution points for a particular CRL." + ";The Freshest CRL is a non critical CRL extension " + + "that identifies the delta CRL distribution points for a particular CRL." }; return params; @@ -231,6 +229,6 @@ public class CMSFreshestCRLExtension private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, - "CMSFreshestCRLExtension - " + msg); + "CMSFreshestCRLExtension - " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java index e0e39b8a..04e5468d 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.crl; - import java.io.IOException; import java.util.Locale; @@ -36,14 +35,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.logging.ILogger; - /** * This represents a hold instruction extension. - * + * * @version $Revision$, $Date$ */ public class CMSHoldInstructionExtension - implements ICMSCRLExtension, IExtendedPluginInfo { + implements ICMSCRLExtension, IExtendedPluginInfo { public static final String PROP_INSTR = "instruction"; public static final String PROP_INSTR_NONE = "none"; public static final String PROP_INSTR_CALLISSUER = "callissuer"; @@ -55,12 +53,12 @@ public class CMSHoldInstructionExtension } public Extension setCRLExtensionCriticality(Extension ext, - boolean critical) { + boolean critical) { HoldInstructionExtension holdInstrExt = null; try { ObjectIdentifier holdInstr = - ((HoldInstructionExtension) ext).getHoldInstructionCode(); + ((HoldInstructionExtension) ext).getHoldInstructionCode(); holdInstrExt = new HoldInstructionExtension(Boolean.valueOf(critical), holdInstr); @@ -71,8 +69,8 @@ public class CMSHoldInstructionExtension } public Extension getCRLExtension(IConfigStore config, - Object ip, - boolean critical) { + Object ip, + boolean critical) { HoldInstructionExtension holdInstrExt = null; String instruction = null; @@ -121,8 +119,7 @@ public class CMSHoldInstructionExtension } if (instruction != null) { if (!(instruction.equalsIgnoreCase(PROP_INSTR_NONE) || - instruction.equalsIgnoreCase(PROP_INSTR_CALLISSUER) || - instruction.equalsIgnoreCase(PROP_INSTR_REJECT))) { + instruction.equalsIgnoreCase(PROP_INSTR_CALLISSUER) || instruction.equalsIgnoreCase(PROP_INSTR_REJECT))) { instruction = PROP_INSTR_NONE; } } else { @@ -133,19 +130,19 @@ public class CMSHoldInstructionExtension public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - //"type;choice(CRLExtension,CRLEntryExtension);"+ - //"CRL Entry Extension type. This field is not editable.", + // "type;choice(CRLExtension,CRLEntryExtension);"+ + // "CRL Entry Extension type. This field is not editable.", "enable;boolean;Check to enable Hold Instruction CRL entry extension.", "critical;boolean;Set criticality for Hold Instruction CRL entry extension.", PROP_INSTR + ";choice(" + PROP_INSTR_NONE + "," + PROP_INSTR_CALLISSUER + "," + - PROP_INSTR_REJECT + ");Select hold instruction code.", + PROP_INSTR_REJECT + ");Select hold instruction code.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-holdinstruction", + ";configuration-ca-edit-crlextension-holdinstruction", IExtendedPluginInfo.HELP_TEXT + - ";The hold instruction code is a non-critical CRL entry " + - "extension that provides a registered instruction identifier " + - "which indicates the action to be taken after encountering " + - "a certificate that has been placed on hold." + ";The hold instruction code is a non-critical CRL entry " + + "extension that provides a registered instruction identifier " + + "which indicates the action to be taken after encountering " + + "a certificate that has been placed on hold." }; return params; @@ -153,6 +150,6 @@ public class CMSHoldInstructionExtension private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, - "CMSHoldInstructionExtension - " + msg); + "CMSHoldInstructionExtension - " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java index c0c62244..2f885262 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.crl; - import java.io.IOException; import java.util.Date; import java.util.Locale; @@ -33,21 +32,20 @@ import com.netscape.certsrv.ca.ICMSCRLExtension; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.logging.ILogger; - /** * This represents a invalidity date extension. - * + * * @version $Revision$, $Date$ */ public class CMSInvalidityDateExtension - implements ICMSCRLExtension, IExtendedPluginInfo { + implements ICMSCRLExtension, IExtendedPluginInfo { private ILogger mLogger = CMS.getLogger(); public CMSInvalidityDateExtension() { } public Extension setCRLExtensionCriticality(Extension ext, - boolean critical) { + boolean critical) { InvalidityDateExtension invalidityDateExt = null; try { @@ -62,8 +60,8 @@ public class CMSInvalidityDateExtension } public Extension getCRLExtension(IConfigStore config, - Object crlIssuingPoint, - boolean critical) { + Object crlIssuingPoint, + boolean critical) { InvalidityDateExtension invalidityDateExt = null; return invalidityDateExt; @@ -78,17 +76,17 @@ public class CMSInvalidityDateExtension public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - //"type;choice(CRLExtension,CRLEntryExtension);"+ - //"CRL Entry Extension type. This field is not editable.", + // "type;choice(CRLExtension,CRLEntryExtension);"+ + // "CRL Entry Extension type. This field is not editable.", "enable;boolean;Check to enable Invalidity Date CRL entry extension.", "critical;boolean;Set criticality for Invalidity Date CRL entry extension.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-invaliditydate", + ";configuration-ca-edit-crlextension-invaliditydate", IExtendedPluginInfo.HELP_TEXT + - ";The invalidity date is a non-critical CRL entry extension " + - "that provides the date on which it is known or suspected " + - "that the private key was compromised or that the certificate" + - " otherwise became invalid." + ";The invalidity date is a non-critical CRL entry extension " + + "that provides the date on which it is known or suspected " + + "that the private key was compromised or that the certificate" + + " otherwise became invalid." }; return params; @@ -96,6 +94,6 @@ public class CMSInvalidityDateExtension private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, - "CMSInvalidityDateExtension - " + msg); + "CMSInvalidityDateExtension - " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java index 9ca9d5d2..428fb447 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.crl; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.util.Locale; @@ -47,14 +46,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.logging.ILogger; - /** * This represents a issuer alternative name extension. - * + * * @version $Revision$, $Date$ */ public class CMSIssuerAlternativeNameExtension - implements ICMSCRLExtension, IExtendedPluginInfo { + implements ICMSCRLExtension, IExtendedPluginInfo { private static final String PROP_RFC822_NAME = "rfc822Name"; private static final String PROP_DNS_NAME = "dNSName"; private static final String PROP_DIR_NAME = "directoryName"; @@ -70,7 +68,7 @@ public class CMSIssuerAlternativeNameExtension } public Extension setCRLExtensionCriticality(Extension ext, - boolean critical) { + boolean critical) { IssuerAlternativeNameExtension issuerAltNameExt = null; GeneralNames names = null; @@ -84,8 +82,8 @@ public class CMSIssuerAlternativeNameExtension } public Extension getCRLExtension(IConfigStore config, - Object ip, - boolean critical) { + Object ip, + boolean critical) { ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip; IssuerAlternativeNameExtension issuerAltNameExt = null; int numNames = 0; @@ -196,7 +194,7 @@ public class CMSIssuerAlternativeNameExtension numNames = config.getInteger("numNames", 0); } catch (EBaseException e) { log(ILogger.LL_FAILURE, "Invalid numNames property for CRL " + - "IssuerAlternativeName extension - " + e); + "IssuerAlternativeName extension - " + e); } nvp.add("numNames", String.valueOf(numNames)); @@ -207,10 +205,10 @@ public class CMSIssuerAlternativeNameExtension nameType = config.getString("nameType" + i); } catch (EPropertyNotFound e) { log(ILogger.LL_FAILURE, "Undefined nameType" + i + " property for " + - "CRL IssuerAlternativeName extension - " + e); + "CRL IssuerAlternativeName extension - " + e); } catch (EBaseException e) { log(ILogger.LL_FAILURE, "Invalid nameType" + i + " property for " + - "CRL IssuerAlternativeName extension - " + e); + "CRL IssuerAlternativeName extension - " + e); } if (nameType != null && nameType.length() > 0) { @@ -225,10 +223,10 @@ public class CMSIssuerAlternativeNameExtension name = config.getString("name" + i); } catch (EPropertyNotFound e) { log(ILogger.LL_FAILURE, "Undefined name" + i + " property for " + - "CRL IssuerAlternativeName extension - " + e); + "CRL IssuerAlternativeName extension - " + e); } catch (EBaseException e) { log(ILogger.LL_FAILURE, "Invalid name" + i + " property for " + - "CRL IssuerAlternativeName extension - " + e); + "CRL IssuerAlternativeName extension - " + e); } if (name != null && name.length() > 0) { @@ -248,28 +246,28 @@ public class CMSIssuerAlternativeNameExtension public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - //"type;choice(CRLExtension,CRLEntryExtension);"+ - //"CRL Extension type. This field is not editable.", + // "type;choice(CRLExtension,CRLEntryExtension);"+ + // "CRL Extension type. This field is not editable.", "enable;boolean;Check to enable Issuer Alternative Name CRL extension.", "critical;boolean;Set criticality for Issuer Alternative Name CRL extension.", "numNames;number;Set number of alternative names for the CRL issuer.", "nameType0;choice(" + PROP_RFC822_NAME + "," + PROP_DIR_NAME + "," + PROP_DNS_NAME + "," + - PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," + - PROP_OTHER_NAME + ");Select Issuer Alternative Name type.", + PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," + + PROP_OTHER_NAME + ");Select Issuer Alternative Name type.", "name0;string;Enter Issuer Alternative Name corresponding to the selected name type.", "nameType1;choice(" + PROP_RFC822_NAME + "," + PROP_DIR_NAME + "," + PROP_DNS_NAME + "," + - PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," + - PROP_OTHER_NAME + ");Select Issuer Alternative Name type.", + PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," + + PROP_OTHER_NAME + ");Select Issuer Alternative Name type.", "name1;string;Enter Issuer Alternative Name corresponding to the selected name type.", "nameType2;choice(" + PROP_RFC822_NAME + "," + PROP_DIR_NAME + "," + PROP_DNS_NAME + "," + - PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," + - PROP_OTHER_NAME + ");Select Issuer Alternative Name type.", + PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," + + PROP_OTHER_NAME + ");Select Issuer Alternative Name type.", "name2;string;Enter Issuer Alternative Name corresponding to the selected name type.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-issueralternativename", + ";configuration-ca-edit-crlextension-issueralternativename", IExtendedPluginInfo.HELP_TEXT + - ";The issuer alternative names extension allows additional" + - " identities to be associated with the issuer of the CRL." + ";The issuer alternative names extension allows additional" + + " identities to be associated with the issuer of the CRL." }; return params; @@ -277,6 +275,6 @@ public class CMSIssuerAlternativeNameExtension private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, - "CMSIssuerAlternativeNameExtension - " + msg); + "CMSIssuerAlternativeNameExtension - " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java index ccc5b64d..498e358c 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.crl; - import java.io.IOException; import java.util.Locale; import java.util.StringTokenizer; @@ -43,14 +42,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.logging.ILogger; - /** * This represents a issuing distribution point extension. - * + * * @version $Revision$, $Date$ */ public class CMSIssuingDistributionPointExtension - implements ICMSCRLExtension, IExtendedPluginInfo { + implements ICMSCRLExtension, IExtendedPluginInfo { public static final String PROP_POINTTYPE = "pointType"; public static final String PROP_POINTNAME = "pointName"; public static final String PROP_DIRNAME = "DirectoryName"; @@ -61,14 +59,14 @@ public class CMSIssuingDistributionPointExtension public static final String PROP_INDIRECT = "indirectCRL"; public static final String PROP_REASONS = "onlySomeReasons"; - private static final String[] reasonFlags = {"unused", + private static final String[] reasonFlags = { "unused", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", - "privilegeWithdrawn"}; + "privilegeWithdrawn" }; private ILogger mLogger = CMS.getLogger(); @@ -76,9 +74,9 @@ public class CMSIssuingDistributionPointExtension } public Extension setCRLExtensionCriticality(Extension ext, - boolean critical) { + boolean critical) { IssuingDistributionPointExtension issuingDPointExt = - (IssuingDistributionPointExtension) ext; + (IssuingDistributionPointExtension) ext; issuingDPointExt.setCritical(critical); @@ -86,8 +84,8 @@ public class CMSIssuingDistributionPointExtension } public Extension getCRLExtension(IConfigStore config, - Object ip, - boolean critical) { + Object ip, + boolean critical) { CMS.debug("in CMSIssuingDistributionPointExtension::getCRLExtension."); ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip; @@ -164,7 +162,7 @@ public class CMSIssuingDistributionPointExtension } if (reasons != null && reasons.length() > 0) { - boolean[] bits = {false, false, false, false, false, false, false}; + boolean[] bits = { false, false, false, false, false, false, false }; int k = 0; StringTokenizer st = new StringTokenizer(reasons, ","); @@ -275,25 +273,22 @@ public class CMSIssuingDistributionPointExtension log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "caCertsOnly", e.toString())); } // Disable these for now unitl we support them fully -/* - try { - boolean userCertsOnly = config.getBoolean(PROP_USERCERTS, false); - - nvp.add(PROP_USERCERTS, String.valueOf(userCertsOnly)); - } catch (EBaseException e) { - nvp.add(PROP_USERCERTS, "false"); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "userCertsOnly", e.toString())); - } - - try { - boolean indirectCRL = config.getBoolean(PROP_INDIRECT, false); - - nvp.add(PROP_INDIRECT, String.valueOf(indirectCRL)); - } catch (EBaseException e) { - nvp.add(PROP_INDIRECT, "false"); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "indirectCRL", e.toString())); - } -*/ + /* + * try { boolean userCertsOnly = config.getBoolean(PROP_USERCERTS, + * false); + * + * nvp.add(PROP_USERCERTS, String.valueOf(userCertsOnly)); } catch + * (EBaseException e) { nvp.add(PROP_USERCERTS, "false"); + * log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", + * "userCertsOnly", e.toString())); } + * + * try { boolean indirectCRL = config.getBoolean(PROP_INDIRECT, false); + * + * nvp.add(PROP_INDIRECT, String.valueOf(indirectCRL)); } catch + * (EBaseException e) { nvp.add(PROP_INDIRECT, "false"); + * log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", + * "indirectCRL", e.toString())); } + */ } public String[] getExtendedPluginInfo(Locale locale) { @@ -305,25 +300,26 @@ public class CMSIssuingDistributionPointExtension sb_reasons.append(reasonFlags[i]); } String[] params = { - //"type;choice(CRLExtension,CRLEntryExtension);"+ - //"CRL Extension type. This field is not editable.", + // "type;choice(CRLExtension,CRLEntryExtension);"+ + // "CRL Extension type. This field is not editable.", "enable;boolean;Check to enable Issuing Distribution Point CRL extension.", "critical;boolean;Set criticality for Issuing Distribution Point CRL extension.", PROP_POINTTYPE + ";choice(" + PROP_DIRNAME + "," + PROP_URINAME + "," + - PROP_RDNNAME + ");Select Issuing Distribution Point name type.", + PROP_RDNNAME + ");Select Issuing Distribution Point name type.", PROP_POINTNAME + ";string;Enter Issuing Distribution Point name " + - "corresponding to the selected point type.", + "corresponding to the selected point type.", PROP_REASONS + ";string;Select any combination of the following reasons: " + - sb_reasons.toString(), + sb_reasons.toString(), PROP_CACERTS + ";boolean;Check if CRL contains CA certificates only", - // Remove these from the UI until they can be supported fully. - // PROP_USERCERTS + ";boolean;Check if CRL contains user certificates only", - // PROP_INDIRECT + ";boolean;Check if CRL is built indirectly.", + // Remove these from the UI until they can be supported fully. + // PROP_USERCERTS + + // ";boolean;Check if CRL contains user certificates only", + // PROP_INDIRECT + ";boolean;Check if CRL is built indirectly.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-issuingdistributionpoint", + ";configuration-ca-edit-crlextension-issuingdistributionpoint", IExtendedPluginInfo.HELP_TEXT + - ";The issuing distribution point is a critical CRL extension " + - "that identifies the CRL distribution point for a particular CRL." + ";The issuing distribution point is a critical CRL extension " + + "that identifies the CRL distribution point for a particular CRL." }; return params; @@ -331,6 +327,6 @@ public class CMSIssuingDistributionPointExtension private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, - "CMSIssuingDistributionPointExtension - " + msg); + "CMSIssuingDistributionPointExtension - " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java index d026cdba..9411d2b7 100644 --- a/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java +++ b/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.evaluators; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.EBaseException; @@ -28,7 +27,6 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cmsutil.util.Utils; - /** * A class represents a group acls evaluator. * <P> @@ -54,7 +52,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator { } /** - * initialization. nothing for now. + * initialization. nothing for now. */ public void init() { CMS.debug("GroupAccessEvaluator: init"); @@ -62,6 +60,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator { /** * gets the type name for this acl evaluator + * * @return type for this acl evaluator: "group" or "at_group" */ public String getType() { @@ -70,6 +69,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator { /** * gets the description for this acl evaluator + * * @return description for this acl evaluator */ public String getDescription() { @@ -85,14 +85,13 @@ public class GroupAccessEvaluator implements IAccessEvaluator { } /** - * evaluates uid in AuthToken to see if it has membership in - * group value + * evaluates uid in AuthToken to see if it has membership in group value + * * @param authToken authentication token * @param type must be "at_group" * @param op must be "=" * @param value the group name - * @return true if AuthToken uid belongs to the group value, - * false otherwise + * @return true if AuthToken uid belongs to the group value, false otherwise */ public boolean evaluate(IAuthToken authToken, String type, String op, String value) { @@ -104,17 +103,17 @@ public class GroupAccessEvaluator implements IAccessEvaluator { if (uid == null) { uid = authToken.getInString("uid"); if (uid == null) { - CMS.debug("GroupAccessEvaluator: evaluate: uid null"); - log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL")); - return false; + CMS.debug("GroupAccessEvaluator: evaluate: uid null"); + log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL")); + return false; } } - CMS.debug("GroupAccessEvaluator: evaluate: uid="+uid +" value="+value); + CMS.debug("GroupAccessEvaluator: evaluate: uid=" + uid + " value=" + value); String groupname = authToken.getInString("gid"); if (groupname != null) { - CMS.debug("GroupAccessEvaluator: evaluate: authToken gid="+groupname); + CMS.debug("GroupAccessEvaluator: evaluate: authToken gid=" + groupname); if (op.equals("=")) { return groupname.equals(Utils.stripQuotes(value)); } else if (op.equals("!=")) { @@ -123,12 +122,12 @@ public class GroupAccessEvaluator implements IAccessEvaluator { } else { CMS.debug("GroupAccessEvaluator: evaluate: no gid in authToken"); IUser id = null; - try { - id = mUG.getUser(uid); - } catch (EBaseException e) { + try { + id = mUG.getUser(uid); + } catch (EBaseException e) { CMS.debug("GroupAccessEvaluator: " + e.toString()); return false; - } + } if (op.equals("=")) { return mUG.isMemberOf(id, Utils.stripQuotes(value)); @@ -142,13 +141,14 @@ public class GroupAccessEvaluator implements IAccessEvaluator { } /** - * evaluates uid in SessionContext to see if it has membership in - * group value + * evaluates uid in SessionContext to see if it has membership in group + * value + * * @param type must be "group" * @param op must be "=" * @param value the group name - * @return true if SessionContext uid belongs to the group value, - * false otherwise + * @return true if SessionContext uid belongs to the group value, false + * otherwise */ public boolean evaluate(String type, String op, String value) { @@ -161,12 +161,12 @@ public class GroupAccessEvaluator implements IAccessEvaluator { log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL")); return false; } - if (op.equals("=")) + if (op.equals("=")) return mUG.isMemberOf(id, Utils.stripQuotes(value)); else return !(mUG.isMemberOf(id, Utils.stripQuotes(value))); - - } + + } return false; } @@ -175,7 +175,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, - level, "GroupAccessEvaluator: " + msg); + level, "GroupAccessEvaluator: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java index a5c99eeb..3d512c98 100644 --- a/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java +++ b/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.evaluators; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.SessionContext; @@ -25,7 +24,6 @@ import com.netscape.certsrv.evaluators.IAccessEvaluator; import com.netscape.certsrv.logging.ILogger; import com.netscape.cmsutil.util.Utils; - /** * A class represents a IP address acls evaluator. * <P> @@ -44,13 +42,14 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator { } /** - * initialization. nothing for now. + * initialization. nothing for now. */ public void init() { } /** * gets the type name for this acl evaluator + * * @return type for this acl evaluator: ipaddress */ public String getType() { @@ -59,6 +58,7 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator { /** * gets the description for this acl evaluator + * * @return description for this acl evaluator */ public String getDescription() { @@ -75,6 +75,7 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator { /** * Gets the IP address from session context + * * @param authToken authentication token * @param type must be "ipaddress" * @param op must be "=" or "!=" @@ -86,13 +87,14 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator { } /** - * evaluates uid in SessionContext to see if it has membership in - * group value + * evaluates uid in SessionContext to see if it has membership in group + * value + * * @param type must be "group" * @param op must be "=" * @param value the group name - * @return true if SessionContext uid belongs to the group value, - * false otherwise + * @return true if SessionContext uid belongs to the group value, false + * otherwise */ public boolean evaluate(String type, String op, String value) { @@ -106,13 +108,13 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator { log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUATOR_IPADDRESS_NULL")); return false; } - if (op.equals("=")) { + if (op.equals("=")) { return ipaddress.matches(value); } else { return !(ipaddress.matches(value)); } - - } + + } return false; } @@ -121,6 +123,6 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, - level, "GroupAccessEvaluator: " + msg); + level, "GroupAccessEvaluator: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java index 4b6b5677..bf7727c9 100644 --- a/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java +++ b/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.evaluators; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.SessionContext; @@ -26,7 +25,6 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cmsutil.util.Utils; - /** * A class represents a user acls evaluator. * <P> @@ -48,7 +46,7 @@ public class UserAccessEvaluator implements IAccessEvaluator { } /** - * initialization. nothing for now. + * initialization. nothing for now. */ public void init() { CMS.debug("UserAccessEvaluator: init"); @@ -56,6 +54,7 @@ public class UserAccessEvaluator implements IAccessEvaluator { /** * gets the type name for this acl evaluator + * * @return type for this acl evaluator: "user" or "at_user" */ public String getType() { @@ -64,6 +63,7 @@ public class UserAccessEvaluator implements IAccessEvaluator { /** * gets the description for this acl evaluator + * * @return description for this acl evaluator */ public String getDescription() { @@ -80,6 +80,7 @@ public class UserAccessEvaluator implements IAccessEvaluator { /** * Evaluates the user in AuthToken to see if it's equal to value + * * @param authToken AuthToken from authentication * @param type must be "at_user" * @param op must be "=" @@ -92,9 +93,9 @@ public class UserAccessEvaluator implements IAccessEvaluator { String s = Utils.stripQuotes(value); if ((s.equals(ANYBODY) || s.equals(EVERYBODY)) && op.equals("=")) - return true; - - // should define "uid" at a common place + return true; + + // should define "uid" at a common place String uid = null; uid = authToken.getInString("uid"); @@ -108,13 +109,14 @@ public class UserAccessEvaluator implements IAccessEvaluator { return s.equalsIgnoreCase(uid); else if (op.equals("!=")) return !(s.equalsIgnoreCase(uid)); - } + } return false; } /** * Evaluates the user in session context to see if it's equal to value + * * @param type must be "user" * @param op must be "=" * @param value the user id @@ -145,7 +147,7 @@ public class UserAccessEvaluator implements IAccessEvaluator { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, - level, "UserAccessEvaluator: " + msg); + level, "UserAccessEvaluator: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java index b1b406c0..4687b709 100644 --- a/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java +++ b/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.evaluators; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.SessionContext; @@ -26,12 +25,11 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cmsutil.util.Utils; - /** - * A class represents a user-origreq uid mapping acls evaluator. - * This is primarily used for renewal. During renewal, the orig_req - * uid is placed in the SessionContext of the renewal session context - * to be evaluated by this evaluator + * A class represents a user-origreq uid mapping acls evaluator. This is + * primarily used for renewal. During renewal, the orig_req uid is placed in the + * SessionContext of the renewal session context to be evaluated by this + * evaluator * <P> * * @author Christina Fu @@ -52,7 +50,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { } /** - * initialization. nothing for now. + * initialization. nothing for now. */ public void init() { CMS.debug("UserOrigReqAccessEvaluator: init"); @@ -60,6 +58,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { /** * gets the type name for this acl evaluator + * * @return type for this acl evaluator: "user_origreq" or "at_user_origreq" */ public String getType() { @@ -68,6 +67,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { /** * gets the description for this acl evaluator + * * @return description for this acl evaluator */ public String getDescription() { @@ -84,6 +84,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { /** * Evaluates the user in AuthToken to see if it's equal to value + * * @param authToken AuthToken from authentication * @param type must be "at_userreq" * @param op must be "=" @@ -96,9 +97,9 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { String s = Utils.stripQuotes(value); if ((s.equals(ANYBODY) || s.equals(EVERYBODY)) && op.equals("=")) - return true; - - // should define "uid" at a common place + return true; + + // should define "uid" at a common place String uid = null; uid = authToken.getInString("uid"); @@ -107,30 +108,31 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken null"); return false; } else - CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken ="+ uid); + CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken =" + uid); // find value of param in request SessionContext mSC = SessionContext.getContext(); - CMS.debug("UserOrigReqAccessEvaluator: evaluate() getting "+"orig_req."+s+ " in SessionContext"); + CMS.debug("UserOrigReqAccessEvaluator: evaluate() getting " + "orig_req." + s + " in SessionContext"); // "orig_req.auth_token.uid" - String orig_id = (String) mSC.get("orig_req."+s); + String orig_id = (String) mSC.get("orig_req." + s); if (orig_id == null) { CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id null"); return false; } - CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id ="+ orig_id); + CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id =" + orig_id); if (op.equals("=")) return uid.equalsIgnoreCase(orig_id); else if (op.equals("!=")) return !(uid.equalsIgnoreCase(orig_id)); - } + } return false; } /** * Evaluates the user in session context to see if it's equal to value + * * @param type must be "user_origreq" * @param op must be "=" * @param value the user id @@ -141,7 +143,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { SessionContext mSC = SessionContext.getContext(); if (type.equals(mType)) { -// what do I do with s here? + // what do I do with s here? String s = Utils.stripQuotes(value); if (s.equals(ANYBODY) && op.equals("=")) @@ -149,7 +151,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { IUser id = (IUser) mSC.get(SessionContext.USER); // "orig_req.auth_token.uid" - String orig_id = (String) mSC.get("orig_req"+s); + String orig_id = (String) mSC.get("orig_req" + s); if (op.equals("=")) return id.getName().equalsIgnoreCase(orig_id); diff --git a/pki/base/common/src/com/netscape/cms/jobs/AJobBase.java b/pki/base/common/src/com/netscape/cms/jobs/AJobBase.java index 8488ec2d..bf875162 100644 --- a/pki/base/common/src/com/netscape/cms/jobs/AJobBase.java +++ b/pki/base/common/src/com/netscape/cms/jobs/AJobBase.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.jobs; - import java.io.IOException; import java.util.Hashtable; @@ -36,11 +35,10 @@ import com.netscape.certsrv.notification.IEmailTemplate; import com.netscape.certsrv.notification.IMailNotification; import com.netscape.certsrv.request.IRequest; - /** - * This abstract class is a base job for real job extentions for the - * Jobs Scheduler. - * + * This abstract class is a base job for real job extentions for the Jobs + * Scheduler. + * * @version $Revision$, $Date$ * @see com.netscape.certsrv.jobs.IJob */ @@ -57,7 +55,7 @@ public abstract class AJobBase implements IJob, Runnable { protected static final String STATUS_FAILURE = "failed"; protected static final String STATUS_SUCCESS = "succeeded"; - // variables used by the Job Scheduler Daemon + // variables used by the Job Scheduler Daemon protected String mImplName = null; protected IConfigStore mConfig; protected String mId = null; @@ -81,8 +79,8 @@ public abstract class AJobBase implements IJob, Runnable { /** * tells if the job is enabled - * @return a boolean value indicating whether the job is enabled - * or not + * + * @return a boolean value indicating whether the job is enabled or not */ public boolean isEnabled() { boolean enabled = false; @@ -98,16 +96,17 @@ public abstract class AJobBase implements IJob, Runnable { * abstract methods ***********************/ public abstract void init(ISubsystem owner, String id, String implName, IConfigStore - config) throws EBaseException; + config) throws EBaseException; public abstract void run(); /*********************** * public methods ***********************/ - + /** * get instance id. + * * @return a String identifier */ public String getId() { @@ -116,6 +115,7 @@ public abstract class AJobBase implements IJob, Runnable { /** * set instance id. + * * @param id String id of the instance */ public void setId(String id) { @@ -124,6 +124,7 @@ public abstract class AJobBase implements IJob, Runnable { /** * get cron string associated with this job + * * @return a JobCron object that represents the schedule of this job */ public IJobCron getJobCron() { @@ -132,6 +133,7 @@ public abstract class AJobBase implements IJob, Runnable { /** * gets the plugin name of this job. + * * @return a String that is the name of this implementation */ public String getImplName() { @@ -140,6 +142,7 @@ public abstract class AJobBase implements IJob, Runnable { /** * Gets the configuration substore used by this job + * * @return configuration store */ public IConfigStore getConfigStore() { @@ -193,29 +196,29 @@ public abstract class AJobBase implements IJob, Runnable { } catch (ENotificationException e) { // already logged, lets audit mLogger.log(ILogger.EV_AUDIT, null, - ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SEND_NOTIFICATION", e.toString())); + ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SEND_NOTIFICATION", e.toString())); } catch (IOException e) { // already logged, lets audit mLogger.log(ILogger.EV_AUDIT, null, - ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SEND_NOTIFICATION", e.toString())); + ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SEND_NOTIFICATION", e.toString())); } } protected void buildItemParams(X509CertImpl cert) { mItemParams.put(IEmailFormProcessor.TOKEN_SERIAL_NUM, - (Object) cert.getSerialNumber().toString()); + (Object) cert.getSerialNumber().toString()); mItemParams.put(IEmailFormProcessor.TOKEN_HEX_SERIAL_NUM, - (Object) cert.getSerialNumber().toString(16)); + (Object) cert.getSerialNumber().toString(16)); mItemParams.put(IEmailFormProcessor.TOKEN_ISSUER_DN, - (Object) cert.getIssuerDN().toString()); + (Object) cert.getIssuerDN().toString()); mItemParams.put(IEmailFormProcessor.TOKEN_SUBJECT_DN, - (Object) cert.getSubjectDN().toString()); + (Object) cert.getSubjectDN().toString()); mItemParams.put(IEmailFormProcessor.TOKEN_NOT_AFTER, - (Object) cert.getNotAfter().toString()); + (Object) cert.getNotAfter().toString()); mItemParams.put(IEmailFormProcessor.TOKEN_NOT_BEFORE, - (Object) cert.getNotBefore().toString()); + (Object) cert.getNotBefore().toString()); // ... and more } @@ -258,7 +261,8 @@ public abstract class AJobBase implements IJob, Runnable { } /** - * logs an entry in the log file. Used by classes extending this class. + * logs an entry in the log file. Used by classes extending this class. + * * @param level log level * @param msg log message in String */ @@ -266,21 +270,22 @@ public abstract class AJobBase implements IJob, Runnable { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, - level, mId + ": " + msg); + level, mId + ": " + msg); } /** - * capable of logging multiline entry in the log file. Used by classes extending this class. + * capable of logging multiline entry in the log file. Used by classes + * extending this class. + * * @param level log level * @param msg log message in String - * @param multiline boolean indicating whether the message is a - * multi-lined message. + * @param multiline boolean indicating whether the message is a multi-lined + * message. */ public void log(int level, String msg, boolean multiline) { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, - level, mId + ": " + msg, multiline); + level, mId + ": " + msg, multiline); } } - diff --git a/pki/base/common/src/com/netscape/cms/jobs/PublishCertsJob.java b/pki/base/common/src/com/netscape/cms/jobs/PublishCertsJob.java index a23cc1f3..ba8bffad 100644 --- a/pki/base/common/src/com/netscape/cms/jobs/PublishCertsJob.java +++ b/pki/base/common/src/com/netscape/cms/jobs/PublishCertsJob.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.jobs; - import java.security.cert.X509Certificate; import java.text.DateFormat; import java.util.Date; @@ -46,59 +45,47 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestId; - /** - * a job for the Jobs Scheduler. This job checks in the internal ldap - * db for valid certs that have not been published to the - * publishing directory. + * a job for the Jobs Scheduler. This job checks in the internal ldap db for + * valid certs that have not been published to the publishing directory. * <p> * the $TOKENS that are available for the this jobs's summary outer form are:<br> * <UL> - * $Status - * $InstanceID - * $SummaryItemList - * $SummaryTotalNum - * $SummaryTotalSuccess - * $SummaryTotalfailure - * $ExecutionTime + * $Status $InstanceID $SummaryItemList $SummaryTotalNum $SummaryTotalSuccess + * $SummaryTotalfailure $ExecutionTime * </UL> * and for the inner list items: * <UL> - * $SerialNumber - * $IssuerDN - * $SubjectDN - * $NotAfter - * $NotBefore - * $RequestorEmail + * $SerialNumber $IssuerDN $SubjectDN $NotAfter $NotBefore $RequestorEmail * $CertType * </UL> - * + * * @version $Revision$, $Date$ */ public class PublishCertsJob extends AJobBase - implements IJob, Runnable, IExtendedPluginInfo { - + implements IJob, Runnable, IExtendedPluginInfo { + ICertificateAuthority mCa = null; IRequestQueue mReqQ = null; ICertificateRepository mRepository = null; IPublisherProcessor mPublisherProcessor = null; private boolean mSummary = false; - /* Holds configuration parameters accepted by this implementation. - * This list is passed to the configuration console so configuration - * for instances of this implementation can be configured through the - * console. + /* + * Holds configuration parameters accepted by this implementation. This list + * is passed to the configuration console so configuration for instances of + * this implementation can be configured through the console. */ protected static String[] mConfigParams = - new String[] { - "enabled", - "cron", - "summary.enabled", - "summary.emailSubject", - "summary.emailTemplate", - "summary.itemTemplate", - "summary.senderEmail", - "summary.recipientEmail" + new String[] { + "enabled", + "cron", + "summary.enabled", + "summary.emailSubject", + "summary.emailTemplate", + "summary.itemTemplate", + "summary.senderEmail", + "summary.recipientEmail" }; /* Vector of extendedPluginInfo strings */ @@ -110,24 +97,24 @@ public class PublishCertsJob extends AJobBase public String[] getExtendedPluginInfo(Locale locale) { String s[] = { IExtendedPluginInfo.HELP_TEXT + - "; A job that checks for valid certificates in the " + - "database, that have not been published and publish them to " + - "the publishing directory", + "; A job that checks for valid certificates in the " + + "database, that have not been published and publish them to " + + "the publishing directory", "cron;string;Format: minute hour dayOfMonth month " + - "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday", + "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday", "summary.senderEmail;string;Specify the address to be used " + - "as the email's 'sender'. Bounces go to this address.", + "as the email's 'sender'. Bounces go to this address.", "summary.recipientEmail;string;Who should receive summaries", "enabled;boolean;Enable this plugin", "summary.enabled;boolean;Enable the summary. You must enabled " + - "this for the job to work.", + "this for the job to work.", "summary.emailSubject;string;Subject of summary email", "summary.emailTemplate;string;Fully qualified pathname of " + - "template file of email to be sent", + "template file of email to be sent", "summary.itemTemplate;string;Fully qualified pathname of " + - "file containing template for each item", + "file containing template for each item", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-jobrules-unpublishexpiredjobs", + ";configuration-jobrules-unpublishexpiredjobs", }; return s; @@ -151,13 +138,13 @@ public class PublishCertsJob extends AJobBase mReqQ = mCa.getRequestQueue(); mRepository = (ICertificateRepository) mCa.getCertificateRepository(); mPublisherProcessor = mCa.getPublisherProcessor(); - + // read from the configuration file mCron = mConfig.getString(IJobCron.PROP_CRON); if (mCron == null) { return; } - + // parse cron string into a JobCron class IJobsScheduler scheduler = (IJobsScheduler) owner; @@ -179,15 +166,14 @@ public class PublishCertsJob extends AJobBase } /** - * look in the internal db for certificateRecords that are - * valid but not published - * The publish() method should set <b>InLdapPublishDir</b> flag accordingly. - * if publish unsuccessfully, log it -- unsuccessful certs should be - * picked up and attempted again at the next scheduled run + * look in the internal db for certificateRecords that are valid but not + * published The publish() method should set <b>InLdapPublishDir</b> flag + * accordingly. if publish unsuccessfully, log it -- unsuccessful certs + * should be picked up and attempted again at the next scheduled run */ public void run() { - CMS.debug("in PublishCertsJob "+ - getId()+ " : run()"); + CMS.debug("in PublishCertsJob " + + getId() + " : run()"); // get time now..."now" is before the loop Date date = CMS.getCurrentDate(); long now = date.getTime(); @@ -196,8 +182,8 @@ public class PublishCertsJob extends AJobBase // form filter String filter = // might need to use "metaInfo" - "(!(certMetainfo=" + ICertRecord.META_LDAPPUBLISH + - ":true))"; + "(!(certMetainfo=" + ICertRecord.META_LDAPPUBLISH + + ":true))"; Enumeration unpublishedCerts = null; @@ -205,10 +191,10 @@ public class PublishCertsJob extends AJobBase unpublishedCerts = mRepository.findCertRecs(filter); // bug 399150 /* - CertRecordList list = null; - list = mRepository.findCertRecordsInList(filter, null, "serialno", 5); - int size = list.getSize(); - expired = list.getCertRecords(0, size - 1); + * CertRecordList list = null; list = + * mRepository.findCertRecordsInList(filter, null, "serialno", 5); + * int size = list.getSize(); expired = list.getCertRecords(0, size + * - 1); */ } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); @@ -225,28 +211,29 @@ public class PublishCertsJob extends AJobBase itemForm = getTemplateContent(mItemForm); } - // filter out the invalid ones and publish them + // filter out the invalid ones and publish them // publish() will set inLdapPublishDir flag while (unpublishedCerts != null && unpublishedCerts.hasMoreElements()) { ICertRecord rec = (ICertRecord) unpublishedCerts.nextElement(); - if (rec == null) break; + if (rec == null) + break; X509CertImpl cert = rec.getCertificate(); - Date notBefore = cert.getNotBefore(); - Date notAfter = cert.getNotAfter(); + Date notBefore = cert.getNotBefore(); + Date notAfter = cert.getNotAfter(); - // skip CA certs - if (cert.getBasicConstraintsIsCA() == true) - continue; + // skip CA certs + if (cert.getBasicConstraintsIsCA() == true) + continue; - // skip the expired certs - if (notAfter.before(date)) - continue; + // skip the expired certs + if (notAfter.before(date)) + continue; if (mSummary == true) buildItemParams(cert); - // get request id from cert record MetaInfo + // get request id from cert record MetaInfo MetaInfo minfo = null; try { @@ -255,42 +242,42 @@ public class PublishCertsJob extends AJobBase negCount += 1; if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_FAILURE); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_META_INFO_ERROR", - cert.getSerialNumber().toString(16) + - e.toString())); + STATUS_FAILURE); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_META_INFO_ERROR", + cert.getSerialNumber().toString(16) + + e.toString())); } String ridString = null; try { if (minfo != null) - ridString = (String) minfo.get(ICertRecord.META_REQUEST_ID); + ridString = (String) minfo.get(ICertRecord.META_REQUEST_ID); } catch (EBaseException e) { negCount += 1; if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_FAILURE); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_META_REQUEST_ERROR", - cert.getSerialNumber().toString(16) + - e.toString())); + STATUS_FAILURE); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_META_REQUEST_ERROR", + cert.getSerialNumber().toString(16) + + e.toString())); } catch (NullPointerException e) { // no requestId in MetaInfo...skip to next record negCount += 1; if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_FAILURE); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_META_REQUEST_ERROR", - cert.getSerialNumber().toString(16) + - e.toString())); + STATUS_FAILURE); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_META_REQUEST_ERROR", + cert.getSerialNumber().toString(16) + + e.toString())); } if (ridString != null) { RequestId rid = new RequestId(ridString); - + // get request from request id IRequest req = null; @@ -304,19 +291,19 @@ public class PublishCertsJob extends AJobBase negCount += 1; if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_FAILURE); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_FIND_REQUEST_ERROR", - cert.getSerialNumber().toString(16) + - e.toString())); + STATUS_FAILURE); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_FIND_REQUEST_ERROR", + cert.getSerialNumber().toString(16) + + e.toString())); } try { if ((mPublisherProcessor != null) && - mPublisherProcessor.enabled()) { + mPublisherProcessor.enabled()) { mPublisherProcessor.publishCert((X509Certificate) cert, req); if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_SUCCESS); + STATUS_SUCCESS); count += 1; } else { negCount += 1; @@ -325,22 +312,22 @@ public class PublishCertsJob extends AJobBase negCount += 1; if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_FAILURE); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_PUBLISH_ERROR", - cert.getSerialNumber().toString(16) + - e.toString())); + STATUS_FAILURE); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_PUBLISH_ERROR", + cert.getSerialNumber().toString(16) + + e.toString())); } } // ridString != null else { try { if ((mPublisherProcessor != null) && - mPublisherProcessor.enabled()) { + mPublisherProcessor.enabled()) { mPublisherProcessor.publishCert((X509Certificate) cert, null); if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_SUCCESS); + STATUS_SUCCESS); count += 1; } else { negCount += 1; @@ -350,12 +337,12 @@ public class PublishCertsJob extends AJobBase if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_FAILURE); + STATUS_FAILURE); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_PUBLISH_ERROR", - cert.getSerialNumber().toString(16) + - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_PUBLISH_ERROR", + cert.getSerialNumber().toString(16) + + e.toString())); } } // ridString == null @@ -365,7 +352,7 @@ public class PublishCertsJob extends AJobBase // if summary is enabled, form the item content if (mSummary) { IEmailFormProcessor emailItemFormProcessor = - CMS.getEmailFormProcessor(); + CMS.getEmailFormProcessor(); String c = emailItemFormProcessor.getEmailContent(itemForm, mItemParams); @@ -381,36 +368,35 @@ public class PublishCertsJob extends AJobBase // time for summary if (mSummary == true) { buildContentParams(IEmailFormProcessor.TOKEN_ID, - mId); + mId); buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_ITEM_LIST, - itemListContent); + itemListContent); buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM, - String.valueOf(count + negCount)); + String.valueOf(count + negCount)); buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_SUCCESS_NUM, - String.valueOf(count)); + String.valueOf(count)); buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_FAILURE_NUM, - String.valueOf(negCount)); + String.valueOf(negCount)); buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME, - nowString); + nowString); IEmailFormProcessor emailFormProcessor = CMS.getEmailFormProcessor(); String mailContent = - emailFormProcessor.getEmailContent(contentForm, - mContentParams); + emailFormProcessor.getEmailContent(contentForm, + mContentParams); mailSummary(mailContent); } } /** - * Returns a list of configuration parameter names. - * The list is passed to the configuration console so instances of - * this implementation can be configured through the console. - * + * Returns a list of configuration parameter names. The list is passed to + * the configuration console so instances of this implementation can be + * configured through the console. + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { return (mConfigParams); } } - diff --git a/pki/base/common/src/com/netscape/cms/jobs/RenewalNotificationJob.java b/pki/base/common/src/com/netscape/cms/jobs/RenewalNotificationJob.java index 8649cf23..0ffcc636 100644 --- a/pki/base/common/src/com/netscape/cms/jobs/RenewalNotificationJob.java +++ b/pki/base/common/src/com/netscape/cms/jobs/RenewalNotificationJob.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.jobs; - import java.io.IOException; import java.text.DateFormat; import java.util.Calendar; @@ -49,12 +48,11 @@ import com.netscape.certsrv.notification.IMailNotification; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestId; - /** - * A job for the Jobs Scheduler. This job checks in the internal ldap - * db for certs about to expire within the next configurable days and - * sends email notifications to the appropriate recipients. - * + * A job for the Jobs Scheduler. This job checks in the internal ldap db for + * certs about to expire within the next configurable days and sends email + * notifications to the appropriate recipients. + * * the $TOKENS that are available for the this jobs's summary outer form are:<br > * <UL> @@ -79,14 +77,14 @@ import com.netscape.certsrv.request.RequestId; * <LI>$HttpHost * <LI>$HttpPort * </UL> - * + * * @version $Revision$, $Date$ * @see com.netscape.certsrv.jobs.IJob * @see com.netscape.cms.jobs.AJobBase */ -public class RenewalNotificationJob - extends AJobBase - implements IJob, Runnable, IExtendedPluginInfo { +public class RenewalNotificationJob + extends AJobBase + implements IJob, Runnable, IExtendedPluginInfo { // config parameters... public static final String PROP_CRON = "cron"; @@ -97,15 +95,15 @@ public class RenewalNotificationJob public static final String PROP_PROFILE_ID = "profileId"; /** - * This job will send notification at this much time before the - * enpiration date + * This job will send notification at this much time before the enpiration + * date */ public static final String PROP_NOTIFYTRIGGEROFFSET = - "notifyTriggerOffset"; + "notifyTriggerOffset"; /** - * This job will stop sending notification this much time after - * the expiration date + * This job will stop sending notification this much time after the + * expiration date */ public static final String PROP_NOTIFYENDOFFSET = "notifyEndOffset"; @@ -113,13 +111,13 @@ public class RenewalNotificationJob * sender email address as appeared on the notification email */ public static final String PROP_SENDEREMAIL = - "senderEmail"; + "senderEmail"; /** * email subject line as appeared on the notification email */ public static final String PROP_EMAILSUBJECT = - "emailSubject"; + "emailSubject"; /** * location of the template file used for email notification @@ -148,55 +146,54 @@ public class RenewalNotificationJob public static final String PROP_SUMMARY_TEMPLATE = "summary.emailTemplate"; /** - * location of the template file for each item appeared on the - * notification summary + * location of the template file for each item appeared on the notification + * summary */ public static final String PROP_SUMMARY_ITEMTEMPLATE = "summary.itemTemplate"; /* - * Holds configuration parameters accepted by this implementation. - * This list is passed to the configuration console so configuration - * for instances of this implementation can be configured through the - * console. + * Holds configuration parameters accepted by this implementation. This list + * is passed to the configuration console so configuration for instances of + * this implementation can be configured through the console. */ - protected static String[] mConfigParams = - new String[] { - "enabled", - PROP_CRON, - PROP_PROFILE_ID, - PROP_NOTIFYTRIGGEROFFSET, - PROP_NOTIFYENDOFFSET, - PROP_SENDEREMAIL, - PROP_EMAILSUBJECT, - PROP_EMAILTEMPLATE, - "summary.enabled", - PROP_SUMMARY_RECIPIENTEMAIL, - PROP_SUMMARY_SENDEREMAIL, - PROP_SUMMARY_SUBJECT, - PROP_SUMMARY_ITEMTEMPLATE, - PROP_SUMMARY_TEMPLATE, + protected static String[] mConfigParams = + new String[] { + "enabled", + PROP_CRON, + PROP_PROFILE_ID, + PROP_NOTIFYTRIGGEROFFSET, + PROP_NOTIFYENDOFFSET, + PROP_SENDEREMAIL, + PROP_EMAILSUBJECT, + PROP_EMAILTEMPLATE, + "summary.enabled", + PROP_SUMMARY_RECIPIENTEMAIL, + PROP_SUMMARY_SENDEREMAIL, + PROP_SUMMARY_SUBJECT, + PROP_SUMMARY_ITEMTEMPLATE, + PROP_SUMMARY_TEMPLATE, }; - + protected ICertificateRepository mCertDB = null; protected ICertificateAuthority mCA = null; protected boolean mSummary = false; protected String mEmailSender = null; protected String mEmailSubject = null; protected String mEmailTemplateName = null; - protected String mSummaryItemTemplateName = null; - protected String mSummaryTemplateName = null; + protected String mSummaryItemTemplateName = null; + protected String mSummaryTemplateName = null; protected boolean mSummaryHTML = false; protected boolean mHTML = false; protected String mHttpHost = null; protected String mHttpPort = null; - private int mPreDays = 0; - private long mPreMS = 0; - private int mPostDays = 0; - private long mPostMS = 0; - private int mMaxNotifyCount = 1; - private String[] mProfileId = null; + private int mPreDays = 0; + private long mPreMS = 0; + private int mPostDays = 0; + private long mPostMS = 0; + private int mMaxNotifyCount = 1; + private String[] mProfileId = null; /* Vector of extendedPluginInfo strings */ protected static Vector mExtendedPluginInfo = null; @@ -207,8 +204,8 @@ public class RenewalNotificationJob /** * class constructor - */ - public RenewalNotificationJob () { + */ + public RenewalNotificationJob() { } /** @@ -217,48 +214,49 @@ public class RenewalNotificationJob public String[] getExtendedPluginInfo(Locale locale) { String s[] = { IExtendedPluginInfo.HELP_TEXT + - "; A job that checks for expiring or expired certs" + - "notifyTriggerOffset before and notifyEndOffset after " + - "the expiration date", - - PROP_PROFILE_ID + ";string;Specify the ID of the profile which "+ - "approved the certificates that are about to expire. For multiple "+ - "profiles, each entry is separated by white space. For example, " + - "if the administrator just wants to give automated notification " + - "when the SSL server certificates are about to expire, then "+ - "he should enter \"caServerCert caAgentServerCert\" in the profileId textfield. "+ - "Blank field means all profiles.", + "; A job that checks for expiring or expired certs" + + "notifyTriggerOffset before and notifyEndOffset after " + + "the expiration date", + + PROP_PROFILE_ID + ";string;Specify the ID of the profile which " + + "approved the certificates that are about to expire. For multiple " + + "profiles, each entry is separated by white space. For example, " + + "if the administrator just wants to give automated notification " + + "when the SSL server certificates are about to expire, then " + + "he should enter \"caServerCert caAgentServerCert\" in the profileId textfield. " + + "Blank field means all profiles.", PROP_NOTIFYTRIGGEROFFSET + ";number,required;How long (in days) before " + - "certificate expiration will the first notification " + - "be sent", + "certificate expiration will the first notification " + + "be sent", PROP_NOTIFYENDOFFSET + ";number,required;How long (in days) after " + - "certificate expiration will notifications " + - "continue to be resent if certificate is not renewed", + "certificate expiration will notifications " + + "continue to be resent if certificate is not renewed", PROP_CRON + ";string,required;Format: minute hour dayOfMonth Mmonth " + - "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday", + "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday", PROP_SENDEREMAIL + ";string,required;Specify the address to be used " + - "as the email's 'sender'. Bounces go to this address.", + "as the email's 'sender'. Bounces go to this address.", PROP_EMAILSUBJECT + ";string,required;Email subject", PROP_EMAILTEMPLATE + ";string,required;Fully qualified pathname of " + - "template file of email to be sent", + "template file of email to be sent", "enabled;boolean;Enable this plugin", "summary.enabled;boolean;Enabled sending of summaries", PROP_SUMMARY_SENDEREMAIL + ";string,required;Sender email address of summary", PROP_SUMMARY_RECIPIENTEMAIL + ";string,required;Who should receive summaries", PROP_SUMMARY_SUBJECT + ";string,required;Subject of summary email", PROP_SUMMARY_TEMPLATE + ";string,required;Fully qualified pathname of " + - "template file of email to be sent", + "template file of email to be sent", PROP_SUMMARY_ITEMTEMPLATE + ";string,required;Fully qualified pathname of " + - "file with template to be used for each summary item", + "file with template to be used for each summary item", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-jobrules-renewalnotification", + ";configuration-jobrules-renewalnotification", }; return s; } - + /** * Initialize from the configuration file. + * * @param id String name of this instance * @param implName string name of this implementation * @param config configuration store for this instance @@ -289,19 +287,20 @@ public class RenewalNotificationJob mJobCron = scheduler.createJobCron(mCron); } - + /** - * finds out which cert needs notification and notifies the - * responsible parties + * finds out which cert needs notification and notifies the responsible + * parties */ public void run() { // for forming renewal URL at template mHttpHost = CMS.getEEHost(); mHttpPort = CMS.getEESSLPort(); - // read from the configuration file + // read from the configuration file try { - mPreDays = mConfig.getInteger(PROP_NOTIFYTRIGGEROFFSET, 30); // in days + mPreDays = mConfig.getInteger(PROP_NOTIFYTRIGGEROFFSET, 30); // in + // days mPostDays = mConfig.getInteger(PROP_NOTIFYENDOFFSET, 15); // in days mEmailSender = mConfig.getString(PROP_SENDEREMAIL); @@ -314,19 +313,19 @@ public class RenewalNotificationJob if (sc.getBoolean(PROP_ENABLED, false)) { mSummary = true; mSummaryItemTemplateName = - mConfig.getString(PROP_SUMMARY_ITEMTEMPLATE); + mConfig.getString(PROP_SUMMARY_ITEMTEMPLATE); mSummarySenderEmail = - mConfig.getString(PROP_SUMMARY_SENDEREMAIL); + mConfig.getString(PROP_SUMMARY_SENDEREMAIL); mSummaryReceiverEmail = - mConfig.getString(PROP_SUMMARY_RECIPIENTEMAIL); + mConfig.getString(PROP_SUMMARY_RECIPIENTEMAIL); mSummaryMailSubject = - mConfig.getString(PROP_SUMMARY_SUBJECT); + mConfig.getString(PROP_SUMMARY_SUBJECT); mSummaryTemplateName = - mConfig.getString(PROP_SUMMARY_TEMPLATE); + mConfig.getString(PROP_SUMMARY_TEMPLATE); } else { mSummary = false; } - + long msperday = 86400 * 1000; long mspredays = mPreDays; long mspostdays = mPostDays; @@ -339,17 +338,15 @@ public class RenewalNotificationJob String nowString = dateFormat.format(now); /* - * look in the internal db for certificateRecords that are - * 1. within the expiration notification period - * 2. has not yet been renewed - * 3. notify - use EmailTemplateProcessor to formulate - * content, then send - * if notified successfully, mark "STATUS_SUCCESS", - * else, if notified unsuccessfully, mark "STATUS_FAILURE". + * look in the internal db for certificateRecords that are 1. within + * the expiration notification period 2. has not yet been renewed 3. + * notify - use EmailTemplateProcessor to formulate content, then + * send if notified successfully, mark "STATUS_SUCCESS", else, if + * notified unsuccessfully, mark "STATUS_FAILURE". */ - + /* 1) make target notAfter string */ - + Date expiryDate = null; Date stopDate = null; @@ -360,13 +357,14 @@ public class RenewalNotificationJob expiryDate = new Date(expiryMS); stopDate = new Date(stopMS); - + // All cert records which: - // 1) expire before the deadline - // 2) have not already been renewed - // filter format: - // (& (notafter<='time')(!(certAutoRenew=DONE))(!certAutoRenew=DISABLED)) - + // 1) expire before the deadline + // 2) have not already been renewed + // filter format: + // (& + // (notafter<='time')(!(certAutoRenew=DONE))(!certAutoRenew=DISABLED)) + StringBuffer f = new StringBuffer(); String profileId = ""; try { @@ -374,24 +372,24 @@ public class RenewalNotificationJob } catch (EBaseException ee) { } - if (profileId != null && profileId.length() > 0) { + if (profileId != null && profileId.length() > 0) { StringTokenizer tokenizer = new StringTokenizer(profileId); int num = tokenizer.countTokens(); mProfileId = new String[num]; - for (int i=0; i<num; i++) + for (int i = 0; i < num; i++) mProfileId[i] = tokenizer.nextToken(); } f.append("(&"); if (mProfileId != null) { if (mProfileId.length == 1) - f.append("("+ICertRecord.ATTR_META_INFO+ "=" + - ICertRecord.META_PROFILE_ID +":"+mProfileId[0]+")"); + f.append("(" + ICertRecord.ATTR_META_INFO + "=" + + ICertRecord.META_PROFILE_ID + ":" + mProfileId[0] + ")"); else { f.append("(|"); - for (int i=0; i<mProfileId.length; i++) { - f.append("("+ICertRecord.ATTR_META_INFO+ "=" + - ICertRecord.META_PROFILE_ID +":"+mProfileId[i]+")"); + for (int i = 0; i < mProfileId.length; i++) { + f.append("(" + ICertRecord.ATTR_META_INFO + "=" + + ICertRecord.META_PROFILE_ID + ":" + mProfileId[i] + ")"); } f.append(")"); } @@ -407,7 +405,7 @@ public class RenewalNotificationJob String filter = f.toString(); String emailTemplate = - getTemplateContent(mEmailTemplateName); + getTemplateContent(mEmailTemplateName); mHTML = mMailHTML; @@ -415,15 +413,16 @@ public class RenewalNotificationJob String summaryItemTemplate = null; if (mSummary == true) { - summaryItemTemplate = + summaryItemTemplate = getTemplateContent(mSummaryItemTemplateName); } ItemCounter ic = new ItemCounter(); CertRecProcessor cp = new CertRecProcessor(this, emailTemplate, summaryItemTemplate, ic); - //CertRecordList list = mCertDB.findCertRecordsInList(filter, null, "serialno", 5); - //list.processCertRecords(0, list.getSize() - 1, cp); - + // CertRecordList list = mCertDB.findCertRecordsInList(filter, + // null, "serialno", 5); + // list.processCertRecords(0, list.getSize() - 1, cp); + Enumeration en = mCertDB.findCertRecs(filter); while (en.hasMoreElements()) { @@ -432,40 +431,41 @@ public class RenewalNotificationJob try { cp.process(element); } catch (Exception e) { - //Don't abort the entire operation. The error should already be logged + // Don't abort the entire operation. The error should + // already be logged log(ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_FAILED_PROCESS", e.toString())); } } - + // Now send the summary if (mSummary == true) { try { String summaryTemplate = - getTemplateContent(mSummaryTemplateName); + getTemplateContent(mSummaryTemplateName); mSummaryHTML = mMailHTML; buildContentParams(IEmailFormProcessor.TOKEN_ID, - mId); + mId); buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_ITEM_LIST, - ic.mItemListContent); + ic.mItemListContent); buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM, - String.valueOf(ic.mNumFail + ic.mNumSuccessful)); - buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_SUCCESS_NUM, - String.valueOf(ic.mNumSuccessful)); + String.valueOf(ic.mNumFail + ic.mNumSuccessful)); + buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_SUCCESS_NUM, + String.valueOf(ic.mNumSuccessful)); buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_FAILURE_NUM, - String.valueOf(ic.mNumFail)); + String.valueOf(ic.mNumFail)); buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME, - nowString); - + nowString); + IEmailFormProcessor summaryEmfp = CMS.getEmailFormProcessor(); - String summaryContent = - summaryEmfp.getEmailContent(summaryTemplate, - mContentParams); + String summaryContent = + summaryEmfp.getEmailContent(summaryTemplate, + mContentParams); if (summaryContent == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SUMMARY_CONTENT_NULL")); @@ -490,38 +490,43 @@ public class RenewalNotificationJob /** * get instance id. + * * @return a String identifier */ public String getId() { return mId; } - + /** * set instance id. + * * @param id String id of the instance */ public void setId(String id) { mId = id; } - + /** * get cron string associated with this job + * * @return a JobCron object that represents the schedule of this job */ public IJobCron getJobCron() { return mJobCron; } - + /** * gets the plugin name of this job. + * * @return a String that is the name of this implementation */ public String getImplName() { return mImplName; } - + /** * Gets the configuration substore used by this job + * * @return configuration store */ public IConfigStore getConfigStore() { @@ -529,16 +534,16 @@ public class RenewalNotificationJob } protected void mailUser(String subject, - String msg, - String sender, - IRequest req, - ICertRecord cr) - throws IOException, ENotificationException, EBaseException { + String msg, + String sender, + IRequest req, + ICertRecord cr) + throws IOException, ENotificationException, EBaseException { IMailNotification mn = CMS.getMailNotification(); String rcp = null; - // boolean sendFailed = false; + // boolean sendFailed = false; Exception sendFailedException = null; IEmailResolverKeys keys = CMS.getEmailResolverKeys(); @@ -561,20 +566,25 @@ public class RenewalNotificationJob } catch (Exception e) { // already logged by the resolver - // sendFailed = true; + // sendFailed = true; sendFailedException = e; throw (ENotificationException) sendFailedException; } mn.setTo(rcp); - if (sender != null) mn.setFrom(sender); - else mn.setFrom("nobody"); + if (sender != null) + mn.setFrom(sender); + else + mn.setFrom("nobody"); - if (subject != null) mn.setSubject(subject); - else mn.setFrom("Important message from Certificate Authority"); + if (subject != null) + mn.setSubject(subject); + else + mn.setFrom("Important message from Certificate Authority"); - if (mHTML == true) mn.setContentType("text/html"); + if (mHTML == true) + mn.setContentType("text/html"); String failedString = null; @@ -584,10 +594,10 @@ public class RenewalNotificationJob } /** - * Returns a list of configuration parameter names. - * The list is passed to the configuration console so instances of - * this implementation can be configured through the console. - * + * Returns a list of configuration parameter names. The list is passed to + * the configuration console so instances of this implementation can be + * configured through the console. + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { @@ -595,15 +605,14 @@ public class RenewalNotificationJob } } - class CertRecProcessor implements IElementProcessor { protected RenewalNotificationJob mJob; protected String mEmailTemplate; protected String mSummaryItemTemplate; protected ItemCounter mIC; - public CertRecProcessor(RenewalNotificationJob job, String emailTemplate, - String summaryItemTemplate, ItemCounter ic) { + public CertRecProcessor(RenewalNotificationJob job, String emailTemplate, + String summaryItemTemplate, ItemCounter ic) { mJob = job; mEmailTemplate = emailTemplate; mSummaryItemTemplate = summaryItemTemplate; @@ -621,9 +630,9 @@ class CertRecProcessor implements IElementProcessor { if (cr != null) { mJob.buildItemParams(cr.getCertificate()); mJob.buildItemParams(IEmailFormProcessor.TOKEN_HTTP_HOST, - mJob.mHttpHost); + mJob.mHttpHost); mJob.buildItemParams(IEmailFormProcessor.TOKEN_HTTP_PORT, mJob.mHttpPort); - + MetaInfo metaInfo = null; metaInfo = (MetaInfo) cr.get(ICertRecord.ATTR_META_INFO); @@ -632,10 +641,10 @@ class CertRecProcessor implements IElementProcessor { numFailCounted = true; if (mJob.mSummary == true) mJob.buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - AJobBase.STATUS_FAILURE); - mJob.log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_GET_CERT_ERROR", - cr.getCertificate().getSerialNumber().toString(16))); + AJobBase.STATUS_FAILURE); + mJob.log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_GET_CERT_ERROR", + cr.getCertificate().getSerialNumber().toString(16))); } else { ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); } @@ -645,54 +654,54 @@ class CertRecProcessor implements IElementProcessor { if (ridString != null) { RequestId rid = new RequestId(ridString); - + try { req = mJob.mCA.getRequestQueue().findRequest(rid); } catch (Exception e) { // it is ok not to be able to get the request. The main reason // to get the request is to retrieve the requestor's email. // We can retrieve the email from the CertRecord. - CMS.debug("huh RenewalNotificationJob Exception: "+e.toString()); + CMS.debug("huh RenewalNotificationJob Exception: " + e.toString()); } if (req != null) mJob.buildItemParams(req); } // ridString != null - try { + try { // send mail to user - + IEmailFormProcessor emfp = CMS.getEmailFormProcessor(); String message = emfp.getEmailContent(mEmailTemplate, mJob.mItemParams); mJob.mailUser(mJob.mEmailSubject, - message, - mJob.mEmailSender, - req, - cr); - + message, + mJob.mEmailSender, + req, + cr); + mJob.buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - AJobBase.STATUS_SUCCESS); - + AJobBase.STATUS_SUCCESS); + mIC.mNumSuccessful++; - + } catch (Exception e) { - CMS.debug("RenewalNotificationJob Exception: "+e.toString()); + CMS.debug("RenewalNotificationJob Exception: " + e.toString()); mJob.buildItemParams(IEmailFormProcessor.TOKEN_STATUS, AJobBase.STATUS_FAILURE); mJob.log(ILogger.LL_FAILURE, e.toString(), ILogger.L_MULTILINE); if (numFailCounted == false) { mIC.mNumFail++; } } - + if (mJob.mSummary == true) { IEmailFormProcessor summaryItemEmfp = - CMS.getEmailFormProcessor(); - String c = - summaryItemEmfp.getEmailContent(mSummaryItemTemplate, - mJob.mItemParams); - + CMS.getEmailFormProcessor(); + String c = + summaryItemEmfp.getEmailContent(mSummaryItemTemplate, + mJob.mItemParams); + if (mIC.mItemListContent == null) { mIC.mItemListContent = c; } else { @@ -702,7 +711,6 @@ class CertRecProcessor implements IElementProcessor { } } - class ItemCounter { public int mNumSuccessful = 0; public int mNumFail = 0; diff --git a/pki/base/common/src/com/netscape/cms/jobs/RequestInQueueJob.java b/pki/base/common/src/com/netscape/cms/jobs/RequestInQueueJob.java index 07a35a9d..4888d301 100644 --- a/pki/base/common/src/com/netscape/cms/jobs/RequestInQueueJob.java +++ b/pki/base/common/src/com/netscape/cms/jobs/RequestInQueueJob.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.jobs; - import java.text.DateFormat; import java.util.Date; import java.util.Locale; @@ -37,46 +36,43 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.request.RequestStatus; - /** - * A job for the Jobs Scheduler. This job checks in the internal ldap - * db for requests currently in the request queue and send a summary - * report to the administrator + * A job for the Jobs Scheduler. This job checks in the internal ldap db for + * requests currently in the request queue and send a summary report to the + * administrator * <p> * the $TOKENS that are available for the this jobs's summary outer form are:<br> * <UL> - * $InstanceID - * $SummaryTotalNum - * $ExecutionTime + * $InstanceID $SummaryTotalNum $ExecutionTime * </UL> - * + * * @version $Revision$, $Date$ * @see com.netscape.certsrv.jobs.IJob * @see com.netscape.cms.jobs.AJobBase */ public class RequestInQueueJob extends AJobBase - implements IJob, Runnable, IExtendedPluginInfo { + implements IJob, Runnable, IExtendedPluginInfo { protected static final String PROP_SUBSYSTEM_ID = "subsystemId"; IAuthority mSub = null; IRequestQueue mReqQ = null; private boolean mSummary = false; - /* Holds configuration parameters accepted by this implementation. - * This list is passed to the configuration console so configuration - * for instances of this implementation can be configured through the - * console. + /* + * Holds configuration parameters accepted by this implementation. This list + * is passed to the configuration console so configuration for instances of + * this implementation can be configured through the console. */ protected static String[] mConfigParams = - new String[] { - "enabled", - "cron", - "subsystemId", - "summary.enabled", - "summary.emailSubject", - "summary.emailTemplate", - "summary.senderEmail", - "summary.recipientEmail" + new String[] { + "enabled", + "cron", + "subsystemId", + "summary.enabled", + "summary.emailSubject", + "summary.emailTemplate", + "summary.senderEmail", + "summary.recipientEmail" }; /** @@ -85,30 +81,31 @@ public class RequestInQueueJob extends AJobBase public String[] getExtendedPluginInfo(Locale locale) { String s[] = { IExtendedPluginInfo.HELP_TEXT + - "; A job that checks for enrollment requests in the " + - "queue, and reports to recipientEmail", + "; A job that checks for enrollment requests in the " + + "queue, and reports to recipientEmail", "cron;string;Format: minute hour dayOfMonth month " + - "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday", + "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday", "summary.senderEmail;string;Specify the address to be used " + - "as the email's 'sender'. Bounces go to this address.", + "as the email's 'sender'. Bounces go to this address.", "summary.recipientEmail;string;Who should receive summaries", "enabled;boolean;Enable this plugin", "summary.enabled;boolean;Enable the summary. You must enabled " + - "this for the job to work.", + "this for the job to work.", "summary.emailSubject;string;Subject of summary email", "summary.emailTemplate;string;Fully qualified pathname of " + - "template file of email to be sent", + "template file of email to be sent", "subsystemId;choice(ca,ra);The type of subsystem this job is " + - "for", + "for", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-jobrules-requestinqueuejob", + ";configuration-jobrules-requestinqueuejob", }; return s; } - + /** * initialize from the configuration file + * * @param id String name of this instance * @param implName string name of this implementation * @param config configuration store for this instance @@ -137,7 +134,7 @@ public class RequestInQueueJob extends AJobBase if (mCron == null) { return; } - + // parse cron string into a JobCron class IJobsScheduler scheduler = (IJobsScheduler) owner; @@ -150,7 +147,7 @@ public class RequestInQueueJob extends AJobBase mSummary = true; mSummaryMailSubject = sc.getString(PROP_EMAIL_SUBJECT); mMailForm = sc.getString(PROP_EMAIL_TEMPLATE); - // mItemForm = sc.getString(PROP_ITEM_TEMPLATE); + // mItemForm = sc.getString(PROP_ITEM_TEMPLATE); mSummarySenderEmail = sc.getString(PROP_SENDER_EMAIL); mSummaryReceiverEmail = sc.getString(PROP_RECEIVER_EMAIL); } else { @@ -162,7 +159,8 @@ public class RequestInQueueJob extends AJobBase * summarize the queue status and mail it */ public void run() { - if (mSummary == false) return; + if (mSummary == false) + return; Date date = CMS.getCurrentDate(); long now = date.getTime(); @@ -171,24 +169,20 @@ public class RequestInQueueJob extends AJobBase int count = 0; IRequestList list = - mReqQ.listRequestsByStatus(RequestStatus.PENDING); + mReqQ.listRequestsByStatus(RequestStatus.PENDING); while (list != null && list.hasMoreElements()) { RequestId rid = list.nextRequestId(); - /* This is way too slow - // get request from request id - IRequest req = null; - try { - req = mReqQ.findRequest(rid); - } catch (EBaseException e) { - System.out.println(e.toString()); - } + /* + * This is way too slow // get request from request id IRequest req + * = null; try { req = mReqQ.findRequest(rid); } catch + * (EBaseException e) { System.out.println(e.toString()); } */ count++; } - // if (count == 0) return; + // if (count == 0) return; String contentForm = null; @@ -196,23 +190,23 @@ public class RequestInQueueJob extends AJobBase buildContentParams(IEmailFormProcessor.TOKEN_ID, mId); buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM, - String.valueOf(count)); + String.valueOf(count)); buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME, - nowString); + nowString); IEmailFormProcessor emailFormProcessor = CMS.getEmailFormProcessor(); String mailContent = - emailFormProcessor.getEmailContent(contentForm, - mContentParams); + emailFormProcessor.getEmailContent(contentForm, + mContentParams); mailSummary(mailContent); } /** - * Returns a list of configuration parameter names. - * The list is passed to the configuration console so instances of - * this implementation can be configured through the console. - * + * Returns a list of configuration parameter names. The list is passed to + * the configuration console so instances of this implementation can be + * configured through the console. + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { diff --git a/pki/base/common/src/com/netscape/cms/jobs/UnpublishExpiredJob.java b/pki/base/common/src/com/netscape/cms/jobs/UnpublishExpiredJob.java index 6a0a6d03..2419b9b7 100644 --- a/pki/base/common/src/com/netscape/cms/jobs/UnpublishExpiredJob.java +++ b/pki/base/common/src/com/netscape/cms/jobs/UnpublishExpiredJob.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.jobs; - import java.security.cert.X509Certificate; import java.text.DateFormat; import java.util.Date; @@ -46,59 +45,47 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestId; - /** - * a job for the Jobs Scheduler. This job checks in the internal ldap - * db for certs that have expired and remove them from the ldap - * publishing directory. + * a job for the Jobs Scheduler. This job checks in the internal ldap db for + * certs that have expired and remove them from the ldap publishing directory. * <p> * the $TOKENS that are available for the this jobs's summary outer form are:<br> * <UL> - * $Status - * $InstanceID - * $SummaryItemList - * $SummaryTotalNum - * $SummaryTotalSuccess - * $SummaryTotalfailure - * $ExecutionTime + * $Status $InstanceID $SummaryItemList $SummaryTotalNum $SummaryTotalSuccess + * $SummaryTotalfailure $ExecutionTime * </UL> * and for the inner list items: * <UL> - * $SerialNumber - * $IssuerDN - * $SubjectDN - * $NotAfter - * $NotBefore - * $RequestorEmail + * $SerialNumber $IssuerDN $SubjectDN $NotAfter $NotBefore $RequestorEmail * $CertType * </UL> - * + * * @version $Revision$, $Date$ */ public class UnpublishExpiredJob extends AJobBase - implements IJob, Runnable, IExtendedPluginInfo { - + implements IJob, Runnable, IExtendedPluginInfo { + ICertificateAuthority mCa = null; IRequestQueue mReqQ = null; ICertificateRepository mRepository = null; IPublisherProcessor mPublisherProcessor = null; private boolean mSummary = false; - /* Holds configuration parameters accepted by this implementation. - * This list is passed to the configuration console so configuration - * for instances of this implementation can be configured through the - * console. + /* + * Holds configuration parameters accepted by this implementation. This list + * is passed to the configuration console so configuration for instances of + * this implementation can be configured through the console. */ protected static String[] mConfigParams = - new String[] { - "enabled", - "cron", - "summary.enabled", - "summary.emailSubject", - "summary.emailTemplate", - "summary.itemTemplate", - "summary.senderEmail", - "summary.recipientEmail" + new String[] { + "enabled", + "cron", + "summary.enabled", + "summary.emailSubject", + "summary.emailTemplate", + "summary.itemTemplate", + "summary.senderEmail", + "summary.recipientEmail" }; /* Vector of extendedPluginInfo strings */ @@ -110,24 +97,24 @@ public class UnpublishExpiredJob extends AJobBase public String[] getExtendedPluginInfo(Locale locale) { String s[] = { IExtendedPluginInfo.HELP_TEXT + - "; A job that checks for expired certificates in the " + - "database, and removes them from the publishing " + - "directory", + "; A job that checks for expired certificates in the " + + "database, and removes them from the publishing " + + "directory", "cron;string;Format: minute hour dayOfMonth month " + - "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday", + "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday", "summary.senderEmail;string;Specify the address to be used " + - "as the email's 'sender'. Bounces go to this address.", + "as the email's 'sender'. Bounces go to this address.", "summary.recipientEmail;string;Who should receive summaries", "enabled;boolean;Enable this plugin", "summary.enabled;boolean;Enable the summary. You must enabled " + - "this for the job to work.", + "this for the job to work.", "summary.emailSubject;string;Subject of summary email", "summary.emailTemplate;string;Fully qualified pathname of " + - "template file of email to be sent", + "template file of email to be sent", "summary.itemTemplate;string;Fully qualified pathname of " + - "file containing template for each item", + "file containing template for each item", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-jobrules-unpublishexpiredjobs", + ";configuration-jobrules-unpublishexpiredjobs", }; return s; @@ -151,13 +138,13 @@ public class UnpublishExpiredJob extends AJobBase mReqQ = mCa.getRequestQueue(); mRepository = (ICertificateRepository) mCa.getCertificateRepository(); mPublisherProcessor = mCa.getPublisherProcessor(); - + // read from the configuration file mCron = mConfig.getString(IJobCron.PROP_CRON); if (mCron == null) { return; } - + // parse cron string into a JobCron class IJobsScheduler scheduler = (IJobsScheduler) owner; @@ -179,16 +166,14 @@ public class UnpublishExpiredJob extends AJobBase } /** - * look in the internal db for certificateRecords that are - * expired. - * remove them from ldap publishing directory - * if remove successfully, mark <i>false</i> on the - * <b>InLdapPublishDir</b> flag, - * else, if remove unsuccessfully, log it + * look in the internal db for certificateRecords that are expired. remove + * them from ldap publishing directory if remove successfully, mark + * <i>false</i> on the <b>InLdapPublishDir</b> flag, else, if remove + * unsuccessfully, log it */ public void run() { - // System.out.println("in ExpiredUnpublishJob "+ - // getId()+ " : run()"); + // System.out.println("in ExpiredUnpublishJob "+ + // getId()+ " : run()"); // get time now..."now" is before the loop Date date = CMS.getCurrentDate(); long now = date.getTime(); @@ -197,11 +182,11 @@ public class UnpublishExpiredJob extends AJobBase // form filter String filter = "(&(x509Cert.notAfter<=" + now + - ")(!(x509Cert.notAfter=" + now + "))" + - "(" + "certMetainfo=" + ICertRecord.META_LDAPPUBLISH + - ":true))"; + ")(!(x509Cert.notAfter=" + now + "))" + + "(" + "certMetainfo=" + ICertRecord.META_LDAPPUBLISH + + ":true))"; // a test for without CertRecord.META_LDAPPUBLISH - //String filter = "(x509Cert.notAfter<="+ now +")"; + // String filter = "(x509Cert.notAfter<="+ now +")"; Enumeration expired = null; @@ -209,10 +194,10 @@ public class UnpublishExpiredJob extends AJobBase expired = mRepository.findCertRecs(filter); // bug 399150 /* - CertRecordList list = null; - list = mRepository.findCertRecordsInList(filter, null, "serialno", 5); - int size = list.getSize(); - expired = list.getCertRecords(0, size - 1); + * CertRecordList list = null; list = + * mRepository.findCertRecordsInList(filter, null, "serialno", 5); + * int size = list.getSize(); expired = list.getCertRecords(0, size + * - 1); */ } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); @@ -233,13 +218,14 @@ public class UnpublishExpiredJob extends AJobBase while (expired != null && expired.hasMoreElements()) { ICertRecord rec = (ICertRecord) expired.nextElement(); - if (rec == null) break; + if (rec == null) + break; X509CertImpl cert = rec.getCertificate(); if (mSummary == true) buildItemParams(cert); - // get request id from cert record MetaInfo + // get request id from cert record MetaInfo MetaInfo minfo = null; try { @@ -248,42 +234,42 @@ public class UnpublishExpiredJob extends AJobBase negCount += 1; if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_FAILURE); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_META_INFO_ERROR", - cert.getSerialNumber().toString(16) + - e.toString())); + STATUS_FAILURE); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_META_INFO_ERROR", + cert.getSerialNumber().toString(16) + + e.toString())); } String ridString = null; try { if (minfo != null) - ridString = (String) minfo.get(ICertRecord.META_REQUEST_ID); + ridString = (String) minfo.get(ICertRecord.META_REQUEST_ID); } catch (EBaseException e) { negCount += 1; if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_FAILURE); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_META_REQUEST_ERROR", - cert.getSerialNumber().toString(16) + - e.toString())); + STATUS_FAILURE); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_META_REQUEST_ERROR", + cert.getSerialNumber().toString(16) + + e.toString())); } catch (NullPointerException e) { // no requestId in MetaInfo...skip to next record negCount += 1; if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_FAILURE); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_META_REQUEST_ERROR", - cert.getSerialNumber().toString(16) + - e.toString())); + STATUS_FAILURE); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_META_REQUEST_ERROR", + cert.getSerialNumber().toString(16) + + e.toString())); } if (ridString != null) { RequestId rid = new RequestId(ridString); - + // get request from request id IRequest req = null; @@ -297,19 +283,19 @@ public class UnpublishExpiredJob extends AJobBase negCount += 1; if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_FAILURE); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_FIND_REQUEST_ERROR", - cert.getSerialNumber().toString(16) + - e.toString())); + STATUS_FAILURE); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_FIND_REQUEST_ERROR", + cert.getSerialNumber().toString(16) + + e.toString())); } try { if ((mPublisherProcessor != null) && - mPublisherProcessor.enabled()) { + mPublisherProcessor.enabled()) { mPublisherProcessor.unpublishCert((X509Certificate) cert, req); if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_SUCCESS); + STATUS_SUCCESS); count += 1; } else { negCount += 1; @@ -318,21 +304,21 @@ public class UnpublishExpiredJob extends AJobBase negCount += 1; if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_FAILURE); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_UNPUBLISH_ERROR", - cert.getSerialNumber().toString(16) + - e.toString())); + STATUS_FAILURE); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_UNPUBLISH_ERROR", + cert.getSerialNumber().toString(16) + + e.toString())); } } // ridString != null else { try { if ((mPublisherProcessor != null) && - mPublisherProcessor.enabled()) { + mPublisherProcessor.enabled()) { mPublisherProcessor.unpublishCert((X509Certificate) cert, null); if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_SUCCESS); + STATUS_SUCCESS); count += 1; } else { negCount += 1; @@ -341,11 +327,11 @@ public class UnpublishExpiredJob extends AJobBase negCount += 1; if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_FAILURE); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_UNPUBLISH_ERROR", - cert.getSerialNumber().toString(16) + - e.toString())); + STATUS_FAILURE); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_UNPUBLISH_ERROR", + cert.getSerialNumber().toString(16) + + e.toString())); } } // ridString == null @@ -355,7 +341,7 @@ public class UnpublishExpiredJob extends AJobBase // if summary is enabled, form the item content if (mSummary) { IEmailFormProcessor emailItemFormProcessor = - CMS.getEmailFormProcessor(); + CMS.getEmailFormProcessor(); String c = emailItemFormProcessor.getEmailContent(itemForm, mItemParams); @@ -371,36 +357,35 @@ public class UnpublishExpiredJob extends AJobBase // time for summary if (mSummary == true) { buildContentParams(IEmailFormProcessor.TOKEN_ID, - mId); + mId); buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_ITEM_LIST, - itemListContent); + itemListContent); buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM, - String.valueOf(count + negCount)); + String.valueOf(count + negCount)); buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_SUCCESS_NUM, - String.valueOf(count)); + String.valueOf(count)); buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_FAILURE_NUM, - String.valueOf(negCount)); + String.valueOf(negCount)); buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME, - nowString); + nowString); IEmailFormProcessor emailFormProcessor = CMS.getEmailFormProcessor(); String mailContent = - emailFormProcessor.getEmailContent(contentForm, - mContentParams); + emailFormProcessor.getEmailContent(contentForm, + mContentParams); mailSummary(mailContent); } } /** - * Returns a list of configuration parameter names. - * The list is passed to the configuration console so instances of - * this implementation can be configured through the console. - * + * Returns a list of configuration parameter names. The list is passed to + * the configuration console so instances of this implementation can be + * configured through the console. + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { return (mConfigParams); } } - diff --git a/pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java b/pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java index d238c279..d2fefa24 100644 --- a/pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java +++ b/pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.listeners; - import java.io.File; import java.io.IOException; import java.text.DateFormat; @@ -45,12 +44,11 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestListener; import com.netscape.certsrv.request.RequestId; - /** * a listener for every completed enrollment request * <p> - * Here is a list of available $TOKENs for email notification - templates if certificate is successfully issued: + * Here is a list of available $TOKENs for email notification templates if + * certificate is successfully issued: * <UL> * <LI>$InstanceID * <LI>$SerialNumber @@ -66,13 +64,13 @@ import com.netscape.certsrv.request.RequestId; * <LI>$RecipientEmail * </UL> * <p> - * Here is a list of available $TOKENs for email notification - templates if certificate request is rejected: + * Here is a list of available $TOKENs for email notification templates if + * certificate request is rejected: * <UL> * <LI>$RequestId * <LI>$InstanceID * </UL> - * + * * @version $Revision$, $Date$ */ public class CertificateIssuedListener implements IRequestListener { @@ -107,7 +105,7 @@ public class CertificateIssuedListener implements IRequestListener { } public void init(ISubsystem sub, IConfigStore config) - throws EListenersException, EPropertyNotFound, EBaseException { + throws EListenersException, EPropertyNotFound, EBaseException { mSubsystem = (ICertAuthority) sub; mConfig = mSubsystem.getConfigStore(); @@ -125,13 +123,13 @@ public class CertificateIssuedListener implements IRequestListener { String mDir = null; // figure out the reject email path: same dir as form path, - // same ending as form path + // same ending as form path int ridx = mFormPath.lastIndexOf(File.separator); if (ridx == -1) { CMS.debug("CertificateIssuedListener: file separator: " + File.separator - + - " not found. Use default /"); + + + " not found. Use default /"); ridx = mFormPath.lastIndexOf("/"); mDir = mFormPath.substring(0, ridx + 1); } else { @@ -166,9 +164,10 @@ public class CertificateIssuedListener implements IRequestListener { } public void accept(IRequest r) { - CMS.debug("CertificateIssuedListener: accept " + - r.getRequestId().toString()); - if (mEnabled != true) return; + CMS.debug("CertificateIssuedListener: accept " + + r.getRequestId().toString()); + if (mEnabled != true) + return; mSubject = mSubject_Success; mReqId = r.getRequestId(); @@ -192,15 +191,15 @@ public class CertificateIssuedListener implements IRequestListener { return; if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) { CMS.debug("CertificateIssuedListener: Request errored. " + - "No need to email notify for enrollment request id " + - mReqId); + "No need to email notify for enrollment request id " + + mReqId); return; } } String requestType = r.getRequestType(); if (requestType.equals(IRequest.ENROLLMENT_REQUEST) || - requestType.equals(IRequest.RENEWAL_REQUEST)) { + requestType.equals(IRequest.RENEWAL_REQUEST)) { CMS.debug("accept() enrollment/renewal request..."); // Get the certificate from the request X509CertImpl issuedCert[] = null; @@ -224,10 +223,10 @@ public class CertificateIssuedListener implements IRequestListener { try { keys.set(IEmailResolverKeys.KEY_REQUEST, r); keys.set(IEmailResolverKeys.KEY_CERT, - issuedCert[0]); + issuedCert[0]); } catch (EBaseException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString())); } IEmailResolver er = CMS.getReqCertSANameEmailResolver(); @@ -236,30 +235,30 @@ public class CertificateIssuedListener implements IRequestListener { mEmail = er.getEmail(keys); } catch (ENotificationException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", - e.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", + e.toString())); } catch (EBaseException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", - e.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", - e.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", + e.toString())); } - + // now we can mail if ((mEmail != null) && (!mEmail.equals(""))) { mailIt(mEmail, issuedCert); } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_NOTIFY_ERROR", - issuedCert[0].getSerialNumber().toString(), mReqId.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_NOTIFY_ERROR", + issuedCert[0].getSerialNumber().toString(), mReqId.toString())); // send failure notification to "sender" mSubject = "Certificate Issued notification undeliverable"; mailIt(mSenderEmail, issuedCert); } - } + } } } @@ -282,7 +281,7 @@ public class CertificateIssuedListener implements IRequestListener { if (!template.init()) { return; } - + buildContentParams(issuedCert, mEmail); IEmailFormProcessor et = CMS.getEmailFormProcessor(); String c = et.getEmailContent(template.toString(), mContentParams); @@ -293,19 +292,19 @@ public class CertificateIssuedListener implements IRequestListener { mn.setContent(c); } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_TEMPLATE_ERROR", - issuedCert[0].getSerialNumber().toString(), mReqId.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_TEMPLATE_ERROR", + issuedCert[0].getSerialNumber().toString(), mReqId.toString())); mn.setContent("Serial Number = " + - issuedCert[0].getSerialNumber() + - "; Request ID = " + mReqId); + issuedCert[0].getSerialNumber() + + "; Request ID = " + mReqId); } - + try { mn.sendNotification(); } catch (ENotificationException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - + } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); } @@ -320,7 +319,7 @@ public class CertificateIssuedListener implements IRequestListener { keys.set(IEmailResolverKeys.KEY_REQUEST, r); } catch (EBaseException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString())); } IEmailResolver er = CMS.getReqCertSANameEmailResolver(); @@ -352,17 +351,17 @@ public class CertificateIssuedListener implements IRequestListener { if (!template.init()) { return; } - + if (template.isHTML()) { mn.setContentType("text/html"); } // build some token data mContentParams.put(IEmailFormProcessor.TOKEN_ID, - mConfig.getName()); + mConfig.getName()); mReqId = r.getRequestId(); mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID, - (Object) mReqId.toString()); + (Object) mReqId.toString()); IEmailFormProcessor et = CMS.getEmailFormProcessor(); String c = et.getEmailContent(template.toString(), mContentParams); @@ -377,48 +376,48 @@ public class CertificateIssuedListener implements IRequestListener { } catch (ENotificationException e) { // already logged, lets audit log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - + } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); } } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_REJECTION_NOTIFICATION", mReqId.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_REJECTION_NOTIFICATION", mReqId.toString())); } } private void buildContentParams(X509CertImpl issuedCert[], String mEmail) { mContentParams.put(IEmailFormProcessor.TOKEN_ID, - mConfig.getName()); + mConfig.getName()); mContentParams.put(IEmailFormProcessor.TOKEN_SERIAL_NUM, - (Object) issuedCert[0].getSerialNumber().toString()); + (Object) issuedCert[0].getSerialNumber().toString()); mContentParams.put(IEmailFormProcessor.TOKEN_HEX_SERIAL_NUM, - (Object) Long.toHexString(issuedCert[0].getSerialNumber().longValue())); + (Object) Long.toHexString(issuedCert[0].getSerialNumber().longValue())); mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID, - (Object) mReqId.toString()); + (Object) mReqId.toString()); mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_HOST, - (Object) mHttpHost); + (Object) mHttpHost); mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_PORT, - (Object) mHttpPort); + (Object) mHttpPort); mContentParams.put(IEmailFormProcessor.TOKEN_ISSUER_DN, - (Object) issuedCert[0].getIssuerDN().toString()); + (Object) issuedCert[0].getIssuerDN().toString()); mContentParams.put(IEmailFormProcessor.TOKEN_SUBJECT_DN, - (Object) issuedCert[0].getSubjectDN().toString()); + (Object) issuedCert[0].getSubjectDN().toString()); Date date = (Date) issuedCert[0].getNotAfter(); mContentParams.put(IEmailFormProcessor.TOKEN_NOT_AFTER, - mDateFormat.format(date)); + mDateFormat.format(date)); date = (Date) issuedCert[0].getNotBefore(); mContentParams.put(IEmailFormProcessor.TOKEN_NOT_BEFORE, - mDateFormat.format(date)); + mDateFormat.format(date)); mContentParams.put(IEmailFormProcessor.TOKEN_SENDER_EMAIL, - (Object) mSenderEmail); + (Object) mSenderEmail); mContentParams.put(IEmailFormProcessor.TOKEN_RECIPIENT_EMAIL, - (Object) mEmail); + (Object) mEmail); // ... and more } @@ -448,7 +447,7 @@ public class CertificateIssuedListener implements IRequestListener { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, - level, msg); + level, msg); } } diff --git a/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java b/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java index ca62af5f..a67c1c92 100644 --- a/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java +++ b/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.listeners; - import java.io.File; import java.io.IOException; import java.security.cert.X509Certificate; @@ -47,12 +46,11 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestListener; import com.netscape.certsrv.request.RequestId; - /** * a listener for every completed enrollment request * <p> - * Here is a list of available $TOKENs for email notification - templates if certificate is successfully issued: + * Here is a list of available $TOKENs for email notification templates if + * certificate is successfully issued: * <UL> * <LI>$InstanceID * <LI>$SerialNumber @@ -68,13 +66,13 @@ import com.netscape.certsrv.request.RequestId; * <LI>$RecipientEmail * </UL> * <p> - * Here is a list of available $TOKENs for email notification - templates if certificate request is revoked: + * Here is a list of available $TOKENs for email notification templates if + * certificate request is revoked: * <UL> * <LI>$RequestId * <LI>$InstanceID * </UL> - * + * * @version $Revision$, $Date$ */ public class CertificateRevokedListener implements IRequestListener { @@ -109,7 +107,7 @@ public class CertificateRevokedListener implements IRequestListener { } public void init(ISubsystem sub, IConfigStore config) - throws EListenersException, EPropertyNotFound, EBaseException { + throws EListenersException, EPropertyNotFound, EBaseException { mSubsystem = (ICertAuthority) sub; mConfig = mSubsystem.getConfigStore(); @@ -127,13 +125,13 @@ public class CertificateRevokedListener implements IRequestListener { String mDir = null; // figure out the reject email path: same dir as form path, - // same ending as form path + // same ending as form path int ridx = mFormPath.lastIndexOf(File.separator); if (ridx == -1) { CMS.debug("CertificateRevokedListener: file separator: " + File.separator - + - " not found. Use default /"); + + + " not found. Use default /"); ridx = mFormPath.lastIndexOf("/"); mDir = mFormPath.substring(0, ridx + 1); } else { @@ -168,7 +166,8 @@ public class CertificateRevokedListener implements IRequestListener { } public void accept(IRequest r) { - if (mEnabled != true) return; + if (mEnabled != true) + return; mSubject = mSubject_Success; mReqId = r.getRequestId(); @@ -180,7 +179,7 @@ public class CertificateRevokedListener implements IRequestListener { return; if (rs.equals("complete") == false) { CMS.debug("CertificateRevokedListener: Request status: " + rs); - //revoked(r); + // revoked(r); return; } @@ -190,18 +189,18 @@ public class CertificateRevokedListener implements IRequestListener { if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) { CMS.debug("CertificateRevokedListener: Request errored. " + - "No need to email notify for enrollment request id " + - mReqId); + "No need to email notify for enrollment request id " + + mReqId); return; } - + if (requestType.equals(IRequest.REVOCATION_REQUEST)) { CMS.debug("CertificateRevokedListener: accept() revocation request..."); // Get the certificate from the request - //X509CertImpl issuedCert[] = - // (X509CertImpl[]) + // X509CertImpl issuedCert[] = + // (X509CertImpl[]) RevokedCertImpl crlentries[] = - r.getExtDataInRevokedCertArray(IRequest.CERT_INFO); + r.getExtDataInRevokedCertArray(IRequest.CERT_INFO); if (crlentries != null) { CMS.debug("CertificateRevokedListener: Sending email notification.."); @@ -213,10 +212,10 @@ public class CertificateRevokedListener implements IRequestListener { try { keys.set(IEmailResolverKeys.KEY_REQUEST, r); keys.set(IEmailResolverKeys.KEY_CERT, - crlentries[0]); + crlentries[0]); } catch (EBaseException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString())); } IEmailResolver er = CMS.getReqCertSANameEmailResolver(); @@ -225,30 +224,30 @@ public class CertificateRevokedListener implements IRequestListener { mEmail = er.getEmail(keys); } catch (ENotificationException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", - e.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", + e.toString())); } catch (EBaseException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", - e.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", - e.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", + e.toString())); } - + // now we can mail if ((mEmail != null) && (!mEmail.equals(""))) { mailIt(mEmail, crlentries); } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_NOTIFY_ERROR", - crlentries[0].getSerialNumber().toString(), mReqId.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_NOTIFY_ERROR", + crlentries[0].getSerialNumber().toString(), mReqId.toString())); // send failure notification to "sender" mSubject = "Certificate Issued notification undeliverable"; mailIt(mSenderEmail, crlentries); } - } + } } } @@ -271,7 +270,7 @@ public class CertificateRevokedListener implements IRequestListener { if (!template.init()) { return; } - + buildContentParams(crlentries, mEmail); IEmailFormProcessor et = CMS.getEmailFormProcessor(); String c = et.getEmailContent(template.toString(), mContentParams); @@ -282,19 +281,19 @@ public class CertificateRevokedListener implements IRequestListener { mn.setContent(c); } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_TEMPLATE_ERROR", - crlentries[0].getSerialNumber().toString(), mReqId.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_TEMPLATE_ERROR", + crlentries[0].getSerialNumber().toString(), mReqId.toString())); mn.setContent("Serial Number = " + - crlentries[0].getSerialNumber() + - "; Request ID = " + mReqId); + crlentries[0].getSerialNumber() + + "; Request ID = " + mReqId); } - + try { mn.sendNotification(); } catch (ENotificationException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - + } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); } @@ -302,18 +301,18 @@ public class CertificateRevokedListener implements IRequestListener { private void buildContentParams(RevokedCertImpl crlentries[], String mEmail) { mContentParams.put(IEmailFormProcessor.TOKEN_ID, - mConfig.getName()); + mConfig.getName()); mContentParams.put(IEmailFormProcessor.TOKEN_SERIAL_NUM, - (Object) crlentries[0].getSerialNumber().toString()); + (Object) crlentries[0].getSerialNumber().toString()); mContentParams.put(IEmailFormProcessor.TOKEN_HEX_SERIAL_NUM, - (Object) Long.toHexString(crlentries[0].getSerialNumber().longValue())); + (Object) Long.toHexString(crlentries[0].getSerialNumber().longValue())); mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID, - (Object) mReqId.toString()); + (Object) mReqId.toString()); mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_HOST, - (Object) mHttpHost); + (Object) mHttpHost); mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_PORT, - (Object) mHttpPort); - + (Object) mHttpPort); + try { RevokedCertImpl revCert = (RevokedCertImpl) crlentries[0]; ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); @@ -321,22 +320,22 @@ public class CertificateRevokedListener implements IRequestListener { X509Certificate cert = certDB.getX509Certificate(revCert.getSerialNumber()); mContentParams.put(IEmailFormProcessor.TOKEN_ISSUER_DN, - (Object) cert.getIssuerDN().toString()); + (Object) cert.getIssuerDN().toString()); mContentParams.put(IEmailFormProcessor.TOKEN_SUBJECT_DN, - (Object) cert.getSubjectDN().toString()); + (Object) cert.getSubjectDN().toString()); Date date = (Date) crlentries[0].getRevocationDate(); - + mContentParams.put(IEmailFormProcessor.TOKEN_REVOCATION_DATE, - mDateFormat.format(date)); + mDateFormat.format(date)); } catch (EBaseException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString())); } mContentParams.put(IEmailFormProcessor.TOKEN_SENDER_EMAIL, - (Object) mSenderEmail); + (Object) mSenderEmail); mContentParams.put(IEmailFormProcessor.TOKEN_RECIPIENT_EMAIL, - (Object) mEmail); + (Object) mEmail); // ... and more } @@ -366,7 +365,7 @@ public class CertificateRevokedListener implements IRequestListener { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, - level, msg); + level, msg); } } diff --git a/pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java b/pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java index 2f02774d..c71b9c60 100644 --- a/pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java +++ b/pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.listeners; - import java.util.Hashtable; import netscape.ldap.LDAPAttribute; @@ -39,10 +38,9 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestListener; import com.netscape.certsrv.request.RequestId; - /** * This represnets a listener that removes pin from LDAP directory. - * + * * @version $Revision$, $Date$ */ public class PinRemovalListener implements IRequestListener { @@ -87,18 +85,18 @@ public class PinRemovalListener implements IRequestListener { protected String[] configParams = { "a" }; - public String[] getConfigParams() - throws EBaseException { + public String[] getConfigParams() + throws EBaseException { return configParams; } public void init(ISubsystem sub, IConfigStore config) throws EBaseException { - init(null, null, config); + init(null, null, config); } public void init(String name, String ImplName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = ImplName; mConfig = config; @@ -115,7 +113,8 @@ public class PinRemovalListener implements IRequestListener { } public void accept(IRequest r) { - if (mEnabled != true) return; + if (mEnabled != true) + return; mReqId = r.getRequestId(); @@ -129,7 +128,7 @@ public class PinRemovalListener implements IRequestListener { String requestType = r.getRequestType(); if (requestType.equals(IRequest.ENROLLMENT_REQUEST) || - requestType.equals(IRequest.RENEWAL_REQUEST)) { + requestType.equals(IRequest.RENEWAL_REQUEST)) { String uid = r.getExtDataInString( IRequest.HTTP_PARAMS, "uid"); @@ -144,21 +143,21 @@ public class PinRemovalListener implements IRequestListener { try { LDAPSearchResults res = mRemovePinLdapConnection.search(mBaseDN, LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null, false); - + if (!res.hasMoreElements()) { log(ILogger.LL_SECURITY, "uid " + uid + " does not exist in the ldap " + - " server. Could not remove pin"); + " server. Could not remove pin"); return; } LDAPEntry entry = (LDAPEntry) res.nextElement(); userdn = entry.getDN(); - + mRemovePinLdapConnection.modify(userdn, - new LDAPModification( - LDAPModification.DELETE, - new LDAPAttribute(mPinAttr))); + new LDAPModification( + LDAPModification.DELETE, + new LDAPAttribute(mPinAttr))); log(ILogger.LL_INFO, "Removed pin for user \"" + userdn + "\""); @@ -173,10 +172,9 @@ public class PinRemovalListener implements IRequestListener { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, - level, "PinRemovalListener: " + msg); + level, "PinRemovalListener: " + msg); } public void set(String name, String val) { } } - diff --git a/pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java b/pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java index f5810a46..18887f88 100644 --- a/pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java +++ b/pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.listeners; - import java.io.IOException; import java.util.Hashtable; @@ -39,7 +38,6 @@ import com.netscape.certsrv.request.RequestId; import com.netscape.cms.profile.input.SubjectNameInput; import com.netscape.cms.profile.input.SubmitterInfoInput; - /** * a listener for every request gets into the request queue. * <p> @@ -54,7 +52,7 @@ import com.netscape.cms.profile.input.SubmitterInfoInput; * <LI>$SenderEmail * <LI>$RecipientEmail * </UL> - * + * */ public class RequestInQListener implements IRequestListener { protected static final String PROP_ENABLED = "enabled"; @@ -89,8 +87,8 @@ public class RequestInQListener implements IRequestListener { * initializes the listener from the configuration */ public void init(ISubsystem sub, IConfigStore config) - throws EListenersException, EPropertyNotFound, EBaseException { - + throws EListenersException, EPropertyNotFound, EBaseException { + mSubsystem = (ICertAuthority) sub; mConfig = mSubsystem.getConfigStore(); @@ -118,32 +116,34 @@ public class RequestInQListener implements IRequestListener { // make available http host and port for forming url in templates mHttpHost = CMS.getAgentHost(); mAgentPort = CMS.getAgentPort(); - if (mAgentPort == null) + if (mAgentPort == null) log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_REQUEST_PORT_NOT_FOUND")); else CMS.debug("RequestInQuListener: agentport = " + mAgentPort); - // register for this event listener + // register for this event listener mSubsystem.registerPendingListener(this); } /** * carries out the operation when the listener is triggered. + * * @param r IRequest structure holding the request information * @see com.netscape.certsrv.request.IRequest */ public void accept(IRequest r) { - if (mEnabled != true) return; + if (mEnabled != true) + return; - // regardless of type of request...notify for everything - // no need for email resolver here... + // regardless of type of request...notify for everything + // no need for email resolver here... IMailNotification mn = CMS.getMailNotification(); mn.setFrom(mSenderEmail); mn.setTo(mRecipientEmail); mn.setSubject(mEmailSubject + " (request id: " + - r.getRequestId() + ")"); + r.getRequestId() + ")"); /* * get form file from disk @@ -158,7 +158,7 @@ public class RequestInQListener implements IRequestListener { log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_TEMPLATE_NOT_INIT")); return; } - + buildContentParams(r); IEmailFormProcessor et = CMS.getEmailFormProcessor(); String c = et.getEmailContent(template.toString(), mContentParams); @@ -169,8 +169,8 @@ public class RequestInQListener implements IRequestListener { mn.setContent(c); } else { // log and mail - log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_TEMPLATE_NOT_GET")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LISTENERS_TEMPLATE_NOT_GET")); mn.setContent("Template not retrievable for Request in Queue notification"); } @@ -179,78 +179,80 @@ public class RequestInQListener implements IRequestListener { } catch (ENotificationException e) { // already logged, lets audit mLogger.log(ILogger.EV_AUDIT, null, - ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - + ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_SEND_FAILED", e.toString())); + ILogger.LL_FAILURE, + CMS.getLogMessage("LISTENERS_SEND_FAILED", e.toString())); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_SEND_FAILED", e.toString())); + CMS.getLogMessage("LISTENERS_SEND_FAILED", e.toString())); } } private void buildContentParams(IRequest r) { mContentParams.clear(); mContentParams.put(IEmailFormProcessor.TOKEN_ID, - mConfig.getName()); + mConfig.getName()); Object val = null; String profileId = r.getExtDataInString("profileId"); if (profileId == null) { - val = r.getExtDataInString(IRequest.HTTP_PARAMS, "csrRequestorEmail"); + val = r.getExtDataInString(IRequest.HTTP_PARAMS, "csrRequestorEmail"); } else { - // use the submitter info if available, otherwise, use the - // subject name input email - val = r.getExtDataInString(SubmitterInfoInput.EMAIL); + // use the submitter info if available, otherwise, use the + // subject name input email + val = r.getExtDataInString(SubmitterInfoInput.EMAIL); - if ((val == null) || (((String) val).compareTo("") == 0)) { - val = r.getExtDataInString(SubjectNameInput.VAL_EMAIL); - } + if ((val == null) || (((String) val).compareTo("") == 0)) { + val = r.getExtDataInString(SubjectNameInput.VAL_EMAIL); + } } if (val != null) mContentParams.put(IEmailFormProcessor.TOKEN_REQUESTOR_EMAIL, - val); + val); if (profileId == null) { - val = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); + val = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); } else { - val = profileId; + val = profileId; } if (val != null) { mContentParams.put(IEmailFormProcessor.TOKEN_CERT_TYPE, - val); + val); } RequestId reqId = r.getRequestId(); mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID, - (Object) reqId.toString()); + (Object) reqId.toString()); mContentParams.put(IEmailFormProcessor.TOKEN_ID, mId); val = r.getRequestType(); if (val != null) mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_TYPE, - val); + val); mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_HOST, - (Object) mHttpHost); + (Object) mHttpHost); mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_PORT, - (Object) mAgentPort); + (Object) mAgentPort); mContentParams.put(IEmailFormProcessor.TOKEN_SENDER_EMAIL, - (Object) mSenderEmail); + (Object) mSenderEmail); mContentParams.put(IEmailFormProcessor.TOKEN_RECIPIENT_EMAIL, - (Object) mRecipientEmail); + (Object) mRecipientEmail); } /** * sets the configurable parameters - * @param name a String represents the name of the configuration parameter to be set + * + * @param name a String represents the name of the configuration parameter + * to be set * @param val a String containing the value to be set for name */ public void set(String name, String val) { @@ -277,7 +279,6 @@ public class RequestInQListener implements IRequestListener { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, - level, msg); + level, msg); } } - diff --git a/pki/base/common/src/com/netscape/cms/logging/LogEntry.java b/pki/base/common/src/com/netscape/cms/logging/LogEntry.java index 4ab9f281..b95f2687 100644 --- a/pki/base/common/src/com/netscape/cms/logging/LogEntry.java +++ b/pki/base/common/src/com/netscape/cms/logging/LogEntry.java @@ -17,17 +17,15 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.logging; - import java.text.DateFormat; import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Date; import java.util.Vector; - /** * A log entry of LogFile - * + * * @version $Revision$, $Date$ */ public class LogEntry { @@ -43,7 +41,7 @@ public class LogEntry { /** * Constructor for a LogEntry. - * + * */ public LogEntry(String entry) throws ParseException { mEntry = entry; @@ -52,10 +50,10 @@ public class LogEntry { /** * parse a log entry - * + * * return a vector of the segments of the entry */ - + public Vector parse() throws ParseException { int x = mEntry.indexOf("["); @@ -96,7 +94,8 @@ public class LogEntry { row.addElement(mTime); row.addElement(mDetail); - //System.out.println(mSource +"," + mLevel +","+ mDate+","+mTime+","+mDetail); + // System.out.println(mSource +"," + mLevel +","+ + // mDate+","+mTime+","+mDetail); return row; } diff --git a/pki/base/common/src/com/netscape/cms/logging/LogFile.java b/pki/base/common/src/com/netscape/cms/logging/LogFile.java index c2dd7b33..1e4bdc6c 100644 --- a/pki/base/common/src/com/netscape/cms/logging/LogFile.java +++ b/pki/base/common/src/com/netscape/cms/logging/LogFile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.logging; - import java.io.BufferedReader; import java.io.BufferedWriter; import java.io.ByteArrayOutputStream; @@ -81,7 +80,7 @@ import com.netscape.cmsutil.util.Utils; /** * A log event listener which write logs to log files - * + * * @version $Revision$, $Date$ **/ public class LogFile implements ILogEventListener, IExtendedPluginInfo { @@ -108,7 +107,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { private final static String LOG_SIGNED_AUDIT_EXCEPTION = "LOG_SIGNED_AUDIT_EXCEPTION_1"; - protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); + protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); protected IConfigStore mConfig = null; /** @@ -116,7 +115,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { */ static final String DATE_PATTERN = "yyyyMMddHHmmss"; - //It may be interesting to make this flexable someday.... + // It may be interesting to make this flexable someday.... protected SimpleDateFormat mLogFileDateFormat = new SimpleDateFormat(DATE_PATTERN); /** @@ -152,7 +151,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * The log date entry format */ - protected SimpleDateFormat mLogDateFormat = new SimpleDateFormat(mDatePattern); + protected SimpleDateFormat mLogDateFormat = new SimpleDateFormat(mDatePattern); /** * The date object used for log entries @@ -228,20 +227,20 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { static final String CRYPTO_PROVIDER = "Mozilla-JSS"; /** - * The log level threshold - * Only logs with level greater or equal than this value will be written + * The log level threshold Only logs with level greater or equal than this + * value will be written */ protected long mLevel = 1; /** * Constructor for a LogFile. - * + * */ public LogFile() { } - public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException { mConfig = config; try { @@ -263,7 +262,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { try { mSAuditCertNickName = config.getString( PROP_SIGNED_AUDIT_CERT_NICKNAME); - CMS.debug("LogFile: init(): audit log signing enabled. signedAuditCertNickname="+ mSAuditCertNickName); + CMS.debug("LogFile: init(): audit log signing enabled. signedAuditCertNickname=" + mSAuditCertNickName); } catch (EBaseException e) { throw new ELogException(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", config.getName() + "." @@ -272,9 +271,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { if (mSAuditCertNickName == null || mSAuditCertNickName.trim().equals("")) { throw new ELogException(CMS.getUserMessage( - "CMS_BASE_GET_PROPERTY_FAILED", - config.getName() + "." - + PROP_SIGNED_AUDIT_CERT_NICKNAME)); + "CMS_BASE_GET_PROPERTY_FAILED", + config.getName() + "." + + PROP_SIGNED_AUDIT_CERT_NICKNAME)); } } @@ -309,13 +308,14 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { String eventId = tokens.nextToken().trim(); theVector.addElement(eventId); - CMS.debug("LogFile: log event type selected: "+eventId); + CMS.debug("LogFile: log event type selected: " + eventId); } return theVector; } /** * add the event to the selected events list + * * @param event to be selected */ public void selectEvent(String event) { @@ -325,6 +325,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * remove the event from the selected events list + * * @param event to be de-selected */ public void deselectEvent(String event) { @@ -334,6 +335,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * replace the selected events list + * * @param events comma-separated event list */ public void replaceEvents(String events) { @@ -348,9 +350,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { ByteArrayOutputStream output = new ByteArrayOutputStream(); Base64OutputStream b64 = new Base64OutputStream(new PrintStream(new - FilterOutputStream(output) + FilterOutputStream(output) ) - ); + ); b64.write(bytes); b64.flush(); @@ -363,7 +365,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { private static boolean mInSignedAuditLogFailureMode = false; private static synchronized void shutdownCMS() { - if( mInSignedAuditLogFailureMode == false ) { + if (mInSignedAuditLogFailureMode == false) { // Set signed audit log failure mode true // No, this isn't a race condition, because the method is @@ -371,7 +373,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { mInSignedAuditLogFailureMode = true; // Block all new incoming requests - if( CMS.areRequestsDisabled() == false ) { + if (CMS.areRequestsDisabled() == false) { // XXX is this a race condition? CMS.disableRequests(); } @@ -389,7 +391,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * Initialize and open the log using the parameters from a config store - * + * * @param config The property config store to find values in */ public void init(IConfigStore config) throws IOException, @@ -445,51 +447,51 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { // retrieve the subsystem String subsystem = ""; - ISubsystem caSubsystem = CMS.getSubsystem( "ca" ); - if( caSubsystem != null ) { + ISubsystem caSubsystem = CMS.getSubsystem("ca"); + if (caSubsystem != null) { subsystem = "ca"; } - ISubsystem raSubsystem = CMS.getSubsystem( "ra" ); - if( raSubsystem != null ) { + ISubsystem raSubsystem = CMS.getSubsystem("ra"); + if (raSubsystem != null) { subsystem = "ra"; } - ISubsystem kraSubsystem = CMS.getSubsystem( "kra" ); - if( kraSubsystem != null ) { + ISubsystem kraSubsystem = CMS.getSubsystem("kra"); + if (kraSubsystem != null) { subsystem = "kra"; } - ISubsystem ocspSubsystem = CMS.getSubsystem( "ocsp" ); - if( ocspSubsystem != null ) { + ISubsystem ocspSubsystem = CMS.getSubsystem("ocsp"); + if (ocspSubsystem != null) { subsystem = "ocsp"; } // retrieve the instance name String instIDPath = CMS.getInstanceDir(); - int index = instIDPath.lastIndexOf( "/" ); - String instID = instIDPath.substring( index + 1 ); + int index = instIDPath.lastIndexOf("/"); + String instID = instIDPath.substring(index + 1); // build the default signedAudit file name signedAuditDefaultFileName = subsystem + "_" + instID + "_" + "audit"; - } catch( Exception e2 ) { + } catch (Exception e2) { throw new ELogException( - CMS.getUserMessage( "CMS_BASE_GET_PROPERTY_FAILED", + CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", config.getName() + "." + - PROP_FILE_NAME ) ); + PROP_FILE_NAME)); } // the default value is determined by the eventType. if (mType.equals(ILogger.PROP_SIGNED_AUDIT)) { defaultFileName = "logs/signedAudit/" + signedAuditDefaultFileName; - }else if (mType.equals(ILogger.PROP_SYSTEM)) { + } else if (mType.equals(ILogger.PROP_SYSTEM)) { defaultFileName = "logs/system"; - }else if (mType.equals(ILogger.PROP_AUDIT)) { + } else if (mType.equals(ILogger.PROP_AUDIT)) { defaultFileName = "logs/transactions"; - }else { - //wont get here + } else { + // wont get here throw new ELogException(CMS.getUserMessage("CMS_LOG_INVALID_LOG_TYPE", config.getName())); } @@ -502,29 +504,29 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } if (mOn) { - init(fileName, config.getInteger(PROP_BUFFER_SIZE, BUFFER_SIZE), - config.getInteger(PROP_FLUSH_INTERVAL, FLUSH_INTERVAL)); + init(fileName, config.getInteger(PROP_BUFFER_SIZE, BUFFER_SIZE), + config.getInteger(PROP_FLUSH_INTERVAL, FLUSH_INTERVAL)); } } /** * Initialize and open the log - * - * @param bufferSize The buffer size for the output stream in bytes - * @param flushInterval The interval in seconds to flush the log + * + * @param bufferSize The buffer size for the output stream in bytes + * @param flushInterval The interval in seconds to flush the log */ - public void init(String fileName, int bufferSize, int flushInterval) throws IOException,ELogException { + public void init(String fileName, int bufferSize, int flushInterval) throws IOException, ELogException { if (fileName == null) throw new ELogException(CMS.getUserMessage("CMS_LOG_INVALID_FILE_NAME", "null")); - //If we want to reuse the old log files - //mFileName = fileName + "." + mLogFileDateFormat.format(mDate); + // If we want to reuse the old log files + // mFileName = fileName + "." + mLogFileDateFormat.format(mDate); mFileName = fileName; - if( !Utils.isNT() ) { + if (!Utils.isNT()) { // Always insure that a physical file exists! - Utils.exec( "touch " + mFileName ); - Utils.exec( "chmod 00640 " + mFileName ); + Utils.exec("touch " + mFileName); + Utils.exec("chmod 00640 " + mFileName); } mFile = new File(mFileName); mBufferSize = bufferSize; @@ -540,25 +542,25 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { Provider[] providers = java.security.Security.getProviders(); int ps = providers.length; - for (int i = 0; i<ps; i++) { - CMS.debug("LogFile: provider "+i+"= "+providers[i].getName()); + for (int i = 0; i < ps; i++) { + CMS.debug("LogFile: provider " + i + "= " + providers[i].getName()); } CryptoManager cm = CryptoManager.getInstance(); // find CertServer's private key - X509Certificate cert = cm.findCertByNickname( mSAuditCertNickName ); + X509Certificate cert = cm.findCertByNickname(mSAuditCertNickName); if (cert != null) { - CMS.debug("LogFile: setupSignig(): found cert:"+mSAuditCertNickName); + CMS.debug("LogFile: setupSignig(): found cert:" + mSAuditCertNickName); } else { - CMS.debug("LogFile: setupSignig(): cert not found:"+mSAuditCertNickName); + CMS.debug("LogFile: setupSignig(): cert not found:" + mSAuditCertNickName); } mSigningKey = cm.findPrivKeyByCert(cert); String sigAlgorithm; - if( mSigningKey instanceof RSAPrivateKey ) { + if (mSigningKey instanceof RSAPrivateKey) { sigAlgorithm = "SHA-256/RSA"; - } else if( mSigningKey instanceof DSAPrivateKey ) { + } else if (mSigningKey instanceof DSAPrivateKey) { sigAlgorithm = "SHA-256/DSA"; } else { throw new NoSuchAlgorithmException("Unknown private key type"); @@ -567,11 +569,11 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { CryptoToken savedToken = cm.getThreadToken(); try { CryptoToken keyToken = - ((org.mozilla.jss.pkcs11.PK11PrivKey)mSigningKey) - .getOwningToken(); + ((org.mozilla.jss.pkcs11.PK11PrivKey) mSigningKey) + .getOwningToken(); cm.setThreadToken(keyToken); mSignature = java.security.Signature.getInstance(sigAlgorithm, - CRYPTO_PROVIDER); + CRYPTO_PROVIDER); } finally { cm.setThreadToken(savedToken); } @@ -580,7 +582,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { // get the last signature from the currently-opened file String entry = getLastSignature(mFile); - if( entry != null ) { + if (entry != null) { mSignature.update(entry.getBytes("UTF-8")); mSignature.update(LINE_SEP_BYTE); } @@ -614,12 +616,11 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } private static void setupSigningFailure(String logMessageCode, Exception e) - throws EBaseException - { + throws EBaseException { try { - ConsoleError.send( new SystemEvent( - CMS.getLogMessage(logMessageCode))); - } catch(Exception e2) { + ConsoleError.send(new SystemEvent( + CMS.getLogMessage(logMessageCode))); + } catch (Exception e2) { // don't allow an exception while printing to the console // prevent us from running the rest of this function. e2.printStackTrace(); @@ -632,36 +633,36 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * Startup the instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP used at audit * function startup * </ul> + * * @exception EBaseException if an internal error occurred */ public void startup() throws EBaseException { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures CMS.debug("LogFile: entering LogFile.startup()"); - if( mOn && mLogSigning ) { + if (mOn && mLogSigning) { try { setupSigning(); - audit( CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP, - ILogger.SYSTEM_UID, - ILogger.SUCCESS) ); - } catch(EBaseException e) { - audit( CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP, - ILogger.SYSTEM_UID, - ILogger.FAILURE) ); + audit(CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP, + ILogger.SYSTEM_UID, + ILogger.SUCCESS)); + } catch (EBaseException e) { + audit(CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP, + ILogger.SYSTEM_UID, + ILogger.FAILURE)); throw e; } } } - /** * Retrieves the eventType this log is triggered. */ @@ -673,7 +674,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { * Retrieves the log on/off. */ public String getOn() { - return String.valueOf( mOn ); + return String.valueOf(mOn); } /** @@ -695,22 +696,22 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * Record that the signed audit log has been signed * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_SIGNING used when a signature on the - * audit log is generated (same as "flush" time) + * <li>signed.audit LOGGING_SIGNED_AUDIT_SIGNING used when a signature on + * the audit log is generated (same as "flush" time) * </ul> + * * @exception IOException for input/output problems * @exception ELogException when plugin implementation fails * @exception SignatureException when signing fails * @exception InvalidKeyException when an invalid key is utilized */ private void pushSignature() throws IOException, ELogException, - SignatureException, InvalidKeyException - { + SignatureException, InvalidKeyException { byte[] sigBytes = null; - if( mSignature == null ) { + if (mSignature == null) { return; } @@ -727,31 +728,31 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { LOGGING_SIGNED_AUDIT_SIGNING, ILogger.SYSTEM_UID, ILogger.SUCCESS, - base64Encode( sigBytes ) ); + base64Encode(sigBytes)); - if( mSignedAuditLogger == null ) { + if (mSignedAuditLogger == null) { return; } ILogEvent ev = mSignedAuditLogger.create( ILogger.EV_SIGNED_AUDIT, - ( Properties ) null, + (Properties) null, ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, auditMessage, o, - ILogger.L_SINGLELINE ); + ILogger.L_SINGLELINE); - String logMesg = logEvt2String(ev); + String logMesg = logEvt2String(ev); doLog(logMesg, true); } private static String getLastSignature(File f) throws IOException { - BufferedReader r = new BufferedReader( new FileReader(f) ); + BufferedReader r = new BufferedReader(new FileReader(f)); String lastSig = null; String curLine = null; - while( (curLine = r.readLine()) != null ) { - if( curLine.indexOf("AUDIT_LOG_SIGNING") != -1 ) { + while ((curLine = r.readLine()) != null) { + if (curLine.indexOf("AUDIT_LOG_SIGNING") != -1) { lastSig = curLine; } } @@ -760,8 +761,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } /** - * Open the log file. This creates the buffered FileWriter - * + * Open the log file. This creates the buffered FileWriter + * */ protected synchronized void open() throws IOException { RandomAccessFile out; @@ -769,14 +770,14 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { try { out = new RandomAccessFile(mFile, "rw"); out.seek(out.length()); - //XXX int or long? + // XXX int or long? mBytesWritten = (int) out.length(); - if( !Utils.isNT() ) { + if (!Utils.isNT()) { try { - Utils.exec( "chmod 00640 " + mFile.getCanonicalPath() ); - } catch( IOException e ) { - CMS.debug( "Unable to change file permissions on " - + mFile.toString() ); + Utils.exec("chmod 00640 " + mFile.getCanonicalPath()); + } catch (IOException e) { + CMS.debug("Unable to change file permissions on " + + mFile.toString()); } } mLogWriter = new BufferedWriter( @@ -785,20 +786,20 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { // The first time we open, mSignature will not have been // initialized yet. That's ok, we will push our first signature // in setupSigning(). - if( mLogSigning && (mSignature != null)) { + if (mLogSigning && (mSignature != null)) { try { pushSignature(); } catch (ELogException le) { ConsoleError.send( - new SystemEvent(CMS.getUserMessage("CMS_LOG_ILLEGALARGUMENT", - mFileName))); + new SystemEvent(CMS.getUserMessage("CMS_LOG_ILLEGALARGUMENT", + mFileName))); } } } catch (IllegalArgumentException iae) { ConsoleError.send( - new SystemEvent(CMS.getUserMessage("CMS_LOG_ILLEGALARGUMENT", - mFileName))); - } catch(GeneralSecurityException gse) { + new SystemEvent(CMS.getUserMessage("CMS_LOG_ILLEGALARGUMENT", + mFileName))); + } catch (GeneralSecurityException gse) { // error with signed audit log, shutdown CMS gse.printStackTrace(); shutdownCMS(); @@ -808,12 +809,12 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } /** - * Flush the log file. Also update the MAC for hash protected logs - * + * Flush the log file. Also update the MAC for hash protected logs + * */ public synchronized void flush() { try { - if( mLogSigning ) { + if (mLogSigning) { try { pushSignature(); } catch (ELogException le) { @@ -827,11 +828,11 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } catch (IOException e) { ConsoleError.send(new SystemEvent(CMS.getUserMessage("CMS_LOG_FLUSH_LOG_FAILED", mFileName, e.toString()))); if (mLogSigning) { - //error in writing to signed audit log, shut down CMS + // error in writing to signed audit log, shut down CMS e.printStackTrace(); shutdownCMS(); } - } catch(GeneralSecurityException gse) { + } catch (GeneralSecurityException gse) { // error with signed audit log, shutdown CMS gse.printStackTrace(); shutdownCMS(); @@ -842,7 +843,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * Close the log file - * + * */ protected synchronized void close() { try { @@ -859,7 +860,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * Shutdown this log file. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN used at audit * function shutdown @@ -876,9 +877,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN, ILogger.SYSTEM_UID, - ILogger.SUCCESS ); + ILogger.SUCCESS); - audit( auditMessage ); + audit(auditMessage); close(); } @@ -886,9 +887,10 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * Set the flush interval * <P> - * @param flushInterval The amount of time in seconds until the log - * is flush. A value of 0 will disable autoflush. This will also set - * the update period for hash protected logs. + * + * @param flushInterval The amount of time in seconds until the log is + * flush. A value of 0 will disable autoflush. This will also set + * the update period for hash protected logs. **/ public synchronized void setFlushInterval(int flushInterval) { mFlushInterval = flushInterval * 1000; @@ -903,8 +905,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } /** - * Log flush thread. Sleep for the flush interval and flush the - * log. Changing flush interval to 0 will cause this thread to exit. + * Log flush thread. Sleep for the flush interval and flush the log. + * Changing flush interval to 0 will cause this thread to exit. */ final class FlushThread extends Thread { @@ -925,7 +927,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } catch (InterruptedException e) { // This shouldn't happen very often ConsoleError.send(new - SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "flush"))); + SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "flush"))); } } @@ -942,10 +944,10 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } /** - * Synchronized method to write a string to the log file. All I18N - * should take place before this call. - * - * @param entry The log entry string + * Synchronized method to write a string to the log file. All I18N should + * take place before this call. + * + * @param entry The log entry string */ protected synchronized void log(String entry) throws ELogException { doLog(entry, false); @@ -957,9 +959,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { private static final byte LINE_SEP_BYTE = 0x0a; /** - * This method actually does the logging, and is not overridden - * by subclasses, so you can call it and know that it will do exactly - * what you see below. + * This method actually does the logging, and is not overridden by + * subclasses, so you can call it and know that it will do exactly what you + * see below. */ private synchronized void doLog(String entry, boolean noFlush) throws ELogException { @@ -969,51 +971,51 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { throw new ELogException(CMS.getUserMessage("CMS_LOG_LOGFILE_CLOSED", params)); } else { try { - mLogWriter.write(entry, 0/*offset*/, entry.length()); + mLogWriter.write(entry, 0/* offset */, entry.length()); - if (mLogSigning==true) { - if(mSignature != null) { + if (mLogSigning == true) { + if (mSignature != null) { // include newline for calculating MAC mSignature.update(entry.getBytes("UTF-8")); } else { CMS.debug("LogFile: mSignature is not yet ready... null in log()"); } } - if (mTrace) { - CharArrayWriter cw = new CharArrayWriter(200); + if (mTrace) { + CharArrayWriter cw = new CharArrayWriter(200); PrintWriter pw = new PrintWriter(cw); Exception e = new Exception(); - e.printStackTrace(pw); - char[] c = cw.toCharArray(); - cw.close(); + e.printStackTrace(pw); + char[] c = cw.toCharArray(); + cw.close(); pw.close(); - CharArrayReader cr = new CharArrayReader(c); + CharArrayReader cr = new CharArrayReader(c); LineNumberReader lr = new LineNumberReader(cr); - String text = null; - String method = null; + String text = null; + String method = null; String fileAndLine = null; - if (lr.ready()) { - text = lr.readLine(); - do { - text = lr.readLine(); + if (lr.ready()) { + text = lr.readLine(); + do { + text = lr.readLine(); } while (text.indexOf("logging") != -1); - int p = text.indexOf("("); + int p = text.indexOf("("); fileAndLine = text.substring(p); - String classandmethod = text.substring(0, p); - int q = classandmethod.lastIndexOf("."); - method = classandmethod.substring(q + 1); - mLogWriter.write(fileAndLine, 0/*offset*/, fileAndLine.length()); - mLogWriter.write(" ", 0/*offset*/, " ".length()); - mLogWriter.write(method, 0/*offset*/, method.length()); + String classandmethod = text.substring(0, p); + int q = classandmethod.lastIndexOf("."); + method = classandmethod.substring(q + 1); + mLogWriter.write(fileAndLine, 0/* offset */, fileAndLine.length()); + mLogWriter.write(" ", 0/* offset */, " ".length()); + mLogWriter.write(method, 0/* offset */, method.length()); } } mLogWriter.newLine(); - if (mLogSigning==true){ - if(mSignature != null) { + if (mLogSigning == true) { + if (mSignature != null) { mSignature.update(LINE_SEP_BYTE); } else { CMS.debug("LogFile: mSignature is null in log() 2"); @@ -1027,23 +1029,22 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { shutdownCMS(); } } catch (IllegalStateException e) { - CMS.debug("LogFile: exception thrown in log(): "+e.toString()); - ConsoleError.send(new SignedAuditEvent(CMS.getLogMessage(LOG_SIGNED_AUDIT_EXCEPTION,e.toString()))); - } catch( GeneralSecurityException gse ) { + CMS.debug("LogFile: exception thrown in log(): " + e.toString()); + ConsoleError.send(new SignedAuditEvent(CMS.getLogMessage(LOG_SIGNED_AUDIT_EXCEPTION, e.toString()))); + } catch (GeneralSecurityException gse) { // DJN: handle error CMS.debug("LogFile: exception thrown in log(): " - + gse.toString()); + + gse.toString()); gse.printStackTrace(); ConsoleError.send(new SignedAuditEvent(CMS.getLogMessage( - LOG_SIGNED_AUDIT_EXCEPTION,gse.toString()))); + LOG_SIGNED_AUDIT_EXCEPTION, gse.toString()))); } - // XXX // Although length will be in Unicode dual-bytes, the PrintWriter - // will only print out 1 byte per character. I suppose this could + // will only print out 1 byte per character. I suppose this could // be dependent on the encoding of your log file, but it ain't that - // smart yet. Also, add one for the newline. (hmm, on NT, CR+LF) + // smart yet. Also, add one for the newline. (hmm, on NT, CR+LF) int nBytes = entry.length() + 1; mBytesWritten += nBytes; @@ -1057,8 +1058,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * Write an event to the log file - * - * @param ev The event to be logged. + * + * @param ev The event to be logged. */ public void log(ILogEvent ev) throws ELogException { if (ev instanceof AuditEvent) { @@ -1069,7 +1070,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { if (!mType.equals("system") || (!mOn) || mLevel > ev.getLevel()) { return; } - } else if (ev instanceof SignedAuditEvent) { + } else if (ev instanceof SignedAuditEvent) { if (!mType.equals("signedAudit") || (!mOn) || mLevel > ev.getLevel()) { return; } @@ -1082,7 +1083,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { String type = ev.getEventType(); if (type != null) { if (!mSelectedEvents.contains(type)) { - CMS.debug("LogFile: event type not selected: "+type); + CMS.debug("LogFile: event type not selected: " + type); return; } } @@ -1120,13 +1121,13 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * change multi-line log entry by replace "\n" with "\n " - * - * @param original The original multi-line log entry. + * + * @param original The original multi-line log entry. */ private String prepareMultiline(String original) { int i, last = 0; - //NT: \r\n, unix: \n + // NT: \r\n, unix: \n while ((i = original.indexOf("\n", last)) != -1) { last = i + 1; original = original.substring(0, i + 1) + " " + original.substring(i + 1); @@ -1135,15 +1136,15 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } /** - * Read all entries whose logLevel>=lowLevel && log source = source - * to at most maxLine entries(from end) - * If the parameter is -1, it's ignored and return all entries - * + * Read all entries whose logLevel>=lowLevel && log source = source to at + * most maxLine entries(from end) If the parameter is -1, it's ignored and + * return all entries + * * @param maxLine The maximum lines to be returned * @param lowLevel The lowest log level to be returned * @param source The particular log source to be returned * @param fName The log file name to be read. If it's null, read the current - * log file + * log file */ public Vector<LogEntry> readEntry(int maxLine, int lowLevel, int source, String fName) { Vector<LogEntry> mEntries = new Vector<LogEntry>(); @@ -1152,23 +1153,23 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { int lineNo = 0; // lineNo of the current entry in the log file int line = 0; // line of readed valid entries String firstLine = null; // line buffer - String nextLine = null; + String nextLine = null; String entry = null; LogEntry logEntry = null; /* - this variable is added to accormodate misplaced multiline entries - write out buffered log entry when next entry is parsed successfully - this implementation is assuming parsing is more time consuming than - condition check + * this variable is added to accormodate misplaced multiline entries + * write out buffered log entry when next entry is parsed successfully + * this implementation is assuming parsing is more time consuming than + * condition check */ - LogEntry preLogEntry = null; + LogEntry preLogEntry = null; if (fName != null) { fileName = fName; } try { - //XXX think about this + // XXX think about this fBuffer = new BufferedReader(new FileReader(fileName)); do { try { @@ -1194,9 +1195,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { // if parse succeed, write out previous entry if (preLogEntry != null) { if ((Integer.parseInt(preLogEntry.getLevel()) >= lowLevel) && - ((Integer.parseInt(preLogEntry.getSource()) == source) || + ((Integer.parseInt(preLogEntry.getSource()) == source) || (source == ILogger.S_ALL) - )) { + )) { mEntries.addElement(preLogEntry); if (maxLine == -1) { line++; @@ -1223,13 +1224,12 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } catch (IOException e) { CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("LOGGING_READ_ERROR", fileName, - Integer.toString(lineNo))); + ILogger.LL_FAILURE, + CMS.getLogMessage("LOGGING_READ_ERROR", fileName, + Integer.toString(lineNo))); } - } - while (nextLine != null); + } while (nextLine != null); // need to process the last 2 entries of the file if (firstLine != null) { @@ -1240,17 +1240,18 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { try { logEntry = new LogEntry(entry); - /* System.out.println( - Integer.toString(Integer.parseInt(logEntry.getLevel())) - +","+Integer.toString(lowLevel)+","+ - Integer.toString(Integer.parseInt(logEntry.getSource())) - +","+Integer.toString(source) ); + /* + * System.out.println( + * Integer.toString(Integer.parseInt(logEntry.getLevel())) + * +","+Integer.toString(lowLevel)+","+ + * Integer.toString(Integer.parseInt(logEntry.getSource())) + * +","+Integer.toString(source) ); */ if (preLogEntry != null) { if ((Integer.parseInt(preLogEntry.getLevel()) >= lowLevel) && - ((Integer.parseInt(preLogEntry.getSource()) == source) || + ((Integer.parseInt(preLogEntry.getSource()) == source) || (source == ILogger.S_ALL) - )) { + )) { mEntries.addElement(preLogEntry); if (maxLine == -1) { line++; @@ -1268,11 +1269,11 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { if (preLogEntry != null) { if ((Integer.parseInt(preLogEntry.getLevel()) >= lowLevel) - && - ((Integer.parseInt(preLogEntry.getSource()) == source) + && + ((Integer.parseInt(preLogEntry.getSource()) == source) || (source == ILogger.S_ALL) - )) { + )) { // parse the entry, pass to UI mEntries.addElement(preLogEntry); if (maxLine == -1) { @@ -1291,15 +1292,15 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { fBuffer.close(); } catch (IOException e) { CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, "logging:" + fileName + - " failed to close for reading"); + ILogger.LL_FAILURE, "logging:" + fileName + + " failed to close for reading"); } } catch (FileNotFoundException e) { CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("LOGGING_FILE_NOT_FOUND", - fileName)); + ILogger.LL_FAILURE, + CMS.getLogMessage("LOGGING_FILE_NOT_FOUND", + fileName)); } return mEntries; } @@ -1307,7 +1308,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * Retrieves the configuration store of this subsystem. * <P> - * + * * @return configuration store */ public IConfigStore getConfigStore() { @@ -1315,27 +1316,27 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } /** - * Retrieve last "maxLine" number of system log with log lever >"level" - * and from source "source". If the parameter is omitted. All entries - * are sent back. + * Retrieve last "maxLine" number of system log with log lever >"level" and + * from source "source". If the parameter is omitted. All entries are sent + * back. */ public synchronized NameValuePairs retrieveLogContent(Hashtable<String, String> req) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String tmp, fName = null; int maxLine = -1, level = -1, source = -1; - Vector<LogEntry> entries = null; + Vector<LogEntry> entries = null; - if ((tmp = (String)req.get(Constants.PR_LOG_ENTRY)) != null) { + if ((tmp = (String) req.get(Constants.PR_LOG_ENTRY)) != null) { maxLine = Integer.parseInt(tmp); } - if ((tmp = (String)req.get(Constants.PR_LOG_LEVEL)) != null) { + if ((tmp = (String) req.get(Constants.PR_LOG_LEVEL)) != null) { level = Integer.parseInt(tmp); } - if ((tmp = (String)req.get(Constants.PR_LOG_SOURCE)) != null) { + if ((tmp = (String) req.get(Constants.PR_LOG_SOURCE)) != null) { source = Integer.parseInt(tmp); } - tmp = (String)req.get(Constants.PR_LOG_NAME); + tmp = (String) req.get(Constants.PR_LOG_NAME); if (!(tmp.equals(Constants.PR_CURRENT_LOG))) { fName = tmp; } else { @@ -1346,12 +1347,12 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { entries = readEntry(maxLine, level, source, fName); for (int i = 0; i < entries.size(); i++) { params.add(Integer.toString(i) + - ((LogEntry) entries.elementAt(i)).getEntry(), ""); + ((LogEntry) entries.elementAt(i)).getEntry(), ""); } } catch (Exception e) { CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_WARN, - "System log parse error"); + ILogger.LL_WARN, + "System log parse error"); } return params; } @@ -1385,11 +1386,11 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { // needs to find a way to determine what type you want. if this // is not for the signed audit type, then we should not show the // following parameters. - //if( mType.equals( ILogger.PROP_SIGNED_AUDIT ) ) { - v.addElement( PROP_SIGNED_AUDIT_LOG_SIGNING + "=" ); - v.addElement( PROP_SIGNED_AUDIT_CERT_NICKNAME + "=" ); - v.addElement( PROP_SIGNED_AUDIT_EVENTS + "=" ); - //} + // if( mType.equals( ILogger.PROP_SIGNED_AUDIT ) ) { + v.addElement(PROP_SIGNED_AUDIT_LOG_SIGNING + "="); + v.addElement(PROP_SIGNED_AUDIT_CERT_NICKNAME + "="); + v.addElement(PROP_SIGNED_AUDIT_EVENTS + "="); + // } return v; } @@ -1401,11 +1402,11 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { if (mType == null) { v.addElement(PROP_TYPE + "="); - }else { + } else { v.addElement(PROP_TYPE + "=" + - mConfig.getString(PROP_TYPE)); + mConfig.getString(PROP_TYPE)); } - v.addElement(PROP_ON + "=" + String.valueOf( mOn ) ); + v.addElement(PROP_ON + "=" + String.valueOf(mOn)); if (mLevel == 0) v.addElement(PROP_LEVEL + "=" + ILogger.LL_DEBUG_STRING); else if (mLevel == 1) @@ -1423,29 +1424,29 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { if (mFileName == null) { v.addElement(PROP_FILE_NAME + "="); - }else { + } else { v.addElement(PROP_FILE_NAME + "=" + - mFileName); + mFileName); } v.addElement(PROP_BUFFER_SIZE + "=" + mBufferSize); v.addElement(PROP_FLUSH_INTERVAL + "=" + mFlushInterval / 1000); - if( (mType != null) && mType.equals( ILogger.PROP_SIGNED_AUDIT ) ) { - v.addElement( PROP_SIGNED_AUDIT_LOG_SIGNING + "=" - + String.valueOf( mLogSigning ) ); + if ((mType != null) && mType.equals(ILogger.PROP_SIGNED_AUDIT)) { + v.addElement(PROP_SIGNED_AUDIT_LOG_SIGNING + "=" + + String.valueOf(mLogSigning)); - if( mSAuditCertNickName == null ) { - v.addElement( PROP_SIGNED_AUDIT_CERT_NICKNAME + "=" ); + if (mSAuditCertNickName == null) { + v.addElement(PROP_SIGNED_AUDIT_CERT_NICKNAME + "="); } else { - v.addElement( PROP_SIGNED_AUDIT_CERT_NICKNAME + "=" - + mSAuditCertNickName ); + v.addElement(PROP_SIGNED_AUDIT_CERT_NICKNAME + "=" + + mSAuditCertNickName); } - if( mSelectedEventsList == null ) { - v.addElement( PROP_SIGNED_AUDIT_EVENTS + "=" ); + if (mSelectedEventsList == null) { + v.addElement(PROP_SIGNED_AUDIT_EVENTS + "="); } else { - v.addElement( PROP_SIGNED_AUDIT_EVENTS + "=" - + mSelectedEventsList ); + v.addElement(PROP_SIGNED_AUDIT_EVENTS + "=" + + mSelectedEventsList); } } } catch (Exception e) { @@ -1454,53 +1455,53 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } public String[] getExtendedPluginInfo(Locale locale) { - if( mType.equals( ILogger.PROP_SIGNED_AUDIT ) ) { + if (mType.equals(ILogger.PROP_SIGNED_AUDIT)) { String[] params = { - PROP_TYPE + ";choice(transaction,signedAudit,system);The log event type this instance is listening to", - PROP_ON + ";boolean;Turn on the listener", - PROP_LEVEL + ";choice(" + ILogger.LL_DEBUG_STRING + "," + - ILogger.LL_INFO_STRING + "," + - ILogger.LL_WARN_STRING + "," + - ILogger.LL_FAILURE_STRING + "," + - ILogger.LL_MISCONF_STRING + "," + - ILogger.LL_CATASTRPHE_STRING + "," + - ILogger.LL_SECURITY_STRING + ");Only log message with level higher than this filter will be written by this listener", - PROP_FILE_NAME + ";string;The name of the file the log is written to", - PROP_BUFFER_SIZE + ";integer;The size of the buffer to receive log messages in kilobytes(KB)", - PROP_FLUSH_INTERVAL + ";integer;The maximum time in seconds before the buffer is flushed to the file", - IExtendedPluginInfo.HELP_TOKEN + - ";configuration-logrules-logfile", - IExtendedPluginInfo.HELP_TEXT + - ";Write the log messages to a file", - PROP_SIGNED_AUDIT_LOG_SIGNING + - ";boolean;Enable audit logs to be signed", - PROP_SIGNED_AUDIT_CERT_NICKNAME + - ";string;The nickname of the certificate to be used to sign audit logs", - PROP_SIGNED_AUDIT_EVENTS + - ";string;A comma-separated list of strings used to specify particular signed audit log events", + PROP_TYPE + ";choice(transaction,signedAudit,system);The log event type this instance is listening to", + PROP_ON + ";boolean;Turn on the listener", + PROP_LEVEL + ";choice(" + ILogger.LL_DEBUG_STRING + "," + + ILogger.LL_INFO_STRING + "," + + ILogger.LL_WARN_STRING + "," + + ILogger.LL_FAILURE_STRING + "," + + ILogger.LL_MISCONF_STRING + "," + + ILogger.LL_CATASTRPHE_STRING + "," + + ILogger.LL_SECURITY_STRING + ");Only log message with level higher than this filter will be written by this listener", + PROP_FILE_NAME + ";string;The name of the file the log is written to", + PROP_BUFFER_SIZE + ";integer;The size of the buffer to receive log messages in kilobytes(KB)", + PROP_FLUSH_INTERVAL + ";integer;The maximum time in seconds before the buffer is flushed to the file", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-logrules-logfile", + IExtendedPluginInfo.HELP_TEXT + + ";Write the log messages to a file", + PROP_SIGNED_AUDIT_LOG_SIGNING + + ";boolean;Enable audit logs to be signed", + PROP_SIGNED_AUDIT_CERT_NICKNAME + + ";string;The nickname of the certificate to be used to sign audit logs", + PROP_SIGNED_AUDIT_EVENTS + + ";string;A comma-separated list of strings used to specify particular signed audit log events", }; return params; } else { - // mType.equals( ILogger.PROP_AUDIT ) || + // mType.equals( ILogger.PROP_AUDIT ) || // mType.equals( ILogger.PROP_SYSTEM ) String[] params = { - PROP_TYPE + ";choice(transaction,signedAudit,system);The log event type this instance is listening to", - PROP_ON + ";boolean;Turn on the listener", - PROP_LEVEL + ";choice(" + ILogger.LL_DEBUG_STRING + "," + - ILogger.LL_INFO_STRING + "," + - ILogger.LL_WARN_STRING + "," + - ILogger.LL_FAILURE_STRING + "," + - ILogger.LL_MISCONF_STRING + "," + - ILogger.LL_CATASTRPHE_STRING + "," + - ILogger.LL_SECURITY_STRING + ");Only log message with level higher than this filter will be written by this listener", - PROP_FILE_NAME + ";string;The name of the file the log is written to", - PROP_BUFFER_SIZE + ";integer;The size of the buffer to receive log messages in kilobytes(KB)", - PROP_FLUSH_INTERVAL + ";integer;The maximum time in seconds before the buffer is flushed to the file", - IExtendedPluginInfo.HELP_TOKEN + - ";configuration-logrules-logfile", - IExtendedPluginInfo.HELP_TEXT + - ";Write the log messages to a file" + PROP_TYPE + ";choice(transaction,signedAudit,system);The log event type this instance is listening to", + PROP_ON + ";boolean;Turn on the listener", + PROP_LEVEL + ";choice(" + ILogger.LL_DEBUG_STRING + "," + + ILogger.LL_INFO_STRING + "," + + ILogger.LL_WARN_STRING + "," + + ILogger.LL_FAILURE_STRING + "," + + ILogger.LL_MISCONF_STRING + "," + + ILogger.LL_CATASTRPHE_STRING + "," + + ILogger.LL_SECURITY_STRING + ");Only log message with level higher than this filter will be written by this listener", + PROP_FILE_NAME + ";string;The name of the file the log is written to", + PROP_BUFFER_SIZE + ";integer;The size of the buffer to receive log messages in kilobytes(KB)", + PROP_FLUSH_INTERVAL + ";integer;The maximum time in seconds before the buffer is flushed to the file", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-logrules-logfile", + IExtendedPluginInfo.HELP_TEXT + + ";Write the log messages to a file" }; return params; @@ -1509,27 +1510,25 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * Signed Audit Log - * - * This method is inherited by all classes that extend this "LogFile" - * class, and is called to store messages to the signed audit log. + * + * This method is inherited by all classes that extend this "LogFile" class, + * and is called to store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ - protected void audit( String msg ) - { + protected void audit(String msg) { // in this case, do NOT strip preceding/trailing whitespace // from passed-in String parameters - if( mSignedAuditLogger == null ) { + if (mSignedAuditLogger == null) { return; } - mSignedAuditLogger.log( ILogger.EV_SIGNED_AUDIT, + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, - msg ); + msg); } } - diff --git a/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java b/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java index d2dab395..e4678bb7 100644 --- a/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java +++ b/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.logging; - import java.io.File; import java.io.FileNotFoundException; import java.io.FilenameFilter; @@ -41,12 +40,11 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.logging.SystemEvent; import com.netscape.cmsutil.util.Utils; - /** * A rotating log file for Certificate log events. This class loosely follows * the Netscape Common Log API implementing rollover interval, size and file * naming conventions. It does not yet implement Disk Usage. - * + * * @version $Revision$, $Date$ */ public class RollingLogFile extends LogFile { @@ -105,7 +103,7 @@ public class RollingLogFile extends LogFile { private Object mExpLock = new Object(); private final static String LOGGING_SIGNED_AUDIT_LOG_DELETE = - "LOGGING_SIGNED_AUDIT_LOG_DELETE_3"; + "LOGGING_SIGNED_AUDIT_LOG_DELETE_3"; /** * Construct a RollingLogFile @@ -115,7 +113,7 @@ public class RollingLogFile extends LogFile { /** * Initialize and open a RollingLogFile using the prop config store - * + * * @param config The property config store to find values in */ public void init(IConfigStore config) throws IOException, @@ -123,8 +121,8 @@ public class RollingLogFile extends LogFile { super.init(config); rl_init(config.getInteger(PROP_MAX_FILE_SIZE, MAX_FILE_SIZE), - config.getString(PROP_ROLLOVER_INTERVAL, ROLLOVER_INTERVAL), - config.getString(PROP_EXPIRATION_TIME, EXPIRATION_TIME)); + config.getString(PROP_ROLLOVER_INTERVAL, ROLLOVER_INTERVAL), + config.getString(PROP_EXPIRATION_TIME, EXPIRATION_TIME)); } /** @@ -132,7 +130,7 @@ public class RollingLogFile extends LogFile { * attributes. */ protected void rl_init(int maxFileSize, String rolloverInterval, - String expirationTime) { + String expirationTime) { mMaxFileSize = maxFileSize * 1024; setRolloverTime(rolloverInterval); setExpirationTime(expirationTime); @@ -153,9 +151,9 @@ public class RollingLogFile extends LogFile { /** * Set the rollover interval - * - * @param rolloverSeconds The amount of time in seconds until the log - * is rotated. A value of 0 will disable log rollover. + * + * @param rolloverSeconds The amount of time in seconds until the log is + * rotated. A value of 0 will disable log rollover. **/ public synchronized void setRolloverTime(String rolloverSeconds) { mRolloverInterval = Long.valueOf(rolloverSeconds).longValue() * 1000; @@ -171,8 +169,8 @@ public class RollingLogFile extends LogFile { /** * Get the rollover interval - * - * @return The interval in seconds in which the log is rotated + * + * @return The interval in seconds in which the log is rotated **/ public synchronized int getRolloverTime() { return (int) (mRolloverInterval / 1000); @@ -180,9 +178,9 @@ public class RollingLogFile extends LogFile { /** * Set the file expiration time - * - * @param expirationSeconds The amount of time in seconds until log files - * are deleted + * + * @param expirationSeconds The amount of time in seconds until log files + * are deleted **/ public void setExpirationTime(String expirationSeconds) { @@ -205,8 +203,8 @@ public class RollingLogFile extends LogFile { /** * Get the expiration time - * - * @return The age in seconds in which log files are delete + * + * @return The age in seconds in which log files are delete **/ public int getExpirationTime() { return (int) (mExpirationTime / 1000); @@ -217,82 +215,82 @@ public class RollingLogFile extends LogFile { * extension **/ public synchronized void rotate() - throws IOException { + throws IOException { - //File backupFile = new File(mFileName + "." + mFileNumber); + // File backupFile = new File(mFileName + "." + mFileNumber); File backupFile = new File(mFileName + "." + mLogFileDateFormat.format(mDate)); // close, backup, and reopen the log file zeroizing its contents super.close(); try { - if( Utils.isNT() ) { + if (Utils.isNT()) { // NT is very picky on the path - Utils.exec( "copy " + - mFile.getCanonicalPath().replace( '/', '\\' ) + + Utils.exec("copy " + + mFile.getCanonicalPath().replace('/', '\\') + " " + - backupFile.getCanonicalPath().replace( '/', - '\\' ) ); + backupFile.getCanonicalPath().replace('/', + '\\')); } else { // Create a copy of the original file which // preserves the original file permissions. - Utils.exec( "cp -p " + mFile.getCanonicalPath() + " " + - backupFile.getCanonicalPath() ); + Utils.exec("cp -p " + mFile.getCanonicalPath() + " " + + backupFile.getCanonicalPath()); } // Zeroize the original file if and only if // the backup copy was successful. - if( backupFile.exists() ) { + if (backupFile.exists()) { // Make certain that the backup file has // the correct permissions. - if( !Utils.isNT() ) { - Utils.exec( "chmod 00640 " + backupFile.getCanonicalPath() ); + if (!Utils.isNT()) { + Utils.exec("chmod 00640 " + backupFile.getCanonicalPath()); } try { // Open and close the original file // to zeroize its contents. - PrintWriter pw = new PrintWriter( mFile ); + PrintWriter pw = new PrintWriter(mFile); pw.close(); // Make certain that the original file retains // the correct permissions. - if( !Utils.isNT() ) { - Utils.exec( "chmod 00640 " + mFile.getCanonicalPath() ); + if (!Utils.isNT()) { + Utils.exec("chmod 00640 " + mFile.getCanonicalPath()); } - } catch ( FileNotFoundException e ) { - CMS.debug( "Unable to zeroize " - + mFile.toString() ); + } catch (FileNotFoundException e) { + CMS.debug("Unable to zeroize " + + mFile.toString()); } } else { - CMS.debug( "Unable to backup " + CMS.debug("Unable to backup " + mFile.toString() + " to " - + backupFile.toString() ); + + backupFile.toString()); } - } catch( Exception e ) { - CMS.debug( "Unable to backup " + } catch (Exception e) { + CMS.debug("Unable to backup " + mFile.toString() + " to " - + backupFile.toString() ); + + backupFile.toString()); } super.open(); // will reset mBytesWritten mFileNumber++; } /** - * Remove any log files which have not been modified in the specified - * time + * Remove any log files which have not been modified in the specified time * <P> - * - * NOTE: automatic removal of log files is currently NOT supported! + * + * NOTE: automatic removal of log files is currently NOT supported! * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_DELETE used AFTER audit log * expires (authorization should not allow, but in case authorization gets * compromised make sure it is written AFTER the log expiration happens) * </ul> + * * @param expirationSeconds The number of seconds since the expired files - * have been modified. + * have been modified. * @return the time in milliseconds when the next file expires **/ public long expire(long expirationSeconds) throws ELogException { @@ -312,26 +310,26 @@ public class RollingLogFile extends LogFile { File dir = new File(dirName); // Get just the base name, minus the .date extension - //int len = mFile.getName().length() - LogFile.DATE_PATTERN.length() - 1; - //String baseName = mFile.getName().substring(0, len); + // int len = mFile.getName().length() - LogFile.DATE_PATTERN.length() - + // 1; + // String baseName = mFile.getName().substring(0, len); String fileName = mFile.getName(); String baseName = null, pathName = null; int index = fileName.lastIndexOf("/"); - if (index != -1) { // "/" exist in fileName + if (index != -1) { // "/" exist in fileName pathName = fileName.substring(0, index); baseName = fileName.substring(index + 1); dirName = dirName.concat("/" + pathName); - }else { // "/" NOT exist in fileName + } else { // "/" NOT exist in fileName baseName = fileName; } fileFilter ff = new fileFilter(baseName + "."); String[] filelist = dir.list(ff); - if (filelist == null) { // Crap! Something is wrong. - throw new - ELogException(CMS.getUserMessage("CMS_LOG_DIRECTORY_LIST_FAILED", + if (filelist == null) { // Crap! Something is wrong. + throw new ELogException(CMS.getUserMessage("CMS_LOG_DIRECTORY_LIST_FAILED", dirName, ff.toString())); } @@ -340,16 +338,16 @@ public class RollingLogFile extends LogFile { for (int i = 0; i < filelist.length; i++) { if (pathName != null) { filelist[i] = pathName + "/" + filelist[i]; - }else { + } else { filelist[i] = dirName + "/" + filelist[i]; } - + String fullname = dirName + File.separatorChar + filelist[i]; File file = new File(fullname); long fileTime = file.lastModified(); // Java documentation on File says lastModified() should not - // be interpeted. The doc is wrong. See JavaSoft bug #4094538 + // be interpeted. The doc is wrong. See JavaSoft bug #4094538 if ((currentTime - fileTime) > expirationTime) { file.delete(); @@ -382,7 +380,7 @@ public class RollingLogFile extends LogFile { // // At first glance you may think it's a waste of thread resources to have // two threads for every log file, but the truth is that these threads are - // sleeping 99% of the time. NxN thread implementations (Solaris, NT, + // sleeping 99% of the time. NxN thread implementations (Solaris, NT, // IRIX 6.4, Unixware, etc...) will handle these in user space. // // You may be able to join these into one thread, and deal with @@ -392,8 +390,8 @@ public class RollingLogFile extends LogFile { // /** - * Log rotation thread. Sleep for the rollover interval and rotate the - * log. Changing rollover interval to 0 will cause this thread to exit. + * Log rotation thread. Sleep for the rollover interval and rotate the log. + * Changing rollover interval to 0 will cause this thread to exit. */ final class RolloverThread extends Thread { @@ -414,7 +412,7 @@ public class RollingLogFile extends LogFile { } catch (InterruptedException e) { // This shouldn't happen very often CMS.getLogger().getLogQueue().log(new - SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "rollover"))); + SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "rollover"))); } } @@ -427,23 +425,22 @@ public class RollingLogFile extends LogFile { rotate(); } catch (IOException e) { ConsoleError.send(new - SystemEvent(CMS.getUserMessage("CMS_LOG_ROTATE_LOG_FAILED", mFile.getName(), e.toString()))); + SystemEvent(CMS.getUserMessage("CMS_LOG_ROTATE_LOG_FAILED", mFile.getName(), e.toString()))); break; } } // else - // Don't rotate empty logs - // flag in log summary file? + // Don't rotate empty logs + // flag in log summary file? } mRolloverThread = null; } } - /** - * Log expiration thread. Sleep for the expiration interval and - * delete any files which are too old. - * Changing expiration interval to 0 will cause this thread to exit. + * Log expiration thread. Sleep for the expiration interval and delete any + * files which are too old. Changing expiration interval to 0 will cause + * this thread to exit. */ final class ExpirationThread extends Thread { @@ -467,18 +464,18 @@ public class RollingLogFile extends LogFile { wakeupTime = expire((long) (mExpirationTime / 1000)); } catch (SecurityException e) { ConsoleError.send(new - SystemEvent(CMS.getUserMessage("CMS_LOG_EXPIRE_LOG_FAILED", e.toString()))); + SystemEvent(CMS.getUserMessage("CMS_LOG_EXPIRE_LOG_FAILED", e.toString()))); break; } catch (ELogException e) { ConsoleError.send(new - SystemEvent(CMS.getUserMessage("CMS_LOG_EXPIRE_LOG_FAILED", e.toString()))); + SystemEvent(CMS.getUserMessage("CMS_LOG_EXPIRE_LOG_FAILED", e.toString()))); break; } sleepTime = wakeupTime - System.currentTimeMillis(); - //System.out.println("wakeup " + wakeupTime); - //System.out.println("current "+System.currentTimeMillis()); - //System.out.println("sleep " + sleepTime); + // System.out.println("wakeup " + wakeupTime); + // System.out.println("current "+System.currentTimeMillis()); + // System.out.println("sleep " + sleepTime); // Sleep for the interval and then check the directory // Note: mExpirationTime can only change while we're // sleeping @@ -488,7 +485,7 @@ public class RollingLogFile extends LogFile { } catch (InterruptedException e) { // This shouldn't happen very often ConsoleError.send(new - SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "expiration"))); + SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "expiration"))); } } } @@ -499,11 +496,11 @@ public class RollingLogFile extends LogFile { /** * Write an event to the log file - * - * @param ev The event to be logged. + * + * @param ev The event to be logged. **/ public synchronized void log(ILogEvent ev) throws ELogException { - //xxx, Shall we log first without checking if it exceed the maximum? + // xxx, Shall we log first without checking if it exceed the maximum? super.log(ev); // Will increment mBytesWritten if ((0 != mMaxFileSize) && (mBytesWritten > mMaxFileSize)) { @@ -519,9 +516,9 @@ public class RollingLogFile extends LogFile { /** * Retrieve log file list. */ - public synchronized NameValuePairs retrieveLogList(Hashtable<String, String> req - ) throws ServletException, - IOException, EBaseException { + public synchronized NameValuePairs retrieveLogList(Hashtable<String, String> req + ) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String[] files = null; @@ -534,7 +531,7 @@ public class RollingLogFile extends LogFile { /** * Get the log file list in the log directory - * + * * @return an array of filenames with related path to cert server root */ protected String[] fileList() { @@ -544,7 +541,7 @@ public class RollingLogFile extends LogFile { String fileName = mFile.getName(); int index = fileName.lastIndexOf("/"); - if (index != -1) { // "/" exist in fileName + if (index != -1) { // "/" exist in fileName pathName = fileName.substring(0, index); baseName = fileName.substring(index + 1); if (dirName == null) { @@ -552,24 +549,25 @@ public class RollingLogFile extends LogFile { } else { dirName = dirName.concat("/" + pathName); } - }else { // "/" NOT exist in fileName + } else { // "/" NOT exist in fileName baseName = fileName; } - + File dir = new File(dirName); fileFilter ff = new fileFilter(baseName + "."); - //There are some difference here. both should work - //error,logs,logs/error jdk115 - //logs/system,., logs/system jdk116 - //System.out.println(mFile.getName()+","+dirName+","+mFile.getPath()); //log/system,. - + // There are some difference here. both should work + // error,logs,logs/error jdk115 + // logs/system,., logs/system jdk116 + // System.out.println(mFile.getName()+","+dirName+","+mFile.getPath()); + // //log/system,. + String[] filelist = dir.list(ff); for (int i = 0; i < filelist.length; i++) { if (pathName != null) { filelist[i] = pathName + "/" + filelist[i]; - }else { + } else { filelist[i] = dirName + "/" + filelist[i]; } } @@ -589,7 +587,7 @@ public class RollingLogFile extends LogFile { v.addElement(PROP_MAX_FILE_SIZE + "="); v.addElement(PROP_ROLLOVER_INTERVAL + "="); - //v.addElement(PROP_EXPIRATION_TIME + "="); + // v.addElement(PROP_EXPIRATION_TIME + "="); return v; } @@ -609,7 +607,8 @@ public class RollingLogFile extends LogFile { else if (mRolloverInterval / 1000 <= 60 * 60 * 24 * 366) v.addElement(PROP_ROLLOVER_INTERVAL + "=" + "Yearly"); - //v.addElement(PROP_EXPIRATION_TIME + "=" + mExpirationTime / 1000); + // v.addElement(PROP_EXPIRATION_TIME + "=" + mExpirationTime / + // 1000); } catch (Exception e) { } return v; @@ -627,10 +626,10 @@ public class RollingLogFile extends LogFile { info.addElement(PROP_ROLLOVER_INTERVAL + ";choice(Hourly,Daily,Weekly,Monthly,Yearly);The frequency of the log being rotated."); info.addElement(PROP_EXPIRATION_TIME + ";integer;The amount of time before a backed up log is removed in seconds"); info.addElement(IExtendedPluginInfo.HELP_TOKEN + - //";configuration-logrules-rollinglogfile"); - ";configuration-adminbasics"); + // ";configuration-logrules-rollinglogfile"); + ";configuration-adminbasics"); info.addElement(IExtendedPluginInfo.HELP_TEXT + - ";Write the log messages to a file which will be rotated automatically."); + ";Write the log messages to a file which will be rotated automatically."); String[] params = new String[info.size()]; info.copyInto(params); @@ -639,14 +638,13 @@ public class RollingLogFile extends LogFile { } } - /** * A file filter to select the file with a given prefix */ class fileFilter implements FilenameFilter { String patternToMatch = null; - public fileFilter (String pattern) { + public fileFilter(String pattern) { patternToMatch = pattern; } diff --git a/pki/base/common/src/com/netscape/cms/notification/MailNotification.java b/pki/base/common/src/com/netscape/cms/notification/MailNotification.java index af651584..9d3bd4f0 100644 --- a/pki/base/common/src/com/netscape/cms/notification/MailNotification.java +++ b/pki/base/common/src/com/netscape/cms/notification/MailNotification.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.notification; - import java.io.IOException; import java.io.PrintStream; import java.util.Vector; @@ -30,13 +29,11 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.notification.ENotificationException; import com.netscape.certsrv.notification.IMailNotification; - /** - * This class handles mail notification via SMTP. - * This class uses <b>smtp.host</b> in the configuration for smtp - * host. The port default (25) is used. If no smtp specified, local - * host is used - * + * This class handles mail notification via SMTP. This class uses + * <b>smtp.host</b> in the configuration for smtp host. The port default (25) is + * used. If no smtp specified, local host is used + * * @version $Revision$, $Date$ */ public class MailNotification implements IMailNotification { @@ -56,10 +53,10 @@ public class MailNotification implements IMailNotification { if (mHost == null) { try { IConfigStore mConfig = - CMS.getConfigStore(); + CMS.getConfigStore(); IConfigStore c = - mConfig.getSubStore(PROP_SMTP_SUBSTORE); + mConfig.getSubStore(PROP_SMTP_SUBSTORE); if (c == null) { return; @@ -67,10 +64,10 @@ public class MailNotification implements IMailNotification { mHost = c.getString(PROP_HOST); // log it - // if (mHost !=null) { - // String msg =" using external SMTP host: "+mHost; - // CMS.debug("MailNotification: " + msg); - //} + // if (mHost !=null) { + // String msg =" using external SMTP host: "+mHost; + // CMS.debug("MailNotification: " + msg); + // } } catch (Exception e) { // don't care } @@ -94,7 +91,7 @@ public class MailNotification implements IMailNotification { if ((mFrom != null) && (!mFrom.equals(""))) sc.from(mFrom); else { - throw new ENotificationException ( + throw new ENotificationException( CMS.getUserMessage("CMS_NOTIFICATION_NO_SMTP_SENDER")); } @@ -103,7 +100,7 @@ public class MailNotification implements IMailNotification { log(ILogger.LL_INFO, "mail to be sent to " + mTo); sc.to(mTo); } else { - throw new ENotificationException ( + throw new ENotificationException( CMS.getUserMessage("CMS_NOTIFICATION_NO_SMTP_RECEIVER")); } @@ -129,13 +126,14 @@ public class MailNotification implements IMailNotification { sc.closeServer(); } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - throw new ENotificationException ( + throw new ENotificationException( CMS.getUserMessage("CMS_NOTIFICATION_SMTP_SEND_FAILED", mTo)); } } /** * sets the "From" field + * * @param from email address of the sender */ public void setFrom(String from) { @@ -144,6 +142,7 @@ public class MailNotification implements IMailNotification { /** * sets the "Subject" field + * * @param subject subject of the email */ public void setSubject(String subject) { @@ -152,6 +151,7 @@ public class MailNotification implements IMailNotification { /** * sets the "Content-Type" field + * * @param contentType content type of the email */ public void setContentType(String contentType) { @@ -160,6 +160,7 @@ public class MailNotification implements IMailNotification { /** * sets the content of the email + * * @param content the message content */ public void setContent(String content) { @@ -168,6 +169,7 @@ public class MailNotification implements IMailNotification { /** * sets the recipients' email addresses + * * @param addresses a list of email addresses of the recipients */ public void setTo(Vector<String> addresses) { @@ -177,6 +179,7 @@ public class MailNotification implements IMailNotification { /** * sets the recipient's email address + * * @param to address of the recipient email address */ public void setTo(String to) { @@ -187,7 +190,7 @@ public class MailNotification implements IMailNotification { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, - level, "MailNotification: " + msg); + level, "MailNotification: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java b/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java index 0468e13f..dfe5eb53 100644 --- a/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java +++ b/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.ocsp; - import java.math.BigInteger; import java.security.MessageDigest; import java.security.cert.X509CRL; @@ -75,33 +74,32 @@ import com.netscape.cmsutil.ocsp.SingleResponse; import com.netscape.cmsutil.ocsp.TBSRequest; import com.netscape.cmsutil.ocsp.UnknownInfo; - /** - * This is the default OCSP store that stores revocation information - * as certificate record (CMS internal data structure). - * + * This is the default OCSP store that stores revocation information as + * certificate record (CMS internal data structure). + * * @version $Revision$, $Date$ */ public class DefStore implements IDefStore, IExtendedPluginInfo { // refreshInSec is useful in the master-clone situation. - // clone does not know that the CRL has been updated in + // clone does not know that the CRL has been updated in // the master (by default no refresh) private static final String PROP_USE_CACHE = "useCache"; private static final String PROP_REFRESH_IN_SEC = "refreshInSec"; - private static final int DEF_REFRESH_IN_SEC = 0; + private static final int DEF_REFRESH_IN_SEC = 0; public static final BigInteger BIG_ZERO = new BigInteger("0"); public static final Long MINUS_ONE = Long.valueOf(-1); - private final static String PROP_BY_NAME = - "byName"; - private final static String PROP_WAIT_ON_CRL_UPDATE = - "waitOnCRLUpdate"; + private final static String PROP_BY_NAME = + "byName"; + private final static String PROP_WAIT_ON_CRL_UPDATE = + "waitOnCRLUpdate"; private final static String PROP_NOT_FOUND_GOOD = "notFoundAsGood"; private final static String PROP_INCLUDE_NEXT_UPDATE = - "includeNextUpdate"; + "includeNextUpdate"; protected Hashtable<String, Long> mReqCounts = new Hashtable<String, Long>(); protected boolean mNotFoundGood = true; @@ -123,19 +121,19 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { public DefStore() { } - public String[] getExtendedPluginInfo(Locale locale) { - Vector<String> v = new Vector<String>(); + public String[] getExtendedPluginInfo(Locale locale) { + Vector<String> v = new Vector<String>(); v.addElement(PROP_NOT_FOUND_GOOD + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_NOT_FOUND_GOOD")); v.addElement(PROP_BY_NAME + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_BY_NAME")); v.addElement(PROP_INCLUDE_NEXT_UPDATE + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_INCLUDE_NEXT_UPDATE")); v.addElement(IExtendedPluginInfo.HELP_TEXT + "; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_DESC")); - v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-defstore"); + v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-defstore"); return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); } - public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException { mOCSPAuthority = (IOCSPAuthority) owner; mConfig = config; @@ -170,8 +168,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { initWebGateway(); /** - DeleteOldCRLsThread t = new DeleteOldCRLsThread(this); - t.start(); + * DeleteOldCRLsThread t = new DeleteOldCRLsThread(this); t.start(); **/ // deleteOldCRLs(); } @@ -180,7 +177,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { * init web gateway - just gets the ee gateway for this CA. */ private void initWebGateway() - throws EBaseException { + throws EBaseException { } public IRepositoryRecord createRepositoryRecord() { @@ -222,20 +219,20 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } /** - * This store will not delete the old CRL until the - * new one is totally committed. + * This store will not delete the old CRL until the new one is totally + * committed. */ public void deleteOldCRLs() throws EBaseException { Enumeration<ICRLIssuingPointRecord> recs = searchCRLIssuingPointRecord( "objectclass=" + - CMS.getCRLIssuingPointRecordName(), + CMS.getCRLIssuingPointRecordName(), 100); X509CertImpl theCert = null; ICRLIssuingPointRecord theRec = null; while (recs.hasMoreElements()) { - ICRLIssuingPointRecord rec = - recs.nextElement(); + ICRLIssuingPointRecord rec = + recs.nextElement(); deleteOldCRLsInCA(rec.getId()); } @@ -246,7 +243,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { try { ICRLIssuingPointRecord cp = (ICRLIssuingPointRecord) - readCRLIssuingPoint(caName); + readCRLIssuingPoint(caName); if (cp == null) return; // nothing to do @@ -257,34 +254,35 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { Enumeration<IRepositoryRecord> e = searchRepository( caName, "(!" + IRepositoryRecord.ATTR_SERIALNO + "=" + - thisUpdate + ")"); + thisUpdate + ")"); while (e != null && e.hasMoreElements()) { IRepositoryRecord r = e.nextElement(); - Enumeration<ICertRecord> recs = - searchCertRecord(caName, - r.getSerialNumber().toString(), - ICertRecord.ATTR_ID + "=*"); - - log(ILogger.LL_INFO, "remove CRL 0x" + - r.getSerialNumber().toString(16) + - " of " + caName); - String rep_dn = "ou=" + - r.getSerialNumber().toString() + - ",cn=" + transformDN(caName) + "," + - getBaseDN(); + Enumeration<ICertRecord> recs = + searchCertRecord(caName, + r.getSerialNumber().toString(), + ICertRecord.ATTR_ID + "=*"); + + log(ILogger.LL_INFO, "remove CRL 0x" + + r.getSerialNumber().toString(16) + + " of " + caName); + String rep_dn = "ou=" + + r.getSerialNumber().toString() + + ",cn=" + transformDN(caName) + "," + + getBaseDN(); while (recs != null && recs.hasMoreElements()) { - ICertRecord rec = recs.nextElement(); - String cert_dn = "cn=" + - rec.getSerialNumber().toString() + "," + rep_dn; + ICertRecord rec = recs.nextElement(); + String cert_dn = "cn=" + + rec.getSerialNumber().toString() + "," + rep_dn; s.delete(cert_dn); } s.delete(rep_dn); } } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } } @@ -297,12 +295,12 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } public void startup() throws EBaseException { - int refresh = mConfig.getInteger(PROP_REFRESH_IN_SEC, - DEF_REFRESH_IN_SEC); + int refresh = mConfig.getInteger(PROP_REFRESH_IN_SEC, + DEF_REFRESH_IN_SEC); if (refresh > 0) { - DefStoreCRLUpdater updater = - new DefStoreCRLUpdater(mCacheCRLIssuingPoints, refresh); - updater.start(); + DefStoreCRLUpdater updater = + new DefStoreCRLUpdater(mCacheCRLIssuingPoints, refresh); + updater.start(); } } @@ -324,10 +322,10 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { /** * Validate an OCSP request. */ - public OCSPResponse validate(OCSPRequest request) - throws EBaseException { + public OCSPResponse validate(OCSPRequest request) + throws EBaseException { - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); mOCSPAuthority.incNumOCSPRequest(1); long startTime = CMS.getCurrentDate().getTime(); @@ -336,16 +334,16 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { TBSRequest tbsReq = request.getTBSRequest(); // (3) look into database to check the - // certificate's status + // certificate's status Vector<SingleResponse> singleResponses = new Vector<SingleResponse>(); if (statsSub != null) { - statsSub.startTiming("lookup"); + statsSub.startTiming("lookup"); } long lookupStartTime = CMS.getCurrentDate().getTime(); for (int i = 0; i < tbsReq.getRequestCount(); i++) { com.netscape.cmsutil.ocsp.Request req = - tbsReq.getRequestAt(i); + tbsReq.getRequestAt(i); CertID cid = req.getCertID(); SingleResponse sr = processRequest(cid); @@ -353,17 +351,17 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } long lookupEndTime = CMS.getCurrentDate().getTime(); if (statsSub != null) { - statsSub.endTiming("lookup"); + statsSub.endTiming("lookup"); } mOCSPAuthority.incLookupTime(lookupEndTime - lookupStartTime); - if (singleResponses.size() <= 0) { + if (singleResponses.size() <= 0) { CMS.debug("DefStore: No Request Found"); log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_REQUEST_FAILURE", "No Request Found")); return null; } if (statsSub != null) { - statsSub.startTiming("build_response"); + statsSub.startTiming("build_response"); } SingleResponse res[] = new SingleResponse[singleResponses.size()]; @@ -391,24 +389,24 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { ResponseData rd = new ResponseData(rid, new GeneralizedTime(CMS.getCurrentDate()), res, nonce); if (statsSub != null) { - statsSub.endTiming("build_response"); + statsSub.endTiming("build_response"); } if (statsSub != null) { - statsSub.startTiming("signing"); + statsSub.startTiming("signing"); } long signStartTime = CMS.getCurrentDate().getTime(); BasicOCSPResponse basicRes = mOCSPAuthority.sign(rd); long signEndTime = CMS.getCurrentDate().getTime(); if (statsSub != null) { - statsSub.endTiming("signing"); + statsSub.endTiming("signing"); } mOCSPAuthority.incSignTime(signEndTime - signStartTime); OCSPResponse response = new OCSPResponse( OCSPResponseStatus.SUCCESSFUL, new ResponseBytes(ResponseBytes.OCSP_BASIC, - new OCTET_STRING(ASN1Util.encode(basicRes)))); + new OCTET_STRING(ASN1Util.encode(basicRes)))); log(ILogger.LL_INFO, "done OCSP request"); long endTime = CMS.getCurrentDate().getTime(); @@ -435,17 +433,17 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { ICRLIssuingPointRecord theRec = null; byte keyhsh[] = cid.getIssuerKeyHash().toByteArray(); CRLIPContainer matched = (CRLIPContainer) - mCacheCRLIssuingPoints.get(new String(keyhsh)); + mCacheCRLIssuingPoints.get(new String(keyhsh)); if (matched == null) { Enumeration<ICRLIssuingPointRecord> recs = searchCRLIssuingPointRecord( "objectclass=" + - CMS.getCRLIssuingPointRecordName(), + CMS.getCRLIssuingPointRecordName(), 100); while (recs.hasMoreElements()) { ICRLIssuingPointRecord rec = (ICRLIssuingPointRecord) - recs.nextElement(); + recs.nextElement(); byte certdata[] = rec.getCACert(); X509CertImpl cert = null; @@ -468,15 +466,15 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { byte crldata[] = rec.getCRL(); if (rec.getCRLCache() == null) { - CMS.debug("DefStore: start building x509 crl impl"); - try { - theCRL = new X509CRLImpl(crldata); - } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_DECODE_CRL", e.toString())); - } - CMS.debug("DefStore: done building x509 crl impl"); + CMS.debug("DefStore: start building x509 crl impl"); + try { + theCRL = new X509CRLImpl(crldata); + } catch (Exception e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_DECODE_CRL", e.toString())); + } + CMS.debug("DefStore: done building x509 crl impl"); } else { - CMS.debug("DefStore: using crl cache"); + CMS.debug("DefStore: using crl cache"); } mCacheCRLIssuingPoints.put(new String(digest), new CRLIPContainer(theRec, theCert, theCRL)); break; @@ -524,25 +522,25 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { CMS.debug("DefStore: evaluating crl cache"); Hashtable<BigInteger, RevokedCertificate> cache = theRec.getCRLCacheNoClone(); if (cache != null) { - RevokedCertificate rc = (RevokedCertificate) - cache.get(new BigInteger(serialNo.toString())); - if (rc == null) { - if (isNotFoundGood()) { - certStatus = new GoodInfo(); - } else { - certStatus = new UnknownInfo(); + RevokedCertificate rc = (RevokedCertificate) + cache.get(new BigInteger(serialNo.toString())); + if (rc == null) { + if (isNotFoundGood()) { + certStatus = new GoodInfo(); + } else { + certStatus = new UnknownInfo(); } - } else { - + } else { + certStatus = new RevokedInfo( - new GeneralizedTime( - rc.getRevocationDate())); - } + new GeneralizedTime( + rc.getRevocationDate())); + } } } - + } else { - CMS.debug("DefStore: evaluating x509 crl impl"); + CMS.debug("DefStore: evaluating x509 crl impl"); X509CRLEntry crlentry = theCRL.getRevokedCertificate(new BigInteger(serialNo.toString())); if (crlentry == null) { @@ -555,7 +553,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } else { certStatus = new RevokedInfo(new GeneralizedTime( crlentry.getRevocationDate())); - + } } return new SingleResponse(cid, certStatus, thisUpdate, @@ -580,17 +578,17 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { return mDBService.getBaseDN(); } - public Enumeration<ICRLIssuingPointRecord > searchAllCRLIssuingPointRecord(int maxSize) - throws EBaseException { + public Enumeration<ICRLIssuingPointRecord> searchAllCRLIssuingPointRecord(int maxSize) + throws EBaseException { return searchCRLIssuingPointRecord( "objectclass=" + - CMS.getCRLIssuingPointRecordName(), + CMS.getCRLIssuingPointRecordName(), maxSize); } public Enumeration<ICRLIssuingPointRecord> searchCRLIssuingPointRecord(String filter, - int maxSize) - throws EBaseException { + int maxSize) + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration<ICRLIssuingPointRecord> e = null; @@ -604,20 +602,21 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } public synchronized void modifyCRLIssuingPointRecord(String name, - ModificationSet mods) throws EBaseException { + ModificationSet mods) throws EBaseException { IDBSSession s = mDBService.createSession(); try { String dn = "cn=" + - transformDN(name) + "," + getBaseDN(); + transformDN(name) + "," + getBaseDN(); s.modify(dn, mods); } catch (EBaseException e) { - CMS.debug("modifyCRLIssuingPointRecord: error=" + e); - CMS.debug(e); - throw e; + CMS.debug("modifyCRLIssuingPointRecord: error=" + e); + CMS.debug(e); + throw e; } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } } @@ -625,42 +624,45 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { * Returns an issuing point. */ public ICRLIssuingPointRecord readCRLIssuingPoint(String name) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); ICRLIssuingPointRecord rec = null; try { String dn = "cn=" + - transformDN(name) + "," + getBaseDN(); + transformDN(name) + "," + getBaseDN(); if (s != null) { rec = (ICRLIssuingPointRecord) s.read(dn); } } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } return rec; } public ICRLIssuingPointRecord createCRLIssuingPointRecord( - String name, BigInteger crlNumber, - Long crlSize, Date thisUpdate, Date nextUpdate) { + String name, BigInteger crlNumber, + Long crlSize, Date thisUpdate, Date nextUpdate) { return CMS.createCRLIssuingPointRecord( name, crlNumber, crlSize, thisUpdate, nextUpdate); } - public void deleteCRLIssuingPointRecord(String id) - throws EBaseException { + public void deleteCRLIssuingPointRecord(String id) + throws EBaseException { IDBSSession s = null; try { s = mDBService.createSession(); - String name = "cn=" + transformDN(id) + "," + getBaseDN(); + String name = "cn=" + transformDN(id) + "," + getBaseDN(); CMS.debug("DefStore::deleteCRLIssuingPointRecord: Attempting to delete: " + name); - if (s != null) s.delete(name); + if (s != null) + s.delete(name); } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } } @@ -668,12 +670,12 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { * Creates a new issuing point in OCSP. */ public void addCRLIssuingPoint(String name, ICRLIssuingPointRecord rec) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); try { String dn = "cn=" + - transformDN(name) + "," + getBaseDN(); + transformDN(name) + "," + getBaseDN(); s.add(dn, (ICRLIssuingPointRecord) rec); } finally { @@ -683,7 +685,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } public Enumeration<IRepositoryRecord> searchRepository(String name, String filter) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration<IRepositoryRecord> e = null; @@ -701,13 +703,13 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { * Creates a new issuing point in OCSP. */ public void addRepository(String name, String thisUpdate, - IRepositoryRecord rec) - throws EBaseException { + IRepositoryRecord rec) + throws EBaseException { IDBSSession s = mDBService.createSession(); try { String dn = "ou=" + thisUpdate + ",cn=" + - transformDN(name) + "," + getBaseDN(); + transformDN(name) + "," + getBaseDN(); s.add(dn, rec); } finally { @@ -717,22 +719,24 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } public void modifyCertRecord(String name, String thisUpdate, - String sno, - ModificationSet mods) throws EBaseException { + String sno, + ModificationSet mods) throws EBaseException { IDBSSession s = mDBService.createSession(); try { String dn = "cn=" + sno + ",ou=" + thisUpdate + - ",cn=" + transformDN(name) + "," + getBaseDN(); + ",cn=" + transformDN(name) + "," + getBaseDN(); - if (s != null) s.modify(dn, mods); + if (s != null) + s.modify(dn, mods); } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } } public Enumeration<ICertRecord> searchCertRecord(String name, String thisUpdate, - String filter) throws EBaseException { + String filter) throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration<ICertRecord> e = null; @@ -748,20 +752,21 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } public ICertRecord readCertRecord(String name, String thisUpdate, - String sno) - throws EBaseException { + String sno) + throws EBaseException { IDBSSession s = mDBService.createSession(); ICertRecord rec = null; try { String dn = "cn=" + sno + ",ou=" + thisUpdate + - ",cn=" + transformDN(name) + "," + getBaseDN(); + ",cn=" + transformDN(name) + "," + getBaseDN(); if (s != null) { rec = (ICertRecord) s.read(dn); } } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } return rec; } @@ -770,13 +775,13 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { * Creates a new issuing point in OCSP. */ public void addCertRecord(String name, String thisUpdate, - String sno, ICertRecord rec) - throws EBaseException { + String sno, ICertRecord rec) + throws EBaseException { IDBSSession s = mDBService.createSession(); try { String dn = "cn=" + sno + ",ou=" + thisUpdate + - ",cn=" + transformDN(name) + "," + getBaseDN(); + ",cn=" + transformDN(name) + "," + getBaseDN(); s.add(dn, rec); } finally { @@ -785,26 +790,26 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } } - public NameValuePairs getConfigParameters() { + public NameValuePairs getConfigParameters() { try { - NameValuePairs params = new NameValuePairs(); + NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_OCSPSTORE_IMPL_NAME, - mConfig.getString("class")); - params.add(PROP_NOT_FOUND_GOOD, - mConfig.getString(PROP_NOT_FOUND_GOOD, "true")); - params.add(PROP_BY_NAME, - mConfig.getString(PROP_BY_NAME, "true")); - params.add(PROP_INCLUDE_NEXT_UPDATE, - mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false")); - return params; + mConfig.getString("class")); + params.add(PROP_NOT_FOUND_GOOD, + mConfig.getString(PROP_NOT_FOUND_GOOD, "true")); + params.add(PROP_BY_NAME, + mConfig.getString(PROP_BY_NAME, "true")); + params.add(PROP_INCLUDE_NEXT_UPDATE, + mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false")); + return params; } catch (Exception e) { return null; } } - public void setConfigParameters(NameValuePairs pairs) - throws EBaseException { + public void setConfigParameters(NameValuePairs pairs) + throws EBaseException { Enumeration<String> k = pairs.getNames(); while (k.hasMoreElements()) { @@ -821,8 +826,8 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { CMS.debug("DefStore: Ready to update Issuer"); try { - if (!((X509CRLImpl)crl).areEntriesIncluded()) - crl = new X509CRLImpl(((X509CRLImpl)crl).getEncoded()); + if (!((X509CRLImpl) crl).areEntriesIncluded()) + crl = new X509CRLImpl(((X509CRLImpl) crl).getEncoded()); } catch (Exception e) { CMS.debug(e); } @@ -832,51 +837,51 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { if (crl.getThisUpdate() != null) mods.add(ICRLIssuingPointRecord.ATTR_THIS_UPDATE, - Modification.MOD_REPLACE, crl.getThisUpdate()); + Modification.MOD_REPLACE, crl.getThisUpdate()); if (crl.getNextUpdate() != null) mods.add(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE, - Modification.MOD_REPLACE, crl.getNextUpdate()); + Modification.MOD_REPLACE, crl.getNextUpdate()); if (mUseCache) { - if (((X509CRLImpl)crl).getListOfRevokedCertificates() != null) { - mods.add(ICRLIssuingPointRecord.ATTR_CRL_CACHE, - Modification.MOD_REPLACE, - ((X509CRLImpl)crl).getListOfRevokedCertificates()); - } + if (((X509CRLImpl) crl).getListOfRevokedCertificates() != null) { + mods.add(ICRLIssuingPointRecord.ATTR_CRL_CACHE, + Modification.MOD_REPLACE, + ((X509CRLImpl) crl).getListOfRevokedCertificates()); + } } if (((X509CRLImpl) crl).getNumberOfRevokedCertificates() < 0) { mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE, - Modification.MOD_REPLACE, Long.valueOf(0)); + Modification.MOD_REPLACE, Long.valueOf(0)); } else { mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE, - Modification.MOD_REPLACE, Long.valueOf(((X509CRLImpl) crl).getNumberOfRevokedCertificates())); + Modification.MOD_REPLACE, Long.valueOf(((X509CRLImpl) crl).getNumberOfRevokedCertificates())); } - BigInteger crlNumber = ((X509CRLImpl)crl).getCRLNumber(); + BigInteger crlNumber = ((X509CRLImpl) crl).getCRLNumber(); if (crlNumber == null) { mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER, - Modification.MOD_REPLACE, new BigInteger("-1")); + Modification.MOD_REPLACE, new BigInteger("-1")); } else { mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER, - Modification.MOD_REPLACE, crlNumber); + Modification.MOD_REPLACE, crlNumber); } try { mods.add(ICRLIssuingPointRecord.ATTR_CRL, - Modification.MOD_REPLACE, crl.getEncoded()); + Modification.MOD_REPLACE, crl.getEncoded()); } catch (Exception e) { // ignore } - CMS.debug("DefStore: ready to CRL update " + - crl.getIssuerDN().getName()); + CMS.debug("DefStore: ready to CRL update " + + crl.getIssuerDN().getName()); modifyCRLIssuingPointRecord( - crl.getIssuerDN().getName(), mods); - CMS.debug("DefStore: done CRL update " + - crl.getIssuerDN().getName()); + crl.getIssuerDN().getName(), mods); + CMS.debug("DefStore: done CRL update " + + crl.getIssuerDN().getName()); // update cache mCacheCRLIssuingPoints.clear(); - log(ILogger.LL_INFO, "AddCRLServlet: Finish Committing CRL." + - " thisUpdate=" + crl.getThisUpdate() + - " nextUpdate=" + crl.getNextUpdate()); + log(ILogger.LL_INFO, "AddCRLServlet: Finish Committing CRL." + + " thisUpdate=" + crl.getThisUpdate() + + " nextUpdate=" + crl.getNextUpdate()); } finally { mStateCount--; @@ -889,7 +894,6 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } - class DeleteOldCRLsThread extends Thread { private DefStore mDefStore = null; @@ -905,7 +909,6 @@ class DeleteOldCRLsThread extends Thread { } } - class CRLIPContainer { private ICRLIssuingPointRecord mRec = null; private X509CertImpl mCert = null; diff --git a/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java b/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java index 5e4e6566..2f18d6ab 100644 --- a/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java +++ b/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.ocsp; - import java.math.BigInteger; import java.security.MessageDigest; import java.security.cert.X509CRL; @@ -71,11 +70,10 @@ import com.netscape.cmsutil.ocsp.SingleResponse; import com.netscape.cmsutil.ocsp.TBSRequest; import com.netscape.cmsutil.ocsp.UnknownInfo; - /** - * This is the LDAP OCSP store. It reads CA certificate and - * revocation list attributes from the CA entry. - * + * This is the LDAP OCSP store. It reads CA certificate and revocation list + * attributes from the CA entry. + * * @version $Revision$, $Date$ */ public class LDAPStore implements IDefStore, IExtendedPluginInfo { @@ -93,8 +91,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { private static final String PROP_PORT = "port"; private final static String PROP_NOT_FOUND_GOOD = "notFoundAsGood"; - private final static String PROP_INCLUDE_NEXT_UPDATE = - "includeNextUpdate"; + private final static String PROP_INCLUDE_NEXT_UPDATE = + "includeNextUpdate"; private IOCSPAuthority mOCSPAuthority = null; private IConfigStore mConfig = null; @@ -111,8 +109,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { public LDAPStore() { } - public String[] getExtendedPluginInfo(Locale locale) { - Vector v = new Vector(); + public String[] getExtendedPluginInfo(Locale locale) { + Vector v = new Vector(); v.addElement(PROP_NOT_FOUND_GOOD + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_NOT_FOUND_GOOD")); v.addElement(PROP_INCLUDE_NEXT_UPDATE + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_INCLUDE_NEXT_UPDATE")); @@ -121,33 +119,33 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { v.addElement(PROP_CRL_ATTR + ";string; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_CRL_ATTR")); v.addElement(PROP_CA_CERT_ATTR + ";string; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_CA_CERT_ATTR")); v.addElement(IExtendedPluginInfo.HELP_TEXT + "; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_DESC")); - v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-ldapstore"); - return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); + v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-ldapstore"); + return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); } /** * Fetch CA certificate and CRL from LDAP server. */ - public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException { mOCSPAuthority = (IOCSPAuthority) owner; mConfig = config; mCRLAttr = mConfig.getString(PROP_CRL_ATTR, DEF_CRL_ATTR); - mCACertAttr = mConfig.getString(PROP_CA_CERT_ATTR, + mCACertAttr = mConfig.getString(PROP_CA_CERT_ATTR, DEF_CA_CERT_ATTR); mByName = mConfig.getBoolean(PROP_BY_NAME, true); - + } /** * Locates the CA certificate. */ - public X509CertImpl locateCACert(LDAPConnection conn, String baseDN) - throws EBaseException { + public X509CertImpl locateCACert(LDAPConnection conn, String baseDN) + throws EBaseException { try { - LDAPSearchResults results = conn.search(baseDN, - LDAPv2.SCOPE_SUB, mCACertAttr + "=*", + LDAPSearchResults results = conn.search(baseDN, + LDAPv2.SCOPE_SUB, mCACertAttr + "=*", null, false); if (!results.hasMoreElements()) { @@ -166,8 +164,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { return caCert; } catch (Exception e) { CMS.debug("LDAPStore: locateCACert " + e.toString()); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("OCSP_LOCATE_CA", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("OCSP_LOCATE_CA", e.toString())); } return null; } @@ -175,11 +173,11 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { /** * Locates the CRL. */ - public X509CRLImpl locateCRL(LDAPConnection conn, String baseDN) - throws EBaseException { + public X509CRLImpl locateCRL(LDAPConnection conn, String baseDN) + throws EBaseException { try { - LDAPSearchResults results = conn.search(baseDN, - LDAPv2.SCOPE_SUB, mCRLAttr + "=*", + LDAPSearchResults results = conn.search(baseDN, + LDAPv2.SCOPE_SUB, mCRLAttr + "=*", null, false); if (!results.hasMoreElements()) { @@ -198,21 +196,20 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { return crl; } catch (Exception e) { CMS.debug("LDAPStore: locateCRL " + e.toString()); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("OCSP_LOCATE_CRL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("OCSP_LOCATE_CRL", e.toString())); } return null; } - public void updateCRLHash(X509CertImpl caCert, X509CRLImpl crl) - throws EBaseException { + public void updateCRLHash(X509CertImpl caCert, X509CRLImpl crl) + throws EBaseException { X509CRLImpl oldCRL = (X509CRLImpl) mCRLs.get(caCert); if (oldCRL != null) { - if (oldCRL.getThisUpdate().getTime() >= - crl.getThisUpdate().getTime()) { - log(ILogger.LL_INFO, - "LDAPStore: no update, received CRL is older than current CRL"); + if (oldCRL.getThisUpdate().getTime() >= crl.getThisUpdate().getTime()) { + log(ILogger.LL_INFO, + "LDAPStore: no update, received CRL is older than current CRL"); return; // no update } } @@ -240,8 +237,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { String baseDN = mConfig.getString(PROP_BASE_DN + Integer.toString(i), null); CRLUpdater updater = new CRLUpdater( this, c, baseDN, - mConfig.getInteger(PROP_REFRESH_IN_SEC + Integer.toString(i), - DEF_REFRESH_IN_SEC)); + mConfig.getInteger(PROP_REFRESH_IN_SEC + Integer.toString(i), + DEF_REFRESH_IN_SEC)); updater.start(); } @@ -265,10 +262,10 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { /** * Validate an OCSP request. */ - public OCSPResponse validate(OCSPRequest request) - throws EBaseException { + public OCSPResponse validate(OCSPRequest request) + throws EBaseException { - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); mOCSPAuthority.incNumOCSPRequest(1); long startTime = CMS.getCurrentDate().getTime(); @@ -279,13 +276,13 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { Vector singleResponses = new Vector(); if (statsSub != null) { - statsSub.startTiming("lookup"); + statsSub.startTiming("lookup"); } long lookupStartTime = CMS.getCurrentDate().getTime(); for (int i = 0; i < tbsReq.getRequestCount(); i++) { - com.netscape.cmsutil.ocsp.Request req = - tbsReq.getRequestAt(i); + com.netscape.cmsutil.ocsp.Request req = + tbsReq.getRequestAt(i); CertID cid = req.getCertID(); SingleResponse sr = processRequest(cid); @@ -293,12 +290,12 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { } long lookupEndTime = CMS.getCurrentDate().getTime(); if (statsSub != null) { - statsSub.endTiming("lookup"); + statsSub.endTiming("lookup"); } mOCSPAuthority.incLookupTime(lookupEndTime - lookupStartTime); if (statsSub != null) { - statsSub.startTiming("build_response"); + statsSub.startTiming("build_response"); } SingleResponse res[] = new SingleResponse[singleResponses.size()]; @@ -323,14 +320,14 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { } } - ResponseData rd = new ResponseData(rid, + ResponseData rd = new ResponseData(rid, new GeneralizedTime(CMS.getCurrentDate()), res, nonce); if (statsSub != null) { - statsSub.endTiming("build_response"); + statsSub.endTiming("build_response"); } if (statsSub != null) { - statsSub.startTiming("signing"); + statsSub.startTiming("signing"); } long signStartTime = CMS.getCurrentDate().getTime(); @@ -338,13 +335,13 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { long signEndTime = CMS.getCurrentDate().getTime(); mOCSPAuthority.incSignTime(signEndTime - signStartTime); if (statsSub != null) { - statsSub.endTiming("signing"); + statsSub.endTiming("signing"); } OCSPResponse response = new OCSPResponse( - OCSPResponseStatus.SUCCESSFUL, - new ResponseBytes(ResponseBytes.OCSP_BASIC, - new OCTET_STRING(ASN1Util.encode(basicRes)))); + OCSPResponseStatus.SUCCESSFUL, + new ResponseBytes(ResponseBytes.OCSP_BASIC, + new OCTET_STRING(ASN1Util.encode(basicRes)))); log(ILogger.LL_INFO, "done OCSP request"); long endTime = CMS.getCurrentDate().getTime(); @@ -375,8 +372,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { } public void addRepository(String name, String thisUpdate, - IRepositoryRecord rec) - throws EBaseException { + IRepositoryRecord rec) + throws EBaseException { throw new EBaseException("NOT SUPPORTED"); } @@ -389,12 +386,12 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { } public ICRLIssuingPointRecord readCRLIssuingPoint(String name) - throws EBaseException { + throws EBaseException { throw new EBaseException("NOT SUPPORTED"); } public Enumeration searchAllCRLIssuingPointRecord(int maxSize) - throws EBaseException { + throws EBaseException { Vector recs = new Vector(); Enumeration keys = mCRLs.keys(); @@ -408,25 +405,25 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { } public Enumeration searchCRLIssuingPointRecord(String filter, - int maxSize) - throws EBaseException { + int maxSize) + throws EBaseException { return null; } public ICRLIssuingPointRecord createCRLIssuingPointRecord( - String name, BigInteger crlNumber, - Long crlSize, Date thisUpdate, Date nextUpdate) { + String name, BigInteger crlNumber, + Long crlSize, Date thisUpdate, Date nextUpdate) { return null; } public void addCRLIssuingPoint(String name, ICRLIssuingPointRecord rec) - throws EBaseException { + throws EBaseException { throw new EBaseException("NOT SUPPORTED"); } public void deleteCRLIssuingPointRecord(String id) - throws EBaseException { - throw new EBaseException("NOT SUPPORTED"); + throws EBaseException { + throw new EBaseException("NOT SUPPORTED"); } public boolean isNotFoundGood() { @@ -439,7 +436,7 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { public boolean includeNextUpdate() throws EBaseException { return mConfig.getBoolean(PROP_INCLUDE_NEXT_UPDATE, false); - } + } public boolean isNotFoundGood1() throws EBaseException { return mConfig.getBoolean(PROP_NOT_FOUND_GOOD, true); @@ -470,7 +467,7 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { } X509Key key = (X509Key) caCert.getPublicKey(); - if( key == null ) { + if (key == null) { System.out.println("LDAPStore::processRequest - key is null!"); return null; } @@ -508,55 +505,55 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { cid.getSerialNumber()); if (entry == null) { - if (isNotFoundGood1()) { - certStatus = new GoodInfo(); - } else { - certStatus = new UnknownInfo(); + if (isNotFoundGood1()) { + certStatus = new GoodInfo(); + } else { + certStatus = new UnknownInfo(); } } else { certStatus = new RevokedInfo(new GeneralizedTime( entry.getRevocationDate())); } - + return new SingleResponse(cid, certStatus, thisUpdate, nextUpdate); } /** * Provides configuration parameters. */ - public NameValuePairs getConfigParameters() { + public NameValuePairs getConfigParameters() { try { - NameValuePairs params = new NameValuePairs(); + NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_OCSPSTORE_IMPL_NAME, - mConfig.getString("class")); + params.add(Constants.PR_OCSPSTORE_IMPL_NAME, + mConfig.getString("class")); int num = mConfig.getInteger(PROP_NUM_CONNS, 0); params.add(PROP_NUM_CONNS, Integer.toString(num)); for (int i = 0; i < num; i++) { - params.add(PROP_HOST + Integer.toString(i), - mConfig.getString(PROP_HOST + - Integer.toString(i), "")); - params.add(PROP_PORT + Integer.toString(i), - mConfig.getString(PROP_PORT + - Integer.toString(i), "389")); - params.add(PROP_BASE_DN + Integer.toString(i), - mConfig.getString(PROP_BASE_DN + - Integer.toString(i), "")); - params.add(PROP_REFRESH_IN_SEC + Integer.toString(i), - mConfig.getString(PROP_REFRESH_IN_SEC + - Integer.toString(i), Integer.toString(DEF_REFRESH_IN_SEC))); + params.add(PROP_HOST + Integer.toString(i), + mConfig.getString(PROP_HOST + + Integer.toString(i), "")); + params.add(PROP_PORT + Integer.toString(i), + mConfig.getString(PROP_PORT + + Integer.toString(i), "389")); + params.add(PROP_BASE_DN + Integer.toString(i), + mConfig.getString(PROP_BASE_DN + + Integer.toString(i), "")); + params.add(PROP_REFRESH_IN_SEC + Integer.toString(i), + mConfig.getString(PROP_REFRESH_IN_SEC + + Integer.toString(i), Integer.toString(DEF_REFRESH_IN_SEC))); } - params.add(PROP_BY_NAME, - mConfig.getString(PROP_BY_NAME, "true")); - params.add(PROP_CA_CERT_ATTR, - mConfig.getString(PROP_CA_CERT_ATTR, DEF_CA_CERT_ATTR)); + params.add(PROP_BY_NAME, + mConfig.getString(PROP_BY_NAME, "true")); + params.add(PROP_CA_CERT_ATTR, + mConfig.getString(PROP_CA_CERT_ATTR, DEF_CA_CERT_ATTR)); params.add(PROP_CRL_ATTR, - mConfig.getString(PROP_CRL_ATTR, DEF_CRL_ATTR)); + mConfig.getString(PROP_CRL_ATTR, DEF_CRL_ATTR)); params.add(PROP_NOT_FOUND_GOOD, - mConfig.getString(PROP_NOT_FOUND_GOOD, "true")); + mConfig.getString(PROP_NOT_FOUND_GOOD, "true")); params.add(PROP_INCLUDE_NEXT_UPDATE, - mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false")); + mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false")); return params; } catch (Exception e) { return null; @@ -564,7 +561,7 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { } public void setConfigParameters(NameValuePairs pairs) - throws EBaseException { + throws EBaseException { Enumeration k = pairs.getNames(); while (k.hasMoreElements()) { @@ -575,15 +572,14 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { } } - class CRLUpdater extends Thread { private LDAPConnection mC = null; private String mBaseDN = null; private int mSec = 0; private LDAPStore mStore = null; - public CRLUpdater(LDAPStore store, LDAPConnection c, - String baseDN, int sec) { + public CRLUpdater(LDAPStore store, LDAPConnection c, + String baseDN, int sec) { mC = c; mSec = sec; mBaseDN = baseDN; @@ -608,7 +604,6 @@ class CRLUpdater extends Thread { } } - class TempCRLIssuingPointRecord implements ICRLIssuingPointRecord { /** * @@ -739,7 +734,7 @@ class TempCRLIssuingPointRecord implements ICRLIssuingPointRecord { return null; } - public void set(String name, Object obj)throws EBaseException { + public void set(String name, Object obj) throws EBaseException { } public Object get(String name) throws EBaseException { @@ -747,7 +742,7 @@ class TempCRLIssuingPointRecord implements ICRLIssuingPointRecord { } public void delete(String name) throws EBaseException { - + } public Enumeration getElements() { diff --git a/pki/base/common/src/com/netscape/cms/password/PasswordChecker.java b/pki/base/common/src/com/netscape/cms/password/PasswordChecker.java index 4d59f34e..2bdf4066 100644 --- a/pki/base/common/src/com/netscape/cms/password/PasswordChecker.java +++ b/pki/base/common/src/com/netscape/cms/password/PasswordChecker.java @@ -17,17 +17,15 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.password; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.password.EPasswordCheckException; import com.netscape.certsrv.password.IConfigPasswordCheck; import com.netscape.certsrv.password.IPasswordCheck; - /** * This class checks the given password if it meets the specific requirements. - * For example, it can also specify the format of the password which has to - * be 8 characters long and must be in alphanumeric. + * For example, it can also specify the format of the password which has to be 8 + * characters long and must be in alphanumeric. * <P> * * @version $Revision$, $Date$ @@ -75,9 +73,10 @@ public class PasswordChecker implements IPasswordCheck, IConfigPasswordCheck { /** * Returns true if the given password meets the quality requirement; * otherwise returns false. + * * @param mPassword The given password being checked. * @return true if the password meets the quality requirement; otherwise - * returns false. + * returns false. */ public boolean isGoodPassword(String mPassword) { if (mPassword == null || mPassword.length() == 0) { @@ -96,7 +95,9 @@ public class PasswordChecker implements IPasswordCheck, IConfigPasswordCheck { /** * Returns a reason if the password doesnt meet the quality requirement. - * @return string as a reason if the password quality requirement is not met. + * + * @return string as a reason if the password quality requirement is not + * met. */ public String getReason(String mPassword) { if (mPassword == null || mPassword.length() == 0) { @@ -113,4 +114,3 @@ public class PasswordChecker implements IPasswordCheck, IConfigPasswordCheck { return null; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java b/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java index d9a527d6..9c050b2b 100644 --- a/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java +++ b/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy; - import java.io.IOException; import java.security.InvalidKeyException; import java.security.MessageDigest; @@ -42,16 +41,15 @@ import com.netscape.certsrv.request.AgentApprovals; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; - /** - * The abstract policy rule that concrete implementations will - * extend. + * The abstract policy rule that concrete implementations will extend. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ @@ -68,15 +66,16 @@ public abstract class APolicyRule implements IPolicyRule { /** * Initializes the policy rule. * <P> - * - * @param config The config store reference + * + * @param config The config store reference */ public abstract void init(ISubsystem owner, IConfigStore config) - throws EBaseException; + throws EBaseException; /** * Gets the description for this policy rule. * <P> + * * @return The Description for this rule. */ public String getDescription() { @@ -86,8 +85,8 @@ public abstract class APolicyRule implements IPolicyRule { /** * Sets a predicate expression for rule matching. * <P> - * - * @param exp The predicate expression for the rule. + * + * @param exp The predicate expression for the rule. */ public void setPredicate(IExpression exp) { mFilterExp = exp; @@ -96,7 +95,7 @@ public abstract class APolicyRule implements IPolicyRule { /** * Returns the predicate expression for the rule. * <P> - * + * * @return The predicate expression for the rule. */ public IExpression getPredicate() { @@ -106,7 +105,7 @@ public abstract class APolicyRule implements IPolicyRule { /** * Returns the name of the policy rule. * <P> - * + * * @return The name of the policy class. */ public String getName() { @@ -114,45 +113,45 @@ public abstract class APolicyRule implements IPolicyRule { } /** - * Sets the instance name for a policy rule. + * Sets the instance name for a policy rule. * <P> - * - * @param instanceName The name of the rule instance. + * + * @param instanceName The name of the rule instance. */ - public void setInstanceName(String instanceName) { + public void setInstanceName(String instanceName) { mInstanceName = instanceName; } /** * Returns the name of the policy rule instance. * <P> - * - * @return The name of the policy rule instance if set, else - * the name of the rule class. + * + * @return The name of the policy rule instance if set, else the name of the + * rule class. */ - public String getInstanceName() { + public String getInstanceName() { return mInstanceName != null ? mInstanceName : NAME; } /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public abstract PolicyResult apply(IRequest req); /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public abstract Vector getInstanceParams(); /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public abstract Vector getDefaultParams(); @@ -161,8 +160,8 @@ public abstract class APolicyRule implements IPolicyRule { setPolicyException(req, format, params); } - public void setError(IRequest req, String format, String arg1, - String arg2) { + public void setError(IRequest req, String format, String arg1, + String arg2) { Object[] np = new Object[2]; np[0] = arg1; @@ -188,10 +187,10 @@ public abstract class APolicyRule implements IPolicyRule { } /** - * determines whether a DEFERRED policy result should be returned - * by checking the contents of the AgentApprovals attribute. This - * call should be used by policy modules instead of returning - * PolicyResult.DEFERRED directly. + * determines whether a DEFERRED policy result should be returned by + * checking the contents of the AgentApprovals attribute. This call should + * be used by policy modules instead of returning PolicyResult.DEFERRED + * directly. * <p> */ protected PolicyResult deferred(IRequest req) { @@ -223,12 +222,12 @@ public abstract class APolicyRule implements IPolicyRule { } } - public void setPolicyException(IRequest req, String format, - Object[] params) { - if (format == null) + public void setPolicyException(IRequest req, String format, + Object[] params) { + if (format == null) return; - EPolicyException ex; + EPolicyException ex; if (params == null) ex = new EPolicyException(format); @@ -247,12 +246,12 @@ public abstract class APolicyRule implements IPolicyRule { * log a message for this policy rule. */ protected void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, - "APolicyRule " + NAME + ": " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, + "APolicyRule " + NAME + ": " + msg); } - public static KeyIdentifier createKeyIdentifier(X509Key key) - throws NoSuchAlgorithmException, InvalidKeyException { + public static KeyIdentifier createKeyIdentifier(X509Key key) + throws NoSuchAlgorithmException, InvalidKeyException { MessageDigest md = MessageDigest.getInstance("SHA-1"); md.update(key.getEncoded()); @@ -260,19 +259,20 @@ public abstract class APolicyRule implements IPolicyRule { } /** - * Form a byte array of octet string key identifier from the sha-1 hash of + * Form a byte array of octet string key identifier from the sha-1 hash of * the Subject Public Key INFO. (including algorithm ID, etc.) * <p> + * * @param certInfo cert info of the certificate. * @return A Key identifier with the sha-1 hash of subject public key. */ protected KeyIdentifier formSpkiSHA1KeyId(X509CertInfo certInfo) - throws EBaseException { + throws EBaseException { KeyIdentifier keyId = null; try { CertificateX509Key certKey = - (CertificateX509Key) certInfo.get(X509CertInfo.KEY); + (CertificateX509Key) certInfo.get(X509CertInfo.KEY); if (certKey == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", "")); @@ -286,23 +286,23 @@ public abstract class APolicyRule implements IPolicyRule { } keyId = createKeyIdentifier(key); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME)); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME)); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME)); } catch (InvalidKeyException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME)); } @@ -310,19 +310,20 @@ public abstract class APolicyRule implements IPolicyRule { } /** - * Form a byte array of octet string key identifier from the sha-1 hash of + * Form a byte array of octet string key identifier from the sha-1 hash of * the Subject Public Key BIT STRING. * <p> + * * @param certInfo cert info of the certificate. * @return A Key identifier with the sha-1 hash of subject public key. */ protected KeyIdentifier formSHA1KeyId(X509CertInfo certInfo) - throws EBaseException { + throws EBaseException { KeyIdentifier keyId = null; try { CertificateX509Key certKey = - (CertificateX509Key) certInfo.get(X509CertInfo.KEY); + (CertificateX509Key) certInfo.get(X509CertInfo.KEY); if (certKey == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", "")); @@ -341,22 +342,21 @@ public abstract class APolicyRule implements IPolicyRule { md.update(rawKey); keyId = new KeyIdentifier(md.digest()); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME)); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME)); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME)); } return keyId; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java b/pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java index 3aeadabe..d203e904 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Vector; import com.netscape.certsrv.apps.CMS; @@ -30,24 +29,23 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * AgentPolicy is an enrollment policy wraps another policy module. - * Requests are sent first to the contained module, but if the - * policy indicates that the request should be deferred, a check - * for agent approvals is done. If any are found, the request - * is approved. + * AgentPolicy is an enrollment policy wraps another policy module. Requests are + * sent first to the contained module, but if the policy indicates that the + * request should be deferred, a check for agent approvals is done. If any are + * found, the request is approved. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class AgentPolicy extends APolicyRule - implements IEnrollmentPolicy { + implements IEnrollmentPolicy { public AgentPolicy() { NAME = "AgentPolicy"; DESC = "Agent Approval Policy"; @@ -56,19 +54,19 @@ public class AgentPolicy extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ra.Policy.rule.<ruleName>.implName=AgentPolicy - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com - * ra.Policy.rule.<ruleName>.class=xxxx - * ra.Policy.rule.<ruleName>.params.* - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=AgentPolicy + * ra.Policy.rule.<ruleName>.enable=true + * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == + * netscape.com ra.Policy.rule.<ruleName>.class=xxxx + * ra.Policy.rule.<ruleName>.params.* + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EPolicyException { + throws EPolicyException { // Create subordinate object String className = (String) config.get("class"); @@ -79,14 +77,14 @@ public class AgentPolicy extends APolicyRule try { @SuppressWarnings("unchecked") - Class<APolicyRule> c = (Class<APolicyRule>) Class.forName(className); + Class<APolicyRule> c = (Class<APolicyRule>) Class.forName(className); Object o = c.newInstance(); if (!(o instanceof APolicyRule)) { throw new EPolicyException( - CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CLASS", - getInstanceName(), className)); + CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CLASS", + getInstanceName(), className)); } APolicyRule pr = (APolicyRule) o; @@ -100,7 +98,7 @@ public class AgentPolicy extends APolicyRule System.err.println("Agent Policy Error: " + e); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_LOADING_POLICY_ERROR", - getInstanceName(), className)); + getInstanceName(), className)); } } } @@ -108,8 +106,8 @@ public class AgentPolicy extends APolicyRule /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -129,10 +127,10 @@ public class AgentPolicy extends APolicyRule AgentApprovals aa = AgentApprovals.fromStringVector( req.getExtDataInStringVector(AgentApprovals.class.getName())); - //Object o = req.get("agentApprovals"); + // Object o = req.get("agentApprovals"); // Any approvals causes success - if (aa != null && aa.elements().hasMoreElements()) //if (o != null) + if (aa != null && aa.elements().hasMoreElements()) // if (o != null) { System.err.println("Agent approval found"); result = PolicyResult.ACCEPTED; @@ -144,7 +142,7 @@ public class AgentPolicy extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector<String> getInstanceParams() { @@ -153,13 +151,12 @@ public class AgentPolicy extends APolicyRule /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector<String> getDefaultParams() { return null; } - APolicyRule mPolicy = null; + APolicyRule mPolicy = null; } - diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java index 90e81ed4..ebf111cb 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Enumeration; import java.util.Hashtable; import java.util.Locale; @@ -44,20 +43,20 @@ import com.netscape.certsrv.request.PolicyResult; import com.netscape.certsrv.request.RequestId; import com.netscape.cms.policy.APolicyRule; - /** * This checks if attribute present. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ -public class AttributePresentConstraints extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { +public class AttributePresentConstraints extends APolicyRule + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_ENABLED = "enabled"; protected static final String PROP_LDAP = "ldap"; @@ -82,42 +81,42 @@ public class AttributePresentConstraints extends APolicyRule public String[] getExtendedPluginInfo(Locale locale) { String params[] = { PROP_ATTR + ";string,required;Ldap attribute to check presence of (default " + - DEF_ATTR + ")", + DEF_ATTR + ")", PROP_VALUE + ";string;if this parameter is non-empty, the attribute must " + - "match this value for the request to proceed ", + "match this value for the request to proceed ", PROP_LDAP_BASE + ";string,required;Base DN to start searching " + - "under. If your user's DN is 'uid=jsmith, o=company', you " + - "might want to use 'o=company' here", + "under. If your user's DN is 'uid=jsmith, o=company', you " + + "might want to use 'o=company' here", PROP_LDAP_HOST + ";string,required;" + - "LDAP host to connect to", + "LDAP host to connect to", PROP_LDAP_PORT + ";number,required;" + - "LDAP port number (use 389, or 636 if SSL)", + "LDAP port number (use 389, or 636 if SSL)", PROP_LDAP_SSL + ";boolean;" + - "Use SSL to connect to directory?", + "Use SSL to connect to directory?", PROP_LDAP_VER + ";choice(3,2),required;" + - "LDAP protocol version", + "LDAP protocol version", PROP_LDAP_BIND + ";string;DN to bind as for attribute checking. " + - "For example 'CN=Pincheck User'", + "For example 'CN=Pincheck User'", PROP_LDAP_PW + ";password;Enter password used to bind as " + - "the above user", + "the above user", PROP_LDAP_AUTH + ";choice(BasicAuth,SslClientAuth),required;" + - "How to bind to the directory", + "How to bind to the directory", PROP_LDAP_CERT + ";string;If you want to use " + - "SSL client auth to the directory, set the client " + - "cert nickname here", + "SSL client auth to the directory, set the client " + + "cert nickname here", PROP_LDAP_BASE + ";string,required;Base DN to start searching " + - "under. If your user's DN is 'uid=jsmith, o=company', you " + - "might want to use 'o=company' here", + "under. If your user's DN is 'uid=jsmith, o=company', you " + + "might want to use 'o=company' here", PROP_LDAP_MINC + ";number;number of connections " + - "to keep open to directory server. Default " + DEF_LDAP_MINC, + "to keep open to directory server. Default " + DEF_LDAP_MINC, PROP_LDAP_MAXC + ";number;when needed, connection " + - "pool can grow to this many (multiplexed) connections. Default " + DEF_LDAP_MAXC, + "pool can grow to this many (multiplexed) connections. Default " + DEF_LDAP_MAXC, IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-pinpresent", + ";configuration-policyrules-pinpresent", IExtendedPluginInfo.HELP_TEXT + - ";" + DESC + " This plugin can be used to " + - "check the presence (and, optionally, the value) of any LDAP " + - "attribute for the user. " + ";" + DESC + " This plugin can be used to " + + "check the presence (and, optionally, the value) of any LDAP " + + "attribute for the user. " }; return params; @@ -179,9 +178,9 @@ public class AttributePresentConstraints extends APolicyRule protected static final String PROP_VALUE = "value"; protected static final String DEF_VALUE = ""; - protected static Vector<String> mParamNames; + protected static Vector<String> mParamNames; protected static Hashtable<String, Object> mParamDefault; - protected Hashtable<String, Object> mParamValue = null; + protected Hashtable<String, Object> mParamValue = null; static { mParamNames = new Vector<String>(); @@ -200,7 +199,7 @@ public class AttributePresentConstraints extends APolicyRule addParam(PROP_ATTR, DEF_ATTR); addParam(PROP_VALUE, DEF_VALUE); }; - + protected static void addParam(String name, Object value) { mParamNames.addElement(name); mParamDefault.put(name, value); @@ -209,8 +208,8 @@ public class AttributePresentConstraints extends APolicyRule protected void getStringConfigParam(IConfigStore config, String paramName) { try { mParamValue.put( - paramName, config.getString(paramName, (String) mParamDefault.get(paramName)) - ); + paramName, config.getString(paramName, (String) mParamDefault.get(paramName)) + ); } catch (Exception e) { } } @@ -218,12 +217,12 @@ public class AttributePresentConstraints extends APolicyRule protected void getIntConfigParam(IConfigStore config, String paramName) { try { mParamValue.put( - paramName, Integer.valueOf( - config.getInteger(paramName, - ((Integer) mParamDefault.get(paramName)).intValue() - ) - ) - ); + paramName, Integer.valueOf( + config.getInteger(paramName, + ((Integer) mParamDefault.get(paramName)).intValue() + ) + ) + ); } catch (Exception e) { } } @@ -231,18 +230,18 @@ public class AttributePresentConstraints extends APolicyRule protected void getBooleanConfigParam(IConfigStore config, String paramName) { try { mParamValue.put( - paramName, Boolean.valueOf( - config.getBoolean(paramName, - ((Boolean) mParamDefault.get(paramName)).booleanValue() - ) - ) - ); + paramName, Boolean.valueOf( + config.getBoolean(paramName, + ((Boolean) mParamDefault.get(paramName)).booleanValue() + ) + ) + ); } catch (Exception e) { } } public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; mParamValue = new Hashtable<String, Object>(); @@ -277,7 +276,7 @@ public class AttributePresentConstraints extends APolicyRule String requestType = r.getRequestType(); if (requestType.equals(IRequest.ENROLLMENT_REQUEST) || - requestType.equals(IRequest.RENEWAL_REQUEST)) { + requestType.equals(IRequest.RENEWAL_REQUEST)) { String uid = r.getExtDataInString(IRequest.HTTP_PARAMS, "uid"); @@ -291,10 +290,10 @@ public class AttributePresentConstraints extends APolicyRule try { String[] attrs = { (String) mParamValue.get(PROP_ATTR) }; - LDAPSearchResults searchResult = - mCheckAttrLdapConnection.search((String) mParamValue.get(PROP_LDAP_BASE), - LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", attrs, false); - + LDAPSearchResults searchResult = + mCheckAttrLdapConnection.search((String) mParamValue.get(PROP_LDAP_BASE), + LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", attrs, false); + if (!searchResult.hasMoreElements()) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid)); setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"), ""); @@ -304,12 +303,12 @@ public class AttributePresentConstraints extends APolicyRule LDAPEntry entry = (LDAPEntry) searchResult.nextElement(); userdn = entry.getDN(); - + LDAPAttribute attr = entry.getAttribute((String) mParamValue.get(PROP_ATTR)); /* if attribute not present, reject the request */ if (attr == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", userdn)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", userdn)); setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"), ""); return PolicyResult.REJECTED; } @@ -331,7 +330,7 @@ public class AttributePresentConstraints extends APolicyRule return PolicyResult.REJECTED; } } - + CMS.debug("AttributePresentConstraints: Attribute is present for user: \"" + userdn + "\""); } catch (LDAPException e) { @@ -344,7 +343,7 @@ public class AttributePresentConstraints extends APolicyRule return res; } - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { Vector<String> params = new Vector<String>(); Enumeration<String> e = mParamNames.elements(); @@ -382,25 +381,26 @@ public class AttributePresentConstraints extends APolicyRule return params; /* - params.addElement("ldap.ldapconn.host=localhost"); - params.addElement("ldap.ldapconn.port=389"); - params.addElement("ldap.ldapconn.secureConn=false"); - params.addElement("ldap.ldapconn.version=3"); - params.addElement("ldap.ldapauth.bindDN=CN=Directory Manager"); - params.addElement("ldap.ldapauth.bindPWPrompt="); - params.addElement("ldap.ldapauth.clientCertNickname="); - params.addElement("ldap.ldapauth.authtype=BasicAuth"); - params.addElement("ldap.basedn="); - params.addElement("ldap.minConns=1"); - params.addElement("ldap.maxConns=5"); + * params.addElement("ldap.ldapconn.host=localhost"); + * params.addElement("ldap.ldapconn.port=389"); + * params.addElement("ldap.ldapconn.secureConn=false"); + * params.addElement("ldap.ldapconn.version=3"); + * params.addElement("ldap.ldapauth.bindDN=CN=Directory Manager"); + * params.addElement("ldap.ldapauth.bindPWPrompt="); + * params.addElement("ldap.ldapauth.clientCertNickname="); + * params.addElement("ldap.ldapauth.authtype=BasicAuth"); + * params.addElement("ldap.basedn="); + * params.addElement("ldap.minConns=1"); + * params.addElement("ldap.maxConns=5"); */ } protected void log(int level, String msg) { - if (mLogger == null) return; + if (mLogger == null) + return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, - level, "AttributePresentConstraints: " + msg); + level, "AttributePresentConstraints: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java index 3caee615..c8f96409 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.math.BigInteger; import java.security.interfaces.DSAParams; import java.util.Locale; @@ -40,20 +39,20 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * DSAKeyConstraints policy enforces min and max size of the key. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class DSAKeyConstraints extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { private int mMinSize; private int mMaxSize; @@ -73,7 +72,7 @@ public class DSAKeyConstraints extends APolicyRule defConfParams.addElement(PROP_MIN_SIZE + "=" + DEF_MIN_SIZE); defConfParams.addElement(PROP_MAX_SIZE + "=" + DEF_MAX_SIZE); } - + public DSAKeyConstraints() { NAME = "DSAKeyConstraints"; DESC = "Enforces DSA Key Constraints."; @@ -84,9 +83,9 @@ public class DSAKeyConstraints extends APolicyRule PROP_MIN_SIZE + ";number;Minimum key size", PROP_MAX_SIZE + ";number;Maximum key size", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-dsakeyconstraints", + ";configuration-policyrules-dsakeyconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Rejects request if DSA key size is out of range" + ";Rejects request if DSA key size is out of range" }; return params; @@ -95,18 +94,19 @@ public class DSAKeyConstraints extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries probably are of the form - * ra.Policy.rule.<ruleName>.implName=DSAKeyConstraints - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.minSize=512 - * ra.Policy.rule.<ruleName>.maxSize=1024 - * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com - * - * @param config The config store reference + * ra.Policy.rule.<ruleName>.implName=DSAKeyConstraints + * ra.Policy.rule.<ruleName>.enable=true + * ra.Policy.rule.<ruleName>.minSize=512 + * ra.Policy.rule.<ruleName>.maxSize=1024 + * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == + * netscape.com + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EPolicyException { + throws EPolicyException { // Get Min and Max sizes mConfig = config; @@ -120,34 +120,34 @@ public class DSAKeyConstraints extends APolicyRule log(ILogger.LL_FAILURE, PROP_MAX_SIZE + " " + msg); throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - PROP_MAX_SIZE, msg)); + CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", + PROP_MAX_SIZE, msg)); } if (mMinSize < DEF_MIN_SIZE) { String msg = "cannot be less than " + DEF_MIN_SIZE; log(ILogger.LL_FAILURE, PROP_MIN_SIZE + " " + msg); throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - PROP_MIN_SIZE, msg)); + CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", + PROP_MIN_SIZE, msg)); } if (mMaxSize % INCREMENT != 0) { String msg = "must be in increments of " + INCREMENT; log(ILogger.LL_FAILURE, PROP_MAX_SIZE + " " + msg); throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - PROP_MIN_SIZE, msg)); + CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", + PROP_MIN_SIZE, msg)); } if (mMaxSize % INCREMENT != 0) { String msg = "must be in increments of " + INCREMENT; log(ILogger.LL_FAILURE, PROP_MIN_SIZE + " " + msg); throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - PROP_MIN_SIZE, msg)); + CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", + PROP_MIN_SIZE, msg)); } - + config.putInteger(PROP_MIN_SIZE, mMinSize); config.putInteger(PROP_MAX_SIZE, mMaxSize); @@ -160,8 +160,8 @@ public class DSAKeyConstraints extends APolicyRule /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -171,7 +171,7 @@ public class DSAKeyConstraints extends APolicyRule try { // Get the certificate info from the request X509CertInfo ci[] = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); // There should be a certificate info set. if (ci == null || ci[0] == null) { @@ -182,19 +182,19 @@ public class DSAKeyConstraints extends APolicyRule // Else check if the key size(s) are within the limit. for (int i = 0; i < ci.length; i++) { CertificateX509Key certKey = (CertificateX509Key) - ci[i].get(X509CertInfo.KEY); + ci[i].get(X509CertInfo.KEY); X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY); String alg = key.getAlgorithmId().toString(); if (!alg.equalsIgnoreCase(DSA)) continue; - // Check DSAKey parameters. - // size refers to the p parameter. + // Check DSAKey parameters. + // size refers to the p parameter. DSAPublicKey dsaKey = new DSAPublicKey(key.getEncoded()); DSAParams keyParams = dsaKey.getParams(); - if (keyParams == null) { + if (keyParams == null) { // key parameters could not be parsed. Object[] params = new Object[] { getInstanceName(), String.valueOf(i + 1) }; @@ -205,11 +205,11 @@ public class DSAKeyConstraints extends APolicyRule BigInteger p = keyParams.getP(); int len = p.bitLength(); - if (len < mMinSize || len > mMaxSize || - (len % INCREMENT) != 0) { - String[] parms = new String[] { - getInstanceName(), - String.valueOf(len), + if (len < mMinSize || len > mMaxSize || + (len % INCREMENT) != 0) { + String[] parms = new String[] { + getInstanceName(), + String.valueOf(len), String.valueOf(mMinSize), String.valueOf(mMaxSize), String.valueOf(INCREMENT) }; @@ -220,7 +220,7 @@ public class DSAKeyConstraints extends APolicyRule } } catch (Exception e) { // e.printStackTrace(); - String[] params = { getInstanceName(), e.toString()}; + String[] params = { getInstanceName(), e.toString() }; setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); result = PolicyResult.REJECTED; @@ -230,27 +230,27 @@ public class DSAKeyConstraints extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector getInstanceParams() { + public Vector getInstanceParams() { Vector confParams = new Vector(); try { confParams.addElement(PROP_MIN_SIZE + "=" + mConfig.getInteger(PROP_MIN_SIZE, DEF_MIN_SIZE)); confParams.addElement(PROP_MAX_SIZE + "=" + mConfig.getInteger(PROP_MAX_SIZE, DEF_MAX_SIZE)); - } catch (EBaseException e) {; + } catch (EBaseException e) { + ; } return confParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { return defConfParams; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java b/pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java index 3d4aedc3..4fc40036 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Locale; import java.util.Vector; @@ -30,22 +29,21 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * This is the default revocation policy. Currently this does - * nothing. We can later add checks like whether or not to - * revoke expired certs ..etc here. + * This is the default revocation policy. Currently this does nothing. We can + * later add checks like whether or not to revoke expired certs ..etc here. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class DefaultRevocation extends APolicyRule - implements IRevocationPolicy, IExtendedPluginInfo { + implements IRevocationPolicy, IExtendedPluginInfo { public DefaultRevocation() { NAME = "DefaultRevocation"; DESC = "Default Revocation Policy"; @@ -54,24 +52,25 @@ public class DefaultRevocation extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ra.Policy.rule.<ruleName>.implName=DefaultRevocation - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=DefaultRevocation + * ra.Policy.rule.<ruleName>.enable=true + * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == + * netscape.com + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EPolicyException { + throws EPolicyException { } /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -80,7 +79,7 @@ public class DefaultRevocation extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getInstanceParams() { @@ -89,7 +88,7 @@ public class DefaultRevocation extends APolicyRule /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { @@ -104,4 +103,3 @@ public class DefaultRevocation extends APolicyRule return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java index aed75bcd..8e10d3b6 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Locale; import java.util.Vector; @@ -35,29 +34,29 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * IssuerConstraints is a rule for restricting the issuers of the - * certificates used for certificate-based enrollments. + * IssuerConstraints is a rule for restricting the issuers of the certificates + * used for certificate-based enrollments. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$ $Date$ */ public class IssuerConstraints extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { private final static String PROP_ISSUER_DN = "issuerDN"; private static final String CLIENT_ISSUER = "clientIssuer"; private X500Name mIssuerDN = null; private String mIssuerDNString; /** - * checks the issuer of the ssl client-auth cert. Only one issuer - * is allowed for now + * checks the issuer of the ssl client-auth cert. Only one issuer is allowed + * for now */ public IssuerConstraints() { NAME = "IssuerConstraints"; @@ -68,10 +67,10 @@ public class IssuerConstraints extends APolicyRule String[] params = { PROP_ISSUER_DN + ";string;Subject DN of the Issuer. The IssuerDN of the authenticating cert must match what's specified here", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-issuerconstraints", + ";configuration-policyrules-issuerconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Rejects the request if the issuer in the certificate is" + - "not of the one specified" + ";Rejects the request if the issuer in the certificate is" + + "not of the one specified" }; return params; @@ -81,34 +80,35 @@ public class IssuerConstraints extends APolicyRule /** * Initializes this policy rule. * <P> - * @param config The config store reference + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EPolicyException { + throws EPolicyException { try { mIssuerDNString = config.getString(PROP_ISSUER_DN, null); - if ((mIssuerDNString != null) && - !mIssuerDNString.equals("")) { + if ((mIssuerDNString != null) && + !mIssuerDNString.equals("")) { mIssuerDN = new X500Name(mIssuerDNString); } } catch (Exception e) { - log(ILogger.LL_FAILURE, - NAME + CMS.getLogMessage("CA_GET_ISSUER_NAME_FAILED")); + log(ILogger.LL_FAILURE, + NAME + CMS.getLogMessage("CA_GET_ISSUER_NAME_FAILED")); - String[] params = {getInstanceName(), e.toString()}; + String[] params = { getInstanceName(), e.toString() }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params)); } CMS.debug( - NAME + ": init() done"); + NAME + ": init() done"); } /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -125,82 +125,82 @@ public class IssuerConstraints extends APolicyRule if (!ci_name.equals(mIssuerDN)) { setError(req, - CMS.getUserMessage("CMS_POLICY_INVALID_ISSUER", - getInstanceName()), ""); + CMS.getUserMessage("CMS_POLICY_INVALID_ISSUER", + getInstanceName()), ""); result = PolicyResult.REJECTED; log(ILogger.LL_FAILURE, - CMS.getLogMessage("CA_GET_ISSUER_NAME_FAILED")); + CMS.getLogMessage("CA_GET_ISSUER_NAME_FAILED")); CMS.debug( - NAME + ": apply() - issuerDN mismatch: client issuerDN = " + clientIssuerDN + "; expected issuerDN = " + mIssuerDNString); + NAME + ": apply() - issuerDN mismatch: client issuerDN = " + clientIssuerDN + "; expected issuerDN = " + mIssuerDNString); } } else { // Get the certificate info from the request X509CertInfo certInfo[] = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (certInfo == null) { - log(ILogger.LL_FAILURE, - NAME + ": apply() - missing certInfo"); - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", + log(ILogger.LL_FAILURE, + NAME + ": apply() - missing certInfo"); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", getInstanceName()), ""); return PolicyResult.REJECTED; } - + for (int i = 0; i < certInfo.length; i++) { String oldIssuer = (String) - certInfo[i].get(X509CertInfo.ISSUER).toString(); - + certInfo[i].get(X509CertInfo.ISSUER).toString(); + if (oldIssuer == null) { setError(req, - CMS.getUserMessage("CMS_POLICY_CLIENT_ISSUER_NOT_FOUND", - getInstanceName()), ""); + CMS.getUserMessage("CMS_POLICY_CLIENT_ISSUER_NOT_FOUND", + getInstanceName()), ""); result = PolicyResult.REJECTED; - log(ILogger.LL_FAILURE, - NAME + ": apply() - client issuerDN not found"); + log(ILogger.LL_FAILURE, + NAME + ": apply() - client issuerDN not found"); } X500Name oi_name = new X500Name(oldIssuer); if (!oi_name.equals(mIssuerDN)) { setError(req, - CMS.getUserMessage("CMS_POLICY_INVALID_ISSUER", - getInstanceName()), ""); + CMS.getUserMessage("CMS_POLICY_INVALID_ISSUER", + getInstanceName()), ""); result = PolicyResult.REJECTED; - log(ILogger.LL_FAILURE, - NAME + ": apply() - cert issuerDN mismatch: client issuerDN = " + oldIssuer + "; expected issuerDN = " + mIssuerDNString); + log(ILogger.LL_FAILURE, + NAME + ": apply() - cert issuerDN mismatch: client issuerDN = " + oldIssuer + "; expected issuerDN = " + mIssuerDNString); } } } } catch (Exception e) { - String params[] = {getInstanceName(), e.toString()}; + String params[] = { getInstanceName(), e.toString() }; setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); result = PolicyResult.REJECTED; } if (result.equals(PolicyResult.ACCEPTED)) { - log(ILogger.LL_INFO, - NAME + ": apply() - accepted"); + log(ILogger.LL_INFO, + NAME + ": apply() - accepted"); } return result; } /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getInstanceParams() { Vector confParams = new Vector(); confParams.addElement(PROP_ISSUER_DN + "=" + - mIssuerDNString); + mIssuerDNString); return confParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java index 8286cf31..7c79ced7 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Enumeration; import java.util.Locale; import java.util.StringTokenizer; @@ -37,43 +36,43 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * KeyAlgorithmConstraints enforces a constraint that the RA or a CA - * honor only the keys generated using one of the permitted algorithms - * such as RSA, DSA or DH. + * KeyAlgorithmConstraints enforces a constraint that the RA or a CA honor only + * the keys generated using one of the permitted algorithms such as RSA, DSA or + * DH. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class KeyAlgorithmConstraints extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { private Vector mAlgorithms; private final static String DEF_KEY_ALGORITHM = "RSA,DSA"; private final static String PROP_ALGORITHMS = "algorithms"; private final static String[] supportedAlgorithms = - {"RSA", "DSA", "DH" }; + { "RSA", "DSA", "DH" }; private final static Vector defConfParams = new Vector(); static { - defConfParams.addElement(PROP_ALGORITHMS + "=" + - DEF_KEY_ALGORITHM); + defConfParams.addElement(PROP_ALGORITHMS + "=" + + DEF_KEY_ALGORITHM); } public String[] getExtendedPluginInfo(Locale locale) { String params[] = { "algorithms;choice(RSA\\,DSA,RSA,DSA);Certificate's key can be one of these algorithms", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-keyalgorithmconstraints", + ";configuration-policyrules-keyalgorithmconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Rejects the request if the key in the certificate is " + - "not of the type specified" + ";Rejects the request if the key in the certificate is " + + "not of the type specified" }; return params; @@ -87,17 +86,17 @@ public class KeyAlgorithmConstraints extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries probably are of the form - * ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints - * ra.Policy.rule.<ruleName>.algorithms=RSA,DSA - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.predicate=ou==Sales - * - * @param config The config store reference + * ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints + * ra.Policy.rule.<ruleName>.algorithms=RSA,DSA + * ra.Policy.rule.<ruleName>.enable=true + * ra.Policy.rule.<ruleName>.predicate=ou==Sales + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EPolicyException { + throws EPolicyException { mAlgorithms = new Vector(); @@ -112,7 +111,7 @@ public class KeyAlgorithmConstraints extends APolicyRule try { algNames = config.getString(PROP_ALGORITHMS, null); } catch (Exception e) { - String[] params = {getInstanceName(), e.toString()}; + String[] params = { getInstanceName(), e.toString() }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params)); @@ -133,11 +132,10 @@ public class KeyAlgorithmConstraints extends APolicyRule } // Check if configured algorithms are supported. - for (Enumeration e = mAlgorithms.elements(); - e.hasMoreElements();) { + for (Enumeration e = mAlgorithms.elements(); e.hasMoreElements();) { int i; String configuredAlg = (String) e.nextElement(); - + // See if it is a supported algorithm. for (i = 0; i < supportedAlgorithms.length; i++) { if (configuredAlg.equals(supportedAlgorithms[i])) @@ -148,15 +146,15 @@ public class KeyAlgorithmConstraints extends APolicyRule if (i == supportedAlgorithms.length) throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_UNSUPPORTED_KEY_ALG", - getInstanceName(), configuredAlg)); + getInstanceName(), configuredAlg)); } } /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -166,7 +164,7 @@ public class KeyAlgorithmConstraints extends APolicyRule try { // Get the certificate info from the request // X509CertInfo certInfo[] = (X509CertInfo[]) - // req.get(IRequest.CERT_INFO); + // req.get(IRequest.CERT_INFO); X509CertInfo certInfo[] = req.getExtDataInCertInfoArray(IRequest.CERT_INFO); // We need to have a certificate info set @@ -179,18 +177,18 @@ public class KeyAlgorithmConstraints extends APolicyRule // Else check if the key algorithm is supported. for (int i = 0; i < certInfo.length; i++) { CertificateX509Key certKey = (CertificateX509Key) - certInfo[i].get(X509CertInfo.KEY); + certInfo[i].get(X509CertInfo.KEY); X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY); String alg = key.getAlgorithmId().getName().toUpperCase(); if (!mAlgorithms.contains(alg)) { - setError(req, CMS.getUserMessage("CMS_POLICY_KEY_ALG_VIOLATION", + setError(req, CMS.getUserMessage("CMS_POLICY_KEY_ALG_VIOLATION", getInstanceName(), alg), ""); result = PolicyResult.REJECTED; } } } catch (Exception e) { - String params[] = {getInstanceName(), e.toString()}; + String params[] = { getInstanceName(), e.toString() }; setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); @@ -201,10 +199,10 @@ public class KeyAlgorithmConstraints extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector getInstanceParams() { + public Vector getInstanceParams() { Vector v = new Vector(); StringBuffer sb = new StringBuffer(); @@ -217,14 +215,13 @@ public class KeyAlgorithmConstraints extends APolicyRule v.addElement(PROP_ALGORITHMS + "=" + sb.toString()); return v; } - + /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { return defConfParams; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java b/pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java index a2bf9437..8526c77b 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Vector; import com.netscape.certsrv.authentication.IAuthToken; @@ -29,23 +28,22 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * ManualAuthentication is an enrollment policy that queues - * all requests for issuing agent's approval if no authentication - * is present. The policy rejects a request if any of the auth tokens - * indicates authentication failure. + * ManualAuthentication is an enrollment policy that queues all requests for + * issuing agent's approval if no authentication is present. The policy rejects + * a request if any of the auth tokens indicates authentication failure. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class ManualAuthentication extends APolicyRule - implements IEnrollmentPolicy { + implements IEnrollmentPolicy { public ManualAuthentication() { NAME = "ManualAuthentication"; DESC = "Manual Authentication Policy"; @@ -54,30 +52,31 @@ public class ManualAuthentication extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ra.Policy.rule.<ruleName>.implName=ManualAuthentication - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=ManualAuthentication + * ra.Policy.rule.<ruleName>.enable=true + * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == + * netscape.com + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EPolicyException { + throws EPolicyException { } /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { IAuthToken authToken = req.getExtDataInAuthToken(IRequest.AUTH_TOKEN); - if (authToken == null) + if (authToken == null) return deferred(req); return PolicyResult.ACCEPTED; @@ -85,7 +84,7 @@ public class ManualAuthentication extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getInstanceParams() { @@ -94,11 +93,10 @@ public class ManualAuthentication extends APolicyRule /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { return null; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java index 7f7537bf..ccfa3ec0 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Enumeration; import java.util.Locale; import java.util.StringTokenizer; @@ -41,21 +40,21 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * RSAKeyConstraints policy enforces min and max size of the key. - * Optionally checks the exponents. + * RSAKeyConstraints policy enforces min and max size of the key. Optionally + * checks the exponents. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class RSAKeyConstraints extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { private Vector mExponents; private int mMinSize; private int mMaxSize; @@ -81,10 +80,10 @@ public class RSAKeyConstraints extends APolicyRule PROP_MAX_SIZE + ";number;Maximum size of user's RSA key (bits)", PROP_EXPONENTS + ";string;Comma-separated list of permissible exponents", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-rsakeyconstraints", + ";configuration-policyrules-rsakeyconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Reject request if RSA key length is not within the " + - "specified constraints" + ";Reject request if RSA key length is not within the " + + "specified constraints" }; return params; @@ -98,38 +97,38 @@ public class RSAKeyConstraints extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries probably are of the form: - * - * ra.Policy.rule.<ruleName>.implName=RSAKeyConstraints - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.minSize=512 - * ra.Policy.rule.<ruleName>.maxSize=2048 - * ra.Policy.rule.<ruleName>.predicate=ou==Marketing - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=RSAKeyConstraints + * ra.Policy.rule.<ruleName>.enable=true + * ra.Policy.rule.<ruleName>.minSize=512 + * ra.Policy.rule.<ruleName>.maxSize=2048 + * ra.Policy.rule.<ruleName>.predicate=ou==Marketing + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { if (config == null || config.size() == 0) throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_MISSING_POLICY_CONFIG", - getInstanceName())); + getInstanceName())); String exponents = null; // Get Min and Max sizes mMinSize = config.getInteger(PROP_MIN_SIZE, DEF_MIN_SIZE); mMaxSize = config.getInteger(PROP_MAX_SIZE, DEF_MAX_SIZE); - if (mMinSize <= 0) + if (mMinSize <= 0) throw new EBaseException( CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_MIN_SIZE)); - if (mMaxSize <= 0) + if (mMaxSize <= 0) throw new EBaseException( CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_MAX_SIZE)); - if (mMinSize > mMaxSize) + if (mMinSize > mMaxSize) throw new EBaseException( CMS.getUserMessage("CMS_BASE_A_GREATER_THAN_EQUAL_B", PROP_MIN_SIZE, PROP_MAX_SIZE)); @@ -149,8 +148,8 @@ public class RSAKeyConstraints extends APolicyRule } } catch (Exception e) { // e.printStackTrace(); - String[] params = {getInstanceName(), exponents, - PROP_EXPONENTS}; + String[] params = { getInstanceName(), exponents, + PROP_EXPONENTS }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_INVALID_CONFIG_PARAM", params)); @@ -161,8 +160,8 @@ public class RSAKeyConstraints extends APolicyRule /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -172,11 +171,11 @@ public class RSAKeyConstraints extends APolicyRule try { // Get the certificate info from the request X509CertInfo certInfo[] = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); // There should be a certificate info set. if (certInfo == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", getInstanceName()), ""); return PolicyResult.REJECTED; } @@ -184,7 +183,7 @@ public class RSAKeyConstraints extends APolicyRule // Else check if the key size(s) are within the limit. for (int i = 0; i < certInfo.length; i++) { CertificateX509Key certKey = (CertificateX509Key) - certInfo[i].get(X509CertInfo.KEY); + certInfo[i].get(X509CertInfo.KEY); X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY); String alg = key.getAlgorithmId().toString(); @@ -196,22 +195,22 @@ public class RSAKeyConstraints extends APolicyRule newkey = new X509Key(AlgorithmId.get("RSA"), key.getKey()); } catch (Exception e) { - CMS.debug( "RSAKeyConstraints::apply() - " - + "Exception="+e.toString() ); - setError( req, - CMS.getUserMessage( "CMS_POLICY_KEY_SIZE_VIOLATION", - getInstanceName() ), - "" ); + CMS.debug("RSAKeyConstraints::apply() - " + + "Exception=" + e.toString()); + setError(req, + CMS.getUserMessage("CMS_POLICY_KEY_SIZE_VIOLATION", + getInstanceName()), + ""); return PolicyResult.REJECTED; } RSAPublicKey rsaKey = new RSAPublicKey(newkey.getEncoded()); int keySize = rsaKey.getKeySize(); if (keySize < mMinSize || keySize > mMaxSize) { - String[] params = {getInstanceName(), - String.valueOf(keySize), + String[] params = { getInstanceName(), + String.valueOf(keySize), String.valueOf(mMinSize), - String.valueOf(mMaxSize)}; + String.valueOf(mMaxSize) }; setError(req, CMS.getUserMessage("CMS_POLICY_KEY_SIZE_VIOLATION", params), ""); @@ -226,15 +225,14 @@ public class RSAKeyConstraints extends APolicyRule if (!mExponents.contains(exp)) { StringBuffer sb = new StringBuffer(); - for (Enumeration e = mExponents.elements(); - e.hasMoreElements();) { + for (Enumeration e = mExponents.elements(); e.hasMoreElements();) { BigInt bi = (BigInt) e.nextElement(); sb.append(bi.toBigInteger().toString()); sb.append(" "); } - String[] params = {getInstanceName(), - exp.toBigInteger().toString(), new String(sb)}; + String[] params = { getInstanceName(), + exp.toBigInteger().toString(), new String(sb) }; setError(req, CMS.getUserMessage("CMS_POLICY_EXPONENT_VIOLATION", params), ""); result = PolicyResult.REJECTED; @@ -243,7 +241,7 @@ public class RSAKeyConstraints extends APolicyRule } } catch (Exception e) { // e.printStackTrace(); - String params[] = {getInstanceName(), e.toString()}; + String params[] = { getInstanceName(), e.toString() }; setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); result = PolicyResult.REJECTED; @@ -253,10 +251,10 @@ public class RSAKeyConstraints extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector getInstanceParams() { + public Vector getInstanceParams() { Vector confParams = new Vector(); confParams.addElement(PROP_MIN_SIZE + "=" + mMinSize); @@ -275,11 +273,10 @@ public class RSAKeyConstraints extends APolicyRule /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { return defConfParams; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java index 08e479b8..763c7713 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Date; import java.util.Locale; import java.util.Vector; @@ -37,21 +36,22 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Whether to allow renewal of an expired cert. + * * @version $Revision$, $Date$ - * <P> - * <PRE> + * <P> + * + * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> - * <P> - * + * <P> + * * @deprecated * @version $Revision$, $Date$ */ public class RenewalConstraints extends APolicyRule - implements IRenewalPolicy, IExtendedPluginInfo { + implements IRenewalPolicy, IExtendedPluginInfo { private static final String PROP_ALLOW_EXPIRED_CERTS = "allowExpiredCerts"; private static final String PROP_RENEWAL_NOT_AFTER = "renewalNotAfter"; @@ -66,7 +66,7 @@ public class RenewalConstraints extends APolicyRule static { defConfParams.addElement(PROP_ALLOW_EXPIRED_CERTS + "=" + true); defConfParams.addElement(PROP_RENEWAL_NOT_AFTER + "=" + - DEF_RENEWAL_NOT_AFTER); + DEF_RENEWAL_NOT_AFTER); } public RenewalConstraints() { @@ -79,10 +79,10 @@ public class RenewalConstraints extends APolicyRule PROP_ALLOW_EXPIRED_CERTS + ";boolean;Allow a user to renew an already-expired certificate", PROP_RENEWAL_NOT_AFTER + ";number;Number of days since certificate expiry after which renewal request would be rejected", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-renewalconstraints", + ";configuration-policyrules-renewalconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Permit administrator to decide policy on whether to " + - "permit renewals for already-expired certificates" + ";Permit administrator to decide policy on whether to " + + "permit renewals for already-expired certificates" }; return params; @@ -92,24 +92,24 @@ public class RenewalConstraints extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries probably are of the form: - * - * ra.Policy.rule.<ruleName>.implName=ValidityConstraints - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.allowExpiredCerts=true - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=ValidityConstraints + * ra.Policy.rule.<ruleName>.enable=true + * ra.Policy.rule.<ruleName>.allowExpiredCerts=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EPolicyException { + throws EPolicyException { // Get min and max validity in days and configure them. try { - mAllowExpiredCerts = + mAllowExpiredCerts = config.getBoolean(PROP_ALLOW_EXPIRED_CERTS, true); String val = config.getString(PROP_RENEWAL_NOT_AFTER, null); - if (val == null) + if (val == null) mRenewalNotAfter = DEF_RENEWAL_NOT_AFTER * DAYS_TO_MS_FACTOR; else { mRenewalNotAfter = Long.parseLong(val) * DAYS_TO_MS_FACTOR; @@ -125,8 +125,8 @@ public class RenewalConstraints extends APolicyRule /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -135,25 +135,26 @@ public class RenewalConstraints extends APolicyRule try { // Get the certificates being renwed. X509CertImpl[] oldCerts = - req.getExtDataInCertArray(IRequest.OLD_CERTS); + req.getExtDataInCertArray(IRequest.OLD_CERTS); if (oldCerts == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_OLD_CERT", getInstanceName()), ""); return PolicyResult.REJECTED; } - + if (mAllowExpiredCerts) { CMS.debug("checking validity of each cert"); - // check if each cert to be renewed is expired for more than // allowed days. + // check if each cert to be renewed is expired for more than // + // allowed days. for (int i = 0; i < oldCerts.length; i++) { X509CertInfo oldCertInfo = (X509CertInfo) - oldCerts[i].get(X509CertImpl.NAME + "." + - X509CertImpl.INFO); - CertificateValidity oldValidity = (CertificateValidity) - oldCertInfo.get(X509CertInfo.VALIDITY); + oldCerts[i].get(X509CertImpl.NAME + "." + + X509CertImpl.INFO); + CertificateValidity oldValidity = (CertificateValidity) + oldCertInfo.get(X509CertInfo.VALIDITY); Date notAfter = (Date) - oldValidity.get(CertificateValidity.NOT_AFTER); + oldValidity.get(CertificateValidity.NOT_AFTER); // Is the Certificate eligible for renewal ? @@ -166,12 +167,12 @@ public class RenewalConstraints extends APolicyRule if (renewedNotAfter.before(now)) { CMS.debug( - "One or more certificates is expired for more than " + (mRenewalNotAfter / DAYS_TO_MS_FACTOR) + " days"); + "One or more certificates is expired for more than " + (mRenewalNotAfter / DAYS_TO_MS_FACTOR) + " days"); String params[] = { getInstanceName(), Long.toString(mRenewalNotAfter / DAYS_TO_MS_FACTOR) }; - setError(req, - CMS.getUserMessage("CMS_POLICY_CANNOT_RENEW_EXPIRED_CERTS_AFTER_ALLOWED_PERIOD", - params), ""); + setError(req, + CMS.getUserMessage("CMS_POLICY_CANNOT_RENEW_EXPIRED_CERTS_AFTER_ALLOWED_PERIOD", + params), ""); return PolicyResult.REJECTED; } } @@ -182,12 +183,12 @@ public class RenewalConstraints extends APolicyRule // check if each cert to be renewed is expired. for (int i = 0; i < oldCerts.length; i++) { X509CertInfo oldCertInfo = (X509CertInfo) - oldCerts[i].get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); - CertificateValidity oldValidity = (CertificateValidity) - oldCertInfo.get(X509CertInfo.VALIDITY); + oldCerts[i].get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); + CertificateValidity oldValidity = (CertificateValidity) + oldCertInfo.get(X509CertInfo.VALIDITY); Date notAfter = (Date) - oldValidity.get(CertificateValidity.NOT_AFTER); + oldValidity.get(CertificateValidity.NOT_AFTER); // Is the Certificate still valid? Date now = CMS.getCurrentDate(); @@ -195,19 +196,19 @@ public class RenewalConstraints extends APolicyRule CMS.debug("RenewalConstraints: cert " + i + " notAfter " + notAfter + " now=" + now); if (notAfter.before(now)) { CMS.debug( - "RenewalConstraints: One or more certificates is expired."); + "RenewalConstraints: One or more certificates is expired."); String params[] = { getInstanceName() }; - setError(req, - CMS.getUserMessage("CMS_POLICY_CANNOT_RENEW_EXPIRED_CERTS", - params), ""); + setError(req, + CMS.getUserMessage("CMS_POLICY_CANNOT_RENEW_EXPIRED_CERTS", + params), ""); result = PolicyResult.REJECTED; break; } } } catch (Exception e) { - String params[] = {getInstanceName(), e.toString()}; + String params[] = { getInstanceName(), e.toString() }; setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); result = PolicyResult.REJECTED; @@ -217,22 +218,22 @@ public class RenewalConstraints extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getInstanceParams() { Vector confParams = new Vector(); confParams.addElement( - PROP_ALLOW_EXPIRED_CERTS + "=" + mAllowExpiredCerts); + PROP_ALLOW_EXPIRED_CERTS + "=" + mAllowExpiredCerts); confParams.addElement(PROP_RENEWAL_NOT_AFTER + "=" + - mRenewalNotAfter / DAYS_TO_MS_FACTOR); + mRenewalNotAfter / DAYS_TO_MS_FACTOR); return confParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java index 3d98f3c2..b4131ea9 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Date; import java.util.Locale; import java.util.Vector; @@ -36,30 +35,29 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * RenewalValidityConstraints is a default rule for Certificate - * Renewal. This policy enforces the no of days before which a - * currently active certificate can be renewed and sets new validity - * period for the renewed certificate starting from the the ending - * period in the old certificate. - * + * RenewalValidityConstraints is a default rule for Certificate Renewal. This + * policy enforces the no of days before which a currently active certificate + * can be renewed and sets new validity period for the renewed certificate + * starting from the the ending period in the old certificate. + * * The main parameters are: - * - * The renewal leadtime in days: - i.e how many days before the - * expiry of the current certificate can one request the renewal. - * min and max validity duration. + * + * The renewal leadtime in days: - i.e how many days before the expiry of the + * current certificate can one request the renewal. min and max validity + * duration. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class RenewalValidityConstraints extends APolicyRule - implements IRenewalPolicy, IExtendedPluginInfo { + implements IRenewalPolicy, IExtendedPluginInfo { private long mMinValidity; private long mMaxValidity; private long mRenewalInterval; @@ -78,11 +76,11 @@ public class RenewalValidityConstraints extends APolicyRule static { defConfParams.addElement(PROP_MIN_VALIDITY + "=" + - DEF_MIN_VALIDITY); + DEF_MIN_VALIDITY); defConfParams.addElement(PROP_MAX_VALIDITY + "=" + - DEF_MAX_VALIDITY); + DEF_MAX_VALIDITY); defConfParams.addElement(PROP_RENEWAL_INTERVAL + "=" + - DEF_RENEWAL_INTERVAL); + DEF_RENEWAL_INTERVAL); } public String[] getExtendedPluginInfo(Locale locale) { @@ -91,10 +89,10 @@ public class RenewalValidityConstraints extends APolicyRule PROP_MAX_VALIDITY + ";number;Specifies the maximum validity period, in days, for renewed certificates.", PROP_RENEWAL_INTERVAL + ";number;Specifies how many days before its expiration that a certificate can be renewed.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-renewalvalidityconstraints", + ";configuration-policyrules-renewalvalidityconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Reject renewal request if the certificate is too far " + - "before it's expiry date" + ";Reject renewal request if the certificate is too far " + + "before it's expiry date" }; return params; @@ -109,20 +107,20 @@ public class RenewalValidityConstraints extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries probably are of the form: - * - * ra.Policy.rule.<ruleName>.implName=ValidityConstraints - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.minValidity=30 - * ra.Policy.rule.<ruleName>.maxValidity=180 - * ra.Policy.rule.<ruleName>.renewalInterval=15 - * ra.Policy.rule.<ruleName>.predicate=ou==Sales - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=ValidityConstraints + * ra.Policy.rule.<ruleName>.enable=true + * ra.Policy.rule.<ruleName>.minValidity=30 + * ra.Policy.rule.<ruleName>.maxValidity=180 + * ra.Policy.rule.<ruleName>.renewalInterval=15 + * ra.Policy.rule.<ruleName>.predicate=ou==Sales + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EPolicyException { + throws EPolicyException { // Get min and max validity in days and onfigure them. try { @@ -148,7 +146,7 @@ public class RenewalValidityConstraints extends APolicyRule // minValidity can't be bigger than maxValidity. if (mMinValidity > mMaxValidity) { - String params[] = {getInstanceName(), + String params[] = { getInstanceName(), String.valueOf(mMinValidity / DAYS_TO_MS_FACTOR), String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR) }; @@ -158,7 +156,7 @@ public class RenewalValidityConstraints extends APolicyRule // Renewal interval can't be more than maxValidity. if (mRenewalInterval > mMaxValidity) { - String params[] = {getInstanceName(), + String params[] = { getInstanceName(), String.valueOf(mRenewalInterval / DAYS_TO_MS_FACTOR), String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR) }; @@ -167,7 +165,7 @@ public class RenewalValidityConstraints extends APolicyRule } } catch (Exception e) { // e.printStackTrace(); - String[] params = {getInstanceName(), e.toString()}; + String[] params = { getInstanceName(), e.toString() }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params)); @@ -177,8 +175,8 @@ public class RenewalValidityConstraints extends APolicyRule /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -191,15 +189,15 @@ public class RenewalValidityConstraints extends APolicyRule try { // Get the certificate info from the request X509CertInfo certInfo[] = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); // Get the certificates being renwed. X509CertImpl currentCerts[] = - req.getExtDataInCertArray(IRequest.OLD_CERTS); + req.getExtDataInCertArray(IRequest.OLD_CERTS); // Both certificate info and current certs should be set if (certInfo == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", getInstanceName()), ""); return PolicyResult.REJECTED; } @@ -218,12 +216,12 @@ public class RenewalValidityConstraints extends APolicyRule // set the validity. for (int i = 0; i < certInfo.length; i++) { X509CertInfo oldCertInfo = (X509CertInfo) - currentCerts[i].get(X509CertImpl.NAME + - "." + X509CertImpl.INFO); - CertificateValidity oldValidity = (CertificateValidity) - oldCertInfo.get(X509CertInfo.VALIDITY); + currentCerts[i].get(X509CertImpl.NAME + + "." + X509CertImpl.INFO); + CertificateValidity oldValidity = (CertificateValidity) + oldCertInfo.get(X509CertInfo.VALIDITY); Date notAfter = (Date) - oldValidity.get(CertificateValidity.NOT_AFTER); + oldValidity.get(CertificateValidity.NOT_AFTER); // Is the Certificate still valid? Date now = CMS.getCurrentDate(); @@ -233,14 +231,14 @@ public class RenewalValidityConstraints extends APolicyRule long interval = notAfter.getTime() - now.getTime(); if (interval > mRenewalInterval) { - setError(req, - CMS.getUserMessage("CMS_POLICY_LONG_RENEWAL_LEAD_TIME", - getInstanceName(), - String.valueOf(mRenewalInterval / DAYS_TO_MS_FACTOR)), ""); - setError(req, - CMS.getUserMessage("CMS_POLICY_EXISTING_CERT_DETAILS", - getInstanceName(), - getCertDetails(req, currentCerts[i])), ""); + setError(req, + CMS.getUserMessage("CMS_POLICY_LONG_RENEWAL_LEAD_TIME", + getInstanceName(), + String.valueOf(mRenewalInterval / DAYS_TO_MS_FACTOR)), ""); + setError(req, + CMS.getUserMessage("CMS_POLICY_EXISTING_CERT_DETAILS", + getInstanceName(), + getCertDetails(req, currentCerts[i])), ""); result = PolicyResult.REJECTED; setDummyValidity(certInfo[i]); @@ -248,27 +246,27 @@ public class RenewalValidityConstraints extends APolicyRule } } - // Else compute new validity. + // Else compute new validity. Date renewedNotBef = notAfter; Date renewedNotAfter = new Date(notAfter.getTime() + mMaxValidity); - // If the new notAfter is within renewal interval days from + // If the new notAfter is within renewal interval days from // today or already expired, set the notBefore to today. if (renewedNotAfter.before(now) || - (renewedNotAfter.getTime() - now.getTime()) <= - mRenewalInterval) { + (renewedNotAfter.getTime() - now.getTime()) <= + mRenewalInterval) { renewedNotBef = now; renewedNotAfter = new Date(now.getTime() + mMaxValidity); } CertificateValidity newValidity = - new CertificateValidity(renewedNotBef, renewedNotAfter); + new CertificateValidity(renewedNotBef, renewedNotAfter); certInfo[i].set(X509CertInfo.VALIDITY, newValidity); } } catch (Exception e) { - String params[] = {getInstanceName(), e.toString()}; + String params[] = { getInstanceName(), e.toString() }; setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); result = PolicyResult.REJECTED; @@ -278,24 +276,24 @@ public class RenewalValidityConstraints extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getInstanceParams() { Vector confParams = new Vector(); confParams.addElement(PROP_MIN_VALIDITY + "=" + - mMinValidity / DAYS_TO_MS_FACTOR); + mMinValidity / DAYS_TO_MS_FACTOR); confParams.addElement(PROP_MAX_VALIDITY + "=" + - mMaxValidity / DAYS_TO_MS_FACTOR); + mMaxValidity / DAYS_TO_MS_FACTOR); confParams.addElement(PROP_RENEWAL_INTERVAL + "=" + - mRenewalInterval / DAYS_TO_MS_FACTOR); + mRenewalInterval / DAYS_TO_MS_FACTOR); return confParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { @@ -306,7 +304,7 @@ public class RenewalValidityConstraints extends APolicyRule private void setDummyValidity(X509CertInfo certInfo) { try { certInfo.set(X509CertInfo.VALIDITY, - new CertificateValidity(CMS.getCurrentDate(), new Date())); + new CertificateValidity(CMS.getCurrentDate(), new Date())); } catch (Exception e) { } } @@ -317,8 +315,8 @@ public class RenewalValidityConstraints extends APolicyRule sb.append("\n"); sb.append("Serial No: " + cert.getSerialNumber().toString(16)); sb.append("\n"); - sb.append("Validity: " + cert.getNotBefore().toString() + - " - " + cert.getNotAfter().toString()); + sb.append("Validity: " + cert.getNotBefore().toString() + + " - " + cert.getNotAfter().toString()); sb.append("\n"); String certType = req.getExtDataInString(IRequest.CERT_TYPE); @@ -326,11 +324,12 @@ public class RenewalValidityConstraints extends APolicyRule certType = IRequest.SERVER_CERT; if (certType.equals(IRequest.CLIENT_CERT)) { - /*** Take this our - URL formulation hard to do here. - sb.append("Use the following url with your CA/RA gateway spec to download the certificate."); - sb.append("\n"); - sb.append("/query/certImport?op=displayByserial&serialNumber="); - sb.append(cert.getSerialNumber().toString(16)); + /*** + * Take this our - URL formulation hard to do here. sb.append( + * "Use the following url with your CA/RA gateway spec to download the certificate." + * ); sb.append("\n"); + * sb.append("/query/certImport?op=displayByserial&serialNumber="); + * sb.append(cert.getSerialNumber().toString(16)); ***/ sb.append("\n"); } else { @@ -342,7 +341,7 @@ public class RenewalValidityConstraints extends APolicyRule sb.append(CERT_HEADER + encodedCert + CERT_TRAILER); } catch (Exception e) { - //throw new AssertionException(e.toString()); + // throw new AssertionException(e.toString()); } } return sb.toString(); diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java index 686529f4..046ebd35 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Date; import java.util.Locale; import java.util.Vector; @@ -38,20 +37,20 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Whether to allow revocation of an expired cert. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class RevocationConstraints extends APolicyRule - implements IRevocationPolicy, IExtendedPluginInfo { + implements IRevocationPolicy, IExtendedPluginInfo { private static final String PROP_ALLOW_EXPIRED_CERTS = "allowExpiredCerts"; private static final String PROP_ALLOW_ON_HOLD = "allowOnHold"; @@ -74,13 +73,13 @@ public class RevocationConstraints extends APolicyRule PROP_ALLOW_EXPIRED_CERTS + ";boolean;Allow a user to revoke an already-expired certificate", PROP_ALLOW_ON_HOLD + ";boolean;Allow a user to set reason to On-Hold", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-revocationconstraints", + ";configuration-policyrules-revocationconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Allow administrator to decide policy on whether to allow " + - "recovation of expired certificates" + - "and set reason to On-Hold" + ";Allow administrator to decide policy on whether to allow " + + "recovation of expired certificates" + + "and set reason to On-Hold" - }; + }; return params; @@ -89,20 +88,20 @@ public class RevocationConstraints extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries probably are of the form: - * - * ra.Policy.rule.<ruleName>.implName=ValidityConstraints - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.allowExpiredCerts=true - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=ValidityConstraints + * ra.Policy.rule.<ruleName>.enable=true + * ra.Policy.rule.<ruleName>.allowExpiredCerts=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EPolicyException { + throws EPolicyException { // Get min and max validity in days and onfigure them. try { - mAllowExpiredCerts = + mAllowExpiredCerts = config.getBoolean(PROP_ALLOW_EXPIRED_CERTS, true); mAllowOnHold = config.getBoolean(PROP_ALLOW_ON_HOLD, true); @@ -117,8 +116,8 @@ public class RevocationConstraints extends APolicyRule /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -138,35 +137,35 @@ public class RevocationConstraints extends APolicyRule setError(req, CMS.getUserMessage("CMS_POLICY_NO_ON_HOLD_ALLOWED", params), ""); return PolicyResult.REJECTED; - } + } } if (mAllowExpiredCerts) // nothing to check. return PolicyResult.ACCEPTED; - + PolicyResult result = PolicyResult.ACCEPTED; try { // Get the certificates being renwed. X509CertImpl[] oldCerts = - req.getExtDataInCertArray(IRequest.OLD_CERTS); + req.getExtDataInCertArray(IRequest.OLD_CERTS); if (oldCerts == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_OLD_CERT"), - getInstanceName()); + getInstanceName()); return PolicyResult.REJECTED; } // check if each cert to be renewed is expired. for (int i = 0; i < oldCerts.length; i++) { X509CertInfo oldCertInfo = (X509CertInfo) - oldCerts[i].get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); - CertificateValidity oldValidity = (CertificateValidity) - oldCertInfo.get(X509CertInfo.VALIDITY); + oldCerts[i].get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); + CertificateValidity oldValidity = (CertificateValidity) + oldCertInfo.get(X509CertInfo.VALIDITY); Date notAfter = (Date) - oldValidity.get(CertificateValidity.NOT_AFTER); + oldValidity.get(CertificateValidity.NOT_AFTER); // Is the Certificate still valid? Date now = CMS.getCurrentDate(); @@ -174,16 +173,16 @@ public class RevocationConstraints extends APolicyRule if (notAfter.before(now)) { String params[] = { getInstanceName() }; - setError(req, - CMS.getUserMessage("CMS_POLICY_CANNOT_REVOKE_EXPIRED_CERTS", - params), ""); + setError(req, + CMS.getUserMessage("CMS_POLICY_CANNOT_REVOKE_EXPIRED_CERTS", + params), ""); result = PolicyResult.REJECTED; break; } } } catch (Exception e) { - String params[] = {getInstanceName(), e.toString()}; + String params[] = { getInstanceName(), e.toString() }; setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); result = PolicyResult.REJECTED; @@ -193,22 +192,22 @@ public class RevocationConstraints extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getInstanceParams() { Vector confParams = new Vector(); confParams.addElement( - PROP_ALLOW_EXPIRED_CERTS + "=" + mAllowExpiredCerts); + PROP_ALLOW_EXPIRED_CERTS + "=" + mAllowExpiredCerts); confParams.addElement( - PROP_ALLOW_ON_HOLD + "=" + mAllowOnHold); + PROP_ALLOW_ON_HOLD + "=" + mAllowOnHold); return confParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java index 9d519284..8f974aee 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Locale; import java.util.StringTokenizer; import java.util.Vector; @@ -41,23 +40,24 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * SigningAlgorithmConstraints enforces that only a supported - * signing algorithm be requested. + * SigningAlgorithmConstraints enforces that only a supported signing algorithm + * be requested. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class SigningAlgorithmConstraints extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { private String[] mAllowedAlgs = null; // algs allowed by this policy - static String[] mDefaultAllowedAlgs = null; // default algs allowed by this policy based on CA's key + static String[] mDefaultAllowedAlgs = null; // default algs allowed by this + // policy based on CA's key private String[] mConfigAlgs = null; // algs listed in config file private boolean winnowedByKey = false; IAuthority mAuthority = null; @@ -94,17 +94,17 @@ public class SigningAlgorithmConstraints extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries probably are of the form - * ra.Policy.rule.<ruleName>.implName=SigningAlgorithmConstraints - * ra.Policy.rule.<ruleName>.algorithms=SHA-1WithRSA, SHA-1WithDSA - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.predicate=ou==Sales - * - * @param config The config store reference + * ra.Policy.rule.<ruleName>.implName=SigningAlgorithmConstraints + * ra.Policy.rule.<ruleName>.algorithms=SHA-1WithRSA, SHA-1WithDSA + * ra.Policy.rule.<ruleName>.enable=true + * ra.Policy.rule.<ruleName>.predicate=ou==Sales + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mAuthority = (IAuthority) ((IPolicyProcessor) owner).getAuthority(); // Get allowed algorithms from config file @@ -114,7 +114,7 @@ public class SigningAlgorithmConstraints extends APolicyRule try { algNames = config.getString(PROP_ALGORITHMS, null); } catch (Exception e) { - String[] params = {getInstanceName(), e.toString(), PROP_ALGORITHMS}; + String[] params = { getInstanceName(), e.toString(), PROP_ALGORITHMS }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_PARAM_CONFIG_ERROR", params)); @@ -136,7 +136,7 @@ public class SigningAlgorithmConstraints extends APolicyRule for (int i = 0; i < itemCount; i++) { mAllowedAlgs[i] = (String) algs.elementAt(i); } - + } } @@ -149,8 +149,8 @@ public class SigningAlgorithmConstraints extends APolicyRule if (mAllowedAlgs != null) { // winnow out unknown algorithms - winnowAlgs(AlgorithmId.ALL_SIGNING_ALGORITHMS, - "CMS_POLICY_UNKNOWN_SIGNING_ALG", true); + winnowAlgs(AlgorithmId.ALL_SIGNING_ALGORITHMS, + "CMS_POLICY_UNKNOWN_SIGNING_ALG", true); } else { // if nothing was in the config file, allow all known algs mAllowedAlgs = AlgorithmId.ALL_SIGNING_ALGORITHMS; @@ -183,19 +183,19 @@ public class SigningAlgorithmConstraints extends APolicyRule // get list of algorithms allowed for the key String[] allowedByKey = - ((ICertAuthority) mAuthority).getCASigningAlgorithms(); + ((ICertAuthority) mAuthority).getCASigningAlgorithms(); if (allowedByKey != null) { - // don't show algorithms that don't match CA's key in UI. + // don't show algorithms that don't match CA's key in UI. mDefaultAllowedAlgs = new String[allowedByKey.length]; for (int i = 0; i < allowedByKey.length; i++) mDefaultAllowedAlgs[i] = allowedByKey[i]; - // winnow out algorithms that don't match CA's signing key + // winnow out algorithms that don't match CA's signing key winnowAlgs(allowedByKey, - "CMS_POLICY_SIGNALG_NOT_MATCH_CAKEY_1", false); + "CMS_POLICY_SIGNALG_NOT_MATCH_CAKEY_1", false); winnowedByKey = true; } else { - // We don't know the CA's signing algorithms. Maybe we're + // We don't know the CA's signing algorithms. Maybe we're // an RA that hasn't talked to the CA yet? Try again later. } } @@ -203,14 +203,15 @@ public class SigningAlgorithmConstraints extends APolicyRule /** * Winnows out of mAllowedAlgorithms those algorithms that aren't allowed * for some reason. - * - * @param allowed An array of allowed algorithms. Only algorithms in this - * list will survive the winnowing process. - * @param reason A string describing the problem with an algorithm - * that is not allowed by this list. Must be a predefined string in PolicyResources. + * + * @param allowed An array of allowed algorithms. Only algorithms in this + * list will survive the winnowing process. + * @param reason A string describing the problem with an algorithm that is + * not allowed by this list. Must be a predefined string in + * PolicyResources. */ - private void winnowAlgs(String[] allowed, String reason, boolean isError) - throws EBaseException { + private void winnowAlgs(String[] allowed, String reason, boolean isError) + throws EBaseException { int i, j, goodSize; // validate the currently-allowed algorithms @@ -240,7 +241,7 @@ public class SigningAlgorithmConstraints extends APolicyRule // convert back into an array goodSize = goodAlgs.size(); if (mAllowedAlgs.length != goodSize) { - mAllowedAlgs = new String[ goodSize ]; + mAllowedAlgs = new String[goodSize]; for (i = 0; i < goodSize; i++) { mAllowedAlgs[i] = (String) goodAlgs.elementAt(i); } @@ -250,8 +251,8 @@ public class SigningAlgorithmConstraints extends APolicyRule /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -262,8 +263,8 @@ public class SigningAlgorithmConstraints extends APolicyRule try { // Get the certificate info from the request - //X509CertInfo certInfo[] = (X509CertInfo[]) - // req.get(IRequest.CERT_INFO); + // X509CertInfo certInfo[] = (X509CertInfo[]) + // req.get(IRequest.CERT_INFO); X509CertInfo certInfo[] = req.getExtDataInCertInfoArray(IRequest.CERT_INFO); // We need to have a certificate info set @@ -282,10 +283,10 @@ public class SigningAlgorithmConstraints extends APolicyRule } CertificateAlgorithmId certAlgId = (CertificateAlgorithmId) - certInfo[i].get(X509CertInfo.ALGORITHM_ID); + certInfo[i].get(X509CertInfo.ALGORITHM_ID); AlgorithmId algId = (AlgorithmId) - certAlgId.get(CertificateAlgorithmId.ALGORITHM); + certAlgId.get(CertificateAlgorithmId.ALGORITHM); String alg = algId.getName(); // test against the list of allowed algorithms @@ -298,10 +299,10 @@ public class SigningAlgorithmConstraints extends APolicyRule // if the algor doesn't match the CA's key replace // it with one that does. if (mAllowedAlgs[0].equals("SHA1withDSA") || - alg.equals("SHA1withDSA")) { + alg.equals("SHA1withDSA")) { certInfo[i].set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId( - AlgorithmId.get(mAllowedAlgs[0]))); + new CertificateAlgorithmId( + AlgorithmId.get(mAllowedAlgs[0]))); return PolicyResult.ACCEPTED; } @@ -313,9 +314,9 @@ public class SigningAlgorithmConstraints extends APolicyRule } } catch (Exception e) { // e.printStackTrace(); - String params[] = {getInstanceName(), e.toString()}; + String params[] = { getInstanceName(), e.toString() }; - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); result = PolicyResult.REJECTED; } @@ -324,10 +325,10 @@ public class SigningAlgorithmConstraints extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector getInstanceParams() { + public Vector getInstanceParams() { Vector confParams = new Vector(); StringBuffer sb = new StringBuffer(); @@ -343,10 +344,10 @@ public class SigningAlgorithmConstraints extends APolicyRule /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector getDefaultParams() { + public Vector getDefaultParams() { StringBuffer sb = new StringBuffer(); sb.append(PROP_ALGORITHMS); sb.append("="); @@ -365,14 +366,14 @@ public class SigningAlgorithmConstraints extends APolicyRule } defConfParams.addElement(sb.toString()); - return defConfParams; + return defConfParams; } public String[] getExtendedPluginInfo(Locale locale) { if (!winnowedByKey) { - try { - winnowByKey(); - } catch (Exception e) { + try { + winnowByKey(); + } catch (Exception e) { } } @@ -380,51 +381,51 @@ public class SigningAlgorithmConstraints extends APolicyRule String[] params_BOTH = { PROP_ALGORITHMS + ";" + "choice(MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA256withRSA\\,SHA512withRSA\\,SHA1withDSA," + - "MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA1withDSA,"+ - "MD2withRSA\\,MD5withRSA\\,SHA1withRSA," + - "MD2withRSA\\,SHA1withRSA\\,SHA1withDSA," + - "MD5withRSA\\,SHA1withRSA\\,SHA1withDSA," + - "MD2withRSA\\,MD5withRSA\\,SHA1withDSA," + - "MD2withRSA\\,MD5withRSA," + - "MD2withRSA\\,SHA1withRSA," + - "MD2withRSA\\,SHA1withDSA," + - "MD5withRSA\\,SHA1withRSA," + - "MD5withRSA\\,SHA1withDSA," + - "SHA1withRSA\\,SHA1withDSA," + - "MD2withRSA," + - "MD5withRSA," + - "SHA1withRSA," + - "SHA1withDSA);List of algorithms to restrict the requested signing algorithm " + - "to be one of the algorithms supported by Certificate System", + "MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA1withDSA," + + "MD2withRSA\\,MD5withRSA\\,SHA1withRSA," + + "MD2withRSA\\,SHA1withRSA\\,SHA1withDSA," + + "MD5withRSA\\,SHA1withRSA\\,SHA1withDSA," + + "MD2withRSA\\,MD5withRSA\\,SHA1withDSA," + + "MD2withRSA\\,MD5withRSA," + + "MD2withRSA\\,SHA1withRSA," + + "MD2withRSA\\,SHA1withDSA," + + "MD5withRSA\\,SHA1withRSA," + + "MD5withRSA\\,SHA1withDSA," + + "SHA1withRSA\\,SHA1withDSA," + + "MD2withRSA," + + "MD5withRSA," + + "SHA1withRSA," + + "SHA1withDSA);List of algorithms to restrict the requested signing algorithm " + + "to be one of the algorithms supported by Certificate System", IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-signingalgconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Restricts the requested signing algorithm to be one of" + - " the algorithms supported by Certificate System" + ";Restricts the requested signing algorithm to be one of" + + " the algorithms supported by Certificate System" }; String[] params_RSA = { PROP_ALGORITHMS + ";" + "choice(MD2withRSA\\,MD5withRSA\\,SHA1withRSA," + - "MD2withRSA\\,MD5withRSA," + - "MD2withRSA\\,SHA1withRSA," + - "MD5withRSA\\,SHA1withRSA," + - "MD2withRSA," + - "MD5withRSA," + - "SHA1withRSA);Restrict the requested signing algorithm to be " + - "one of the algorithms supported by Certificate System", + "MD2withRSA\\,MD5withRSA," + + "MD2withRSA\\,SHA1withRSA," + + "MD5withRSA\\,SHA1withRSA," + + "MD2withRSA," + + "MD5withRSA," + + "SHA1withRSA);Restrict the requested signing algorithm to be " + + "one of the algorithms supported by Certificate System", IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-signingalgconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Restricts the requested signing algorithm to be one of" + - " the algorithms supported by Certificate System" + ";Restricts the requested signing algorithm to be one of" + + " the algorithms supported by Certificate System" }; String[] params_DSA = { PROP_ALGORITHMS + ";" + "choice(SHA1withDSA);Restrict the requested signing " + - "algorithm to be one of the algorithms supported by Certificate " + - "System", + "algorithm to be one of the algorithms supported by Certificate " + + "System", IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-signingalgconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Restricts the requested signing algorithm to be one of" + - " the algorithms supported by Certificate System" + ";Restricts the requested signing algorithm to be one of" + + " the algorithms supported by Certificate System" }; switch (mDefaultAllowedAlgs.length) { @@ -447,4 +448,3 @@ public class SigningAlgorithmConstraints extends APolicyRule } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java index 8e8cd4a7..81862cfe 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Locale; import java.util.Vector; @@ -41,16 +40,16 @@ import com.netscape.certsrv.request.PolicyResult; import com.netscape.certsrv.security.ISigningUnit; import com.netscape.cms.policy.APolicyRule; - /** - * This simple policy checks the subordinate CA CSR to see - * if it is the same as the local CA. + * This simple policy checks the subordinate CA CSR to see if it is the same as + * the local CA. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ @@ -66,32 +65,32 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli public String[] getExtendedPluginInfo(Locale locale) { String[] params = { IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-subcanamecheck", + ";configuration-policyrules-subcanamecheck", IExtendedPluginInfo.HELP_TEXT + - ";Checks if subordinate CA request matches the local CA. There are no parameters to change" + ";Checks if subordinate CA request matches the local CA. There are no parameters to change" }; return params; } - + /** * Initializes this policy rule. * <P> - * + * * The entries probably are of the form - * ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints - * ra.Policy.rule.<ruleName>.algorithms=RSA,DSA - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.predicate=ou==Sales - * - * @param config The config store reference + * ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints + * ra.Policy.rule.<ruleName>.algorithms=RSA,DSA + * ra.Policy.rule.<ruleName>.enable=true + * ra.Policy.rule.<ruleName>.predicate=ou==Sales + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { // get CA's public key to create authority key id. - ICertAuthority certAuthority = (ICertAuthority) - ((IPolicyProcessor) owner).getAuthority(); + ICertAuthority certAuthority = (ICertAuthority) + ((IPolicyProcessor) owner).getAuthority(); if (certAuthority == null) { // should never get here. @@ -106,7 +105,7 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli } mCA = (ICertificateAuthority) certAuthority; ISigningUnit su = mCA.getSigningUnit(); - if( su == null || CMS.isPreOpMode() ) { + if (su == null || CMS.isPreOpMode()) { return; } @@ -124,8 +123,8 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -136,7 +135,7 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli // Get the certificate templates X509CertInfo[] certInfos = req.getExtDataInCertInfoArray( IRequest.CERT_INFO); - + if (certInfos == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_NO_CERT_INFO", getInstanceName())); setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME + ":" + getInstanceName()), ""); @@ -163,7 +162,7 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli } } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_NO_SUBJECT_NAME_1", getInstanceName())); - String params[] = {getInstanceName(), e.toString()}; + String params[] = { getInstanceName(), e.toString() }; setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); @@ -174,24 +173,23 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector getInstanceParams() { + public Vector getInstanceParams() { Vector v = new Vector(); return v; } - + /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector getDefaultParams() { + public Vector getDefaultParams() { Vector v = new Vector(); return v; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectName.java b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectName.java index dc8ecd79..9afbf765 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectName.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectName.java @@ -17,17 +17,15 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - - - /** * This class is used to help migrate CMS4.1 to CMS4.2. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java index 2cff24d3..48663f61 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -44,35 +43,33 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * Checks the uniqueness of the subject name. This policy - * can only be used (installed) in Certificate Authority - * subsystem. - * - * This policy can perform pre-agent-approval checking or - * post-agent-approval checking based on configuration - * setting. - * - * In some situations, user may want to have 2 certificates with - * the same subject name. For example, one key for encryption, - * and one for signing. This policy does not deal with this case - * directly. But it can be easily extended to do that. + * Checks the uniqueness of the subject name. This policy can only be used + * (installed) in Certificate Authority subsystem. + * + * This policy can perform pre-agent-approval checking or post-agent-approval + * checking based on configuration setting. + * + * In some situations, user may want to have 2 certificates with the same + * subject name. For example, one key for encryption, and one for signing. This + * policy does not deal with this case directly. But it can be easily extended + * to do that. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ -public class UniqueSubjectNameConstraints extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { - protected static final String PROP_PRE_AGENT_APPROVAL_CHECKING = - "enablePreAgentApprovalChecking"; - protected static final String PROP_KEY_USAGE_EXTENSION_CHECKING = - "enableKeyUsageExtensionChecking"; +public class UniqueSubjectNameConstraints extends APolicyRule + implements IEnrollmentPolicy, IExtendedPluginInfo { + protected static final String PROP_PRE_AGENT_APPROVAL_CHECKING = + "enablePreAgentApprovalChecking"; + protected static final String PROP_KEY_USAGE_EXTENSION_CHECKING = + "enableKeyUsageExtensionChecking"; public ICertificateAuthority mCA = null; @@ -82,17 +79,17 @@ public class UniqueSubjectNameConstraints extends APolicyRule public UniqueSubjectNameConstraints() { NAME = "UniqueSubjectName"; DESC = "Ensure the uniqueness of the subject name."; - } + } public String[] getExtendedPluginInfo(Locale locale) { String[] params = { PROP_PRE_AGENT_APPROVAL_CHECKING + ";boolean;If checked, check subject name uniqueness BEFORE agent approves, (else checks AFTER approval)", PROP_KEY_USAGE_EXTENSION_CHECKING + ";boolean;If checked, allow non-unique subject names if Key Usage Extension differs", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-uniquesubjectname", + ";configuration-policyrules-uniquesubjectname", IExtendedPluginInfo.HELP_TEXT + - ";Rejects a request if there exists an unrevoked, unexpired " + - "certificate with the same subject name" + ";Rejects a request if there exists an unrevoked, unexpired " + + "certificate with the same subject name" }; return params; @@ -102,22 +99,22 @@ public class UniqueSubjectNameConstraints extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries probably are of the form: - * - * ca.Policy.rule.<ruleName>.implName=UniqueSubjectName - * ca.Policy.rule.<ruleName>.enable=true - * ca.Policy.rule.<ruleName>.enable=true - * ca.Policy.rule.<ruleName>.enablePreAgentApprovalChecking=true - * ca.Policy.rule.<ruleName>.enableKeyUsageExtensionChecking=true - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.implName=UniqueSubjectName + * ca.Policy.rule.<ruleName>.enable=true + * ca.Policy.rule.<ruleName>.enable=true + * ca.Policy.rule.<ruleName>.enablePreAgentApprovalChecking=true + * ca.Policy.rule.<ruleName>.enableKeyUsageExtensionChecking=true + * + * @param config The config store reference */ - public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException { // get CA's public key to create authority key id. ICertAuthority certAuthority = (ICertAuthority) - ((IPolicyProcessor) owner).getAuthority(); + ((IPolicyProcessor) owner).getAuthority(); if (certAuthority == null) { // should never get here. @@ -131,12 +128,12 @@ public class UniqueSubjectNameConstraints extends APolicyRule mCA = (ICertificateAuthority) certAuthority; try { - mPreAgentApprovalChecking = + mPreAgentApprovalChecking = config.getBoolean(PROP_PRE_AGENT_APPROVAL_CHECKING, false); } catch (EBaseException e) { } try { - mKeyUsageExtensionChecking = + mKeyUsageExtensionChecking = config.getBoolean(PROP_KEY_USAGE_EXTENSION_CHECKING, true); } catch (EBaseException e) { } @@ -145,8 +142,8 @@ public class UniqueSubjectNameConstraints extends APolicyRule /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -162,9 +159,9 @@ public class UniqueSubjectNameConstraints extends APolicyRule // Get the certificate templates X509CertInfo[] certInfos = req.getExtDataInCertInfoArray( IRequest.CERT_INFO); - + if (certInfos == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", getInstanceName()), ""); return PolicyResult.REJECTED; } @@ -172,11 +169,11 @@ public class UniqueSubjectNameConstraints extends APolicyRule // retrieve the subject name and check its unqiueness for (int i = 0; i < certInfos.length; i++) { CertificateSubjectName subName = (CertificateSubjectName) - certInfos[i].get(X509CertInfo.SUBJECT); + certInfos[i].get(X509CertInfo.SUBJECT); // if there is no name set, set one here. if (subName == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_SUBJECT_NAME", + setError(req, CMS.getUserMessage("CMS_POLICY_NO_SUBJECT_NAME", getInstanceName()), ""); return PolicyResult.REJECTED; } @@ -184,23 +181,24 @@ public class UniqueSubjectNameConstraints extends APolicyRule String filter = "x509Cert.subject=" + certSubjectName; // subject name is indexed, so we only use subject name // in the filter - Enumeration<ICertRecord> matched = - mCA.getCertificateRepository().findCertRecords(filter); + Enumeration<ICertRecord> matched = + mCA.getCertificateRepository().findCertRecords(filter); while (matched.hasMoreElements()) { - ICertRecord rec = matched.nextElement(); + ICertRecord rec = matched.nextElement(); String status = rec.getStatus(); if (status.equals(ICertRecord.STATUS_REVOKED) || status.equals(ICertRecord.STATUS_EXPIRED) || status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) { - // accept this only if we have a REVOKED, + // accept this only if we have a REVOKED, // EXPIRED or REVOKED_EXPIRED certificate continue; - + } - // you already have an VALID or INVALID (not yet valid) certificate + // you already have an VALID or INVALID (not yet valid) + // certificate if (mKeyUsageExtensionChecking && agentApproved(req)) { - // This request is agent approved which - // means all requested extensions are finalized + // This request is agent approved which + // means all requested extensions are finalized // to the request, // We will accept duplicated subject name with // different keyUsage extension if @@ -210,15 +208,15 @@ public class UniqueSubjectNameConstraints extends APolicyRule } } - setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_NAME_EXIST", + setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_NAME_EXIST", getInstanceName() + " " + certSubjectName), ""); return PolicyResult.REJECTED; } } } catch (Exception e) { - String params[] = {getInstanceName(), e.toString()}; + String params[] = { getInstanceName(), e.toString() }; - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); result = PolicyResult.REJECTED; } @@ -226,11 +224,11 @@ public class UniqueSubjectNameConstraints extends APolicyRule } /** - * Checks if the key extension in the issued certificate - * is the same as the one in the certificate template. + * Checks if the key extension in the issued certificate is the same as the + * one in the certificate template. */ - private boolean sameKeyUsageExtension(ICertRecord rec, - X509CertInfo certInfo) { + private boolean sameKeyUsageExtension(ICertRecord rec, + X509CertInfo certInfo) { X509CertImpl impl = rec.getCertificate(); boolean bits[] = impl.getKeyUsage(); @@ -282,25 +280,25 @@ public class UniqueSubjectNameConstraints extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector<String> getInstanceParams() { Vector<String> confParams = new Vector<String>(); confParams.addElement(PROP_PRE_AGENT_APPROVAL_CHECKING + - "=" + mPreAgentApprovalChecking); + "=" + mPreAgentApprovalChecking); confParams.addElement(PROP_KEY_USAGE_EXTENSION_CHECKING + - "=" + mKeyUsageExtensionChecking); + "=" + mKeyUsageExtensionChecking); return confParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { Vector<String> defParams = new Vector<String>(); defParams.addElement(PROP_PRE_AGENT_APPROVAL_CHECKING + "="); diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java index 62c49450..d8578633 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Date; import java.util.Locale; import java.util.Vector; @@ -35,26 +34,24 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * ValidityConstraints is a default rule for Enrollment and - * Renewal that enforces minimum and maximum validity periods - * and changes them if not met. - * - * Optionally the lead and lag times - i.e how far back into the - * front or back the notBefore date could go in minutes can also - * be specified. + * ValidityConstraints is a default rule for Enrollment and Renewal that + * enforces minimum and maximum validity periods and changes them if not met. + * + * Optionally the lead and lag times - i.e how far back into the front or back + * the notBefore date could go in minutes can also be specified. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class ValidityConstraints extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { protected long mMinValidity; protected long mMaxValidity; protected long mLeadTime; @@ -78,15 +75,15 @@ public class ValidityConstraints extends APolicyRule static { defConfParams.addElement(PROP_MIN_VALIDITY + "=" + - DEF_MIN_VALIDITY); + DEF_MIN_VALIDITY); defConfParams.addElement(PROP_MAX_VALIDITY + "=" + - DEF_MAX_VALIDITY); + DEF_MAX_VALIDITY); defConfParams.addElement(PROP_LEAD_TIME + "=" + - DEF_LEAD_TIME); + DEF_LEAD_TIME); defConfParams.addElement(PROP_LAG_TIME + "=" + - DEF_LAG_TIME); + DEF_LAG_TIME); defConfParams.addElement(PROP_NOT_BEFORE_SKEW + "=" + - DEF_NOT_BEFORE_SKEW); + DEF_NOT_BEFORE_SKEW); } public String[] getExtendedPluginInfo(Locale locale) { @@ -97,11 +94,11 @@ public class ValidityConstraints extends APolicyRule PROP_LAG_TIME + ";number;NOT CURRENTLY IN USE", PROP_NOT_BEFORE_SKEW + ";number;Number of minutes a cert's notBefore should be in the past", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-validityconstraints", + ";configuration-policyrules-validityconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Ensures that the user's requested validity period is " + - "acceptable. If not specified, as is usually the case, " + - "this policy will set the validity. See RFC 2459." + ";Ensures that the user's requested validity period is " + + "acceptable. If not specified, as is usually the case, " + + "this policy will set the validity. See RFC 2459." }; return params; @@ -116,19 +113,19 @@ public class ValidityConstraints extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries probably are of the form: - * - * ra.Policy.rule.<ruleName>.implName=ValidityConstraints - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.minValidity=30 - * ra.Policy.rule.<ruleName>.maxValidity=180 - * ra.Policy.rule.<ruleName>.predicate=ou==Sales - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=ValidityConstraints + * ra.Policy.rule.<ruleName>.enable=true + * ra.Policy.rule.<ruleName>.minValidity=30 + * ra.Policy.rule.<ruleName>.maxValidity=180 + * ra.Policy.rule.<ruleName>.predicate=ou==Sales + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EPolicyException { + throws EPolicyException { // Get min and max validity in days and configure them. try { @@ -164,7 +161,7 @@ public class ValidityConstraints extends APolicyRule mNotBeforeSkew = DEF_NOT_BEFORE_SKEW * MINS_TO_MS_FACTOR; } catch (Exception e) { // e.printStackTrace(); - String[] params = {getInstanceName(), e.toString()}; + String[] params = { getInstanceName(), e.toString() }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params)); @@ -174,8 +171,8 @@ public class ValidityConstraints extends APolicyRule /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -184,8 +181,8 @@ public class ValidityConstraints extends APolicyRule try { // Get the certificate info from the request - //X509CertInfo certInfo[] = (X509CertInfo[]) - // req.get(IRequest.CERT_INFO); + // X509CertInfo certInfo[] = (X509CertInfo[]) + // req.get(IRequest.CERT_INFO); X509CertInfo certInfo[] = req.getExtDataInCertInfoArray(IRequest.CERT_INFO); // There should be a certificate info set. @@ -198,7 +195,7 @@ public class ValidityConstraints extends APolicyRule // Else check if validity is within the limit for (int i = 0; i < certInfo.length; i++) { CertificateValidity validity = (CertificateValidity) - certInfo[i].get(X509CertInfo.VALIDITY); + certInfo[i].get(X509CertInfo.VALIDITY); Date notBefore = null, notAfter = null; @@ -209,15 +206,15 @@ public class ValidityConstraints extends APolicyRule validity.get(CertificateValidity.NOT_AFTER); } - // If no validity is supplied yet, make one. The default + // If no validity is supplied yet, make one. The default // validity is supposed to pass the following checks, so // bypass further checking. // (date = 0 is hack for serialization) if (validity == null || - (notBefore.getTime() == 0 && notAfter.getTime() == 0)) { + (notBefore.getTime() == 0 && notAfter.getTime() == 0)) { certInfo[i].set(X509CertInfo.VALIDITY, - makeDefaultValidity(req)); + makeDefaultValidity(req)); continue; } @@ -228,22 +225,20 @@ public class ValidityConstraints extends APolicyRule getInstanceName()), ""); result = PolicyResult.REJECTED; } - if ((notAfter.getTime() - notBefore.getTime()) > - mMaxValidity) { - String params[] = {getInstanceName(), + if ((notAfter.getTime() - notBefore.getTime()) > mMaxValidity) { + String params[] = { getInstanceName(), String.valueOf( - ((notAfter.getTime() - notBefore.getTime()) / DAYS_TO_MS_FACTOR)), - String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR)}; + ((notAfter.getTime() - notBefore.getTime()) / DAYS_TO_MS_FACTOR)), + String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR) }; setError(req, CMS.getUserMessage("CMS_POLICY_MORE_THAN_MAX_VALIDITY", params), ""); result = PolicyResult.REJECTED; } - if ((notAfter.getTime() - notBefore.getTime()) < - mMinValidity) { - String params[] = {getInstanceName(), + if ((notAfter.getTime() - notBefore.getTime()) < mMinValidity) { + String params[] = { getInstanceName(), String.valueOf( - ((notAfter.getTime() - notBefore.getTime()) / DAYS_TO_MS_FACTOR)), - String.valueOf(mMinValidity / DAYS_TO_MS_FACTOR)}; + ((notAfter.getTime() - notBefore.getTime()) / DAYS_TO_MS_FACTOR)), + String.valueOf(mMinValidity / DAYS_TO_MS_FACTOR) }; setError(req, CMS.getUserMessage("CMS_POLICY_LESS_THAN_MIN_VALIDITY", params), ""); result = PolicyResult.REJECTED; @@ -251,7 +246,7 @@ public class ValidityConstraints extends APolicyRule } } catch (Exception e) { // e.printStackTrace(); - String params[] = {getInstanceName(), e.toString()}; + String params[] = { getInstanceName(), e.toString() }; setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); @@ -262,28 +257,28 @@ public class ValidityConstraints extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getInstanceParams() { Vector confParams = new Vector(); confParams.addElement(PROP_MIN_VALIDITY + "=" + - mMinValidity / DAYS_TO_MS_FACTOR); + mMinValidity / DAYS_TO_MS_FACTOR); confParams.addElement(PROP_MAX_VALIDITY + "=" + - mMaxValidity / DAYS_TO_MS_FACTOR); - confParams.addElement(PROP_LEAD_TIME + "=" - + mLeadTime / MINS_TO_MS_FACTOR); - confParams.addElement(PROP_LAG_TIME + "=" + - mLagTime / MINS_TO_MS_FACTOR); - confParams.addElement(PROP_NOT_BEFORE_SKEW + "=" + - mNotBeforeSkew / MINS_TO_MS_FACTOR); + mMaxValidity / DAYS_TO_MS_FACTOR); + confParams.addElement(PROP_LEAD_TIME + "=" + + mLeadTime / MINS_TO_MS_FACTOR); + confParams.addElement(PROP_LAG_TIME + "=" + + mLagTime / MINS_TO_MS_FACTOR); + confParams.addElement(PROP_NOT_BEFORE_SKEW + "=" + + mNotBeforeSkew / MINS_TO_MS_FACTOR); return confParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { @@ -292,12 +287,12 @@ public class ValidityConstraints extends APolicyRule /** * Create a default validity value for a request - * + * * This code can be easily overridden in a derived class, if the * calculations here aren't accepatble. - * - * TODO: it might be good to base this calculation on the creation - * time of the request. + * + * TODO: it might be good to base this calculation on the creation time of + * the request. */ protected CertificateValidity makeDefaultValidity(IRequest req) { long now = roundTimeToSecond((CMS.getCurrentDate()).getTime()); @@ -311,13 +306,11 @@ public class ValidityConstraints extends APolicyRule } /** - * convert a millisecond resolution time into one with 1 second - * resolution. Most times in certificates are storage at 1 - * second resolution, so its better if we deal with things at - * that level. + * convert a millisecond resolution time into one with 1 second resolution. + * Most times in certificates are storage at 1 second resolution, so its + * better if we deal with things at that level. */ protected long roundTimeToSecond(long input) { return (input / 1000) * 1000; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java index 4f8aaa29..79679f0c 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.io.Serializable; import java.security.cert.CertificateException; @@ -44,57 +43,51 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * Authority Information Access extension policy. - * If this policy is enabled, it adds an authority - * information access extension to the certificate. - * + * Authority Information Access extension policy. If this policy is enabled, it + * adds an authority information access extension to the certificate. + * * The following listed sample configuration parameters: * - * ca.Policy.impl.AuthInfoAccess.class=com.netscape.certsrv.policy.AuthInfoAccessExt + * ca.Policy.impl.AuthInfoAccess.class=com.netscape.certsrv.policy. + * AuthInfoAccessExt * ca.Policy.rule.aia.ad0_location=uriName:http://ocsp1.netscape.com - * ca.Policy.rule.aia.ad0_method=ocsp - * ca.Policy.rule.aia.ad1_location_type=URI + * ca.Policy.rule.aia.ad0_method=ocsp ca.Policy.rule.aia.ad1_location_type=URI * ca.Policy.rule.aia.ad1_location=http://ocsp2.netscape.com - * ca.Policy.rule.aia.ad1_method=ocsp - * ca.Policy.rule.aia.ad2_location= - * ca.Policy.rule.aia.ad2_method= - * ca.Policy.rule.aia.ad3_location= - * ca.Policy.rule.aia.ad3_method= - * ca.Policy.rule.aia.ad4_location= - * ca.Policy.rule.aia.ad4_method= - * ca.Policy.rule.aia.critical=true - * ca.Policy.rule.aia.enable=true - * ca.Policy.rule.aia.implName=AuthInfoAccess + * ca.Policy.rule.aia.ad1_method=ocsp ca.Policy.rule.aia.ad2_location= + * ca.Policy.rule.aia.ad2_method= ca.Policy.rule.aia.ad3_location= + * ca.Policy.rule.aia.ad3_method= ca.Policy.rule.aia.ad4_location= + * ca.Policy.rule.aia.ad4_method= ca.Policy.rule.aia.critical=true + * ca.Policy.rule.aia.enable=true ca.Policy.rule.aia.implName=AuthInfoAccess * ca.Policy.rule.aia.predicate= - * - * Currently, this policy only supports the following location: - * uriName:[URI], dirName:[DN] + * + * Currently, this policy only supports the following location: uriName:[URI], + * dirName:[DN] * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ -public class AuthInfoAccessExt extends APolicyRule implements +public class AuthInfoAccessExt extends APolicyRule implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_CRITICAL = - "critical"; + "critical"; protected static final String PROP_AD = - "ad"; + "ad"; protected static final String PROP_METHOD = - "method"; + "method"; protected static final String PROP_LOCATION = - "location"; + "location"; protected static final String PROP_LOCATION_TYPE = - "location_type"; + "location_type"; protected static final String PROP_NUM_ADS = - "numADs"; + "numADs"; public static final int MAX_AD = 5; @@ -109,13 +102,13 @@ public class AuthInfoAccessExt extends APolicyRule implements Vector<String> v = new Vector<String>(); v.addElement(PROP_CRITICAL + - ";boolean;RFC 2459 recommendation: This extension MUST be non-critical."); + ";boolean;RFC 2459 recommendation: This extension MUST be non-critical."); v.addElement(PROP_NUM_ADS + - ";number;The total number of access descriptions."); + ";number;The total number of access descriptions."); v.addElement(IExtendedPluginInfo.HELP_TEXT + - ";Adds Authority Info Access Extension. Defined in RFC 2459 " + "(4.2.2.1)"); + ";Adds Authority Info Access Extension. Defined in RFC 2459 " + "(4.2.2.1)"); v.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-authinfoaccess"); + ";configuration-policyrules-authinfoaccess"); for (int i = 0; i < MAX_AD; i++) { v.addElement(PROP_AD + Integer.toString(i) + "_" + PROP_METHOD + ";string;" + "A unique,valid OID specified in dot-separated numeric component notation. e.g. 1.3.6.1.5.5.7.48.1 (ocsp), 1.3.6.1.5.5.7.48.2 (caIssuers), 2.16.840.1.113730.1.16.1 (renewal)"); @@ -128,17 +121,17 @@ public class AuthInfoAccessExt extends APolicyRule implements /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt - * ca.Policy.rule.<ruleName>.enable=true - * ca.Policy.rule.<ruleName>.predicate= - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt + * ca.Policy.rule.<ruleName>.enable=true + * ca.Policy.rule.<ruleName>.predicate= + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; } @@ -153,7 +146,7 @@ public class AuthInfoAccessExt extends APolicyRule implements // for (int i = 0;; i++) { ObjectIdentifier methodOID = null; - String method = mConfig.getString(PROP_AD + + String method = mConfig.getString(PROP_AD + Integer.toString(i) + "_" + PROP_METHOD, null); if (method == null) @@ -162,10 +155,10 @@ public class AuthInfoAccessExt extends APolicyRule implements if (method.equals("")) break; - // - // method ::= ocsp | caIssuers | <OID> - // OID ::= [object identifier] - // + // + // method ::= ocsp | caIssuers | <OID> + // OID ::= [object identifier] + // try { if (method.equalsIgnoreCase("ocsp")) { methodOID = ObjectIdentifier.getObjectIdentifier("1.3.6.1.5.5.7.48.1"); @@ -186,17 +179,17 @@ public class AuthInfoAccessExt extends APolicyRule implements // TAG ::= uriName | dirName // VALUE ::= [value defined by TAG] // - String location_type = mConfig.getString(PROP_AD + - Integer.toString(i) + + String location_type = mConfig.getString(PROP_AD + + Integer.toString(i) + "_" + PROP_LOCATION_TYPE, null); - String location = mConfig.getString(PROP_AD + - Integer.toString(i) + + String location = mConfig.getString(PROP_AD + + Integer.toString(i) + "_" + PROP_LOCATION, null); if (location == null) break; GeneralName gn = CMS.form_GeneralName(location_type, location); - Vector<Serializable> e = new Vector<Serializable>(); + Vector<Serializable> e = new Vector<Serializable>(); e.addElement(methodOID); e.addElement(gn); @@ -206,10 +199,10 @@ public class AuthInfoAccessExt extends APolicyRule implements } /** - * If this policy is enabled, add the authority information - * access extension to the certificate. + * If this policy is enabled, add the authority information access extension + * to the certificate. * <P> - * + * * @param req The request on which to apply policy. * @return The policy result object. */ @@ -221,7 +214,7 @@ public class AuthInfoAccessExt extends APolicyRule implements IRequest.CERT_INFO); if (ci == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), ""); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), ""); return PolicyResult.REJECTED; // unrecoverable error. } @@ -229,8 +222,8 @@ public class AuthInfoAccessExt extends APolicyRule implements certInfo = ci[j]; if (certInfo == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, "")); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", + log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, "")); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", NAME, "Configuration Info Error"), ""); return PolicyResult.REJECTED; // unrecoverable error. } @@ -238,19 +231,19 @@ public class AuthInfoAccessExt extends APolicyRule implements try { // Find the extensions in the certInfo CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); // add access descriptions Enumeration<Vector<Serializable>> e = getAccessDescriptions(); if (!e.hasMoreElements()) { return res; - } - + } + if (extensions == null) { // create extension if not exist certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } else { @@ -263,12 +256,12 @@ public class AuthInfoAccessExt extends APolicyRule implements } // Create the extension - AuthInfoAccessExtension aiaExt = new - AuthInfoAccessExtension(mConfig.getBoolean( - PROP_CRITICAL, false)); + AuthInfoAccessExtension aiaExt = new + AuthInfoAccessExtension(mConfig.getBoolean( + PROP_CRITICAL, false)); while (e.hasMoreElements()) { - Vector<Serializable> ad = e.nextElement(); + Vector<Serializable> ad = e.nextElement(); ObjectIdentifier oid = (ObjectIdentifier) ad.elementAt(0); GeneralName gn = (GeneralName) ad.elementAt(1); @@ -278,17 +271,17 @@ public class AuthInfoAccessExt extends APolicyRule implements } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()), ""); return PolicyResult.REJECTED; // unrecoverable error. } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", NAME, "Configuration Info Error"), ""); return PolicyResult.REJECTED; // unrecoverable error. } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", NAME, "Certificate Info Error"), ""); return PolicyResult.REJECTED; // unrecoverable error. } @@ -299,15 +292,15 @@ public class AuthInfoAccessExt extends APolicyRule implements /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { Vector<String> params = new Vector<String>(); try { - params.addElement(PROP_CRITICAL + "=" + - mConfig.getBoolean(PROP_CRITICAL, false)); + params.addElement(PROP_CRITICAL + "=" + + mConfig.getBoolean(PROP_CRITICAL, false)); } catch (EBaseException e) { params.addElement(PROP_CRITICAL + "=false"); } @@ -325,46 +318,46 @@ public class AuthInfoAccessExt extends APolicyRule implements String method = null; try { - method = mConfig.getString(PROP_AD + + method = mConfig.getString(PROP_AD + Integer.toString(i) + "_" + PROP_METHOD, ""); } catch (EBaseException e) { } - params.addElement(PROP_AD + - Integer.toString(i) + - "_" + PROP_METHOD + "=" + method); + params.addElement(PROP_AD + + Integer.toString(i) + + "_" + PROP_METHOD + "=" + method); String location_type = null; try { - location_type = mConfig.getString(PROP_AD + - Integer.toString(i) + "_" + PROP_LOCATION_TYPE, + location_type = mConfig.getString(PROP_AD + + Integer.toString(i) + "_" + PROP_LOCATION_TYPE, IGeneralNameUtil.GENNAME_CHOICE_URL); } catch (EBaseException e) { } - params.addElement(PROP_AD + - Integer.toString(i) + - "_" + PROP_LOCATION_TYPE + "=" + location_type); + params.addElement(PROP_AD + + Integer.toString(i) + + "_" + PROP_LOCATION_TYPE + "=" + location_type); String location = null; try { - location = mConfig.getString(PROP_AD + - Integer.toString(i) + "_" + PROP_LOCATION, + location = mConfig.getString(PROP_AD + + Integer.toString(i) + "_" + PROP_LOCATION, ""); } catch (EBaseException e) { } - params.addElement(PROP_AD + - Integer.toString(i) + - "_" + PROP_LOCATION + "=" + location); + params.addElement(PROP_AD + + Integer.toString(i) + + "_" + PROP_LOCATION + "=" + location); } return params; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { Vector<String> defParams = new Vector<String>(); defParams.addElement(PROP_CRITICAL + "=false"); @@ -376,14 +369,13 @@ public class AuthInfoAccessExt extends APolicyRule implements // the CMS.cfg // for (int i = 0; i < MAX_AD; i++) { - defParams.addElement(PROP_AD + Integer.toString(i) + - "_" + PROP_METHOD + "="); - defParams.addElement(PROP_AD + Integer.toString(i) + - "_" + PROP_LOCATION_TYPE + "=" + IGeneralNameUtil.GENNAME_CHOICE_URL); - defParams.addElement(PROP_AD + Integer.toString(i) + - "_" + PROP_LOCATION + "="); + defParams.addElement(PROP_AD + Integer.toString(i) + + "_" + PROP_METHOD + "="); + defParams.addElement(PROP_AD + Integer.toString(i) + + "_" + PROP_LOCATION_TYPE + "=" + IGeneralNameUtil.GENNAME_CHOICE_URL); + defParams.addElement(PROP_AD + Integer.toString(i) + + "_" + PROP_LOCATION + "="); } return defParams; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java index 7ec05fec..3a651d58 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Locale; @@ -45,21 +44,21 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * Authority Public Key Extension Policy - * Adds the subject public key id extension to certificates. + * Authority Public Key Extension Policy Adds the subject public key id + * extension to certificates. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class AuthorityKeyIdentifierExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_CRITICAL = "critical"; protected static final String PROP_ALT_KEYID_TYPE = "AltKeyIdType"; @@ -77,7 +76,7 @@ public class AuthorityKeyIdentifierExt extends APolicyRule protected boolean mCritical = DEF_CRITICAL; protected String mAltKeyIdType = DEF_ALT_KEYID_TYPE; - // the extension to add to certs. + // the extension to add to certs. protected AuthorityKeyIdentifierExtension mTheExtension = null; // instance params for console @@ -97,28 +96,25 @@ public class AuthorityKeyIdentifierExt extends APolicyRule } /** - * Initializes this policy rule. - * Reads configuration file and creates a authority key identifier - * extension to add. Key identifier inside the extension is constructed as - * the CA's subject key identifier extension if it exists. - * If it does not exist this can be configured to use: - * (1) sha-1 hash of the CA's subject public key info - * (what communicator expects if the CA does not have a subject key - * identifier extension) or (2) No extension set (3) Empty sequence - * in Authority Key Identifier extension. - * + * Initializes this policy rule. Reads configuration file and creates a + * authority key identifier extension to add. Key identifier inside the + * extension is constructed as the CA's subject key identifier extension if + * it exists. If it does not exist this can be configured to use: (1) sha-1 + * hash of the CA's subject public key info (what communicator expects if + * the CA does not have a subject key identifier extension) or (2) No + * extension set (3) Empty sequence in Authority Key Identifier extension. + * * <P> - * + * * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.predicate= - * ca.Policy.rule.<ruleName>.implName= - * ca.Policy.rule.<ruleName>.enable=true - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.predicate= ca.Policy.rule.<ruleName>.implName= + * ca.Policy.rule.<ruleName>.enable=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; mEnabled = mConfig.getBoolean( @@ -131,44 +127,44 @@ public class AuthorityKeyIdentifierExt extends APolicyRule if (mAltKeyIdType.equalsIgnoreCase(ALT_KEYID_TYPE_SPKISHA1)) mAltKeyIdType = ALT_KEYID_TYPE_SPKISHA1; - /* - else if (mAltKeyIdType.equalsIgnoreCase(ALT_KEYID_TYPE_EMPTY)) - mAltKeyIdType = ALT_KEYID_TYPE_EMPTY; - */ + /* + * else if (mAltKeyIdType.equalsIgnoreCase(ALT_KEYID_TYPE_EMPTY)) + * mAltKeyIdType = ALT_KEYID_TYPE_EMPTY; + */ else if (mAltKeyIdType.equalsIgnoreCase(ALT_KEYID_TYPE_NONE)) mAltKeyIdType = ALT_KEYID_TYPE_NONE; else { log(ILogger.LL_FAILURE, NAME + - CMS.getLogMessage("CA_UNKNOWN_ALT_KEY_ID_TYPE", mAltKeyIdType)); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", PROP_ALT_KEYID_TYPE, + CMS.getLogMessage("CA_UNKNOWN_ALT_KEY_ID_TYPE", mAltKeyIdType)); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", PROP_ALT_KEYID_TYPE, "value must be one of " + ALT_KEYID_TYPE_SPKISHA1 + ", " + ALT_KEYID_TYPE_NONE)); } // create authority key id extension. ICertAuthority certAuthority = (ICertAuthority) - ((IPolicyProcessor) owner).getAuthority(); + ((IPolicyProcessor) owner).getAuthority(); if (certAuthority == null) { // should never get here. String msg = NAME + ": " + - "Cannot find the Certificate Manager or Registration Manager"; + "Cannot find the Certificate Manager or Registration Manager"; log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER")); throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg)); } if (!(certAuthority instanceof ICertificateAuthority)) { log(ILogger.LL_FAILURE, NAME + - CMS.getLogMessage("POLICY_INVALID_POLICY", NAME)); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", + CMS.getLogMessage("POLICY_INVALID_POLICY", NAME)); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", NAME + " policy can only be used in a Certificate Authority.")); - } - //CertificateChain caChain = certAuthority.getCACertChain(); - //X509Certificate caCert = caChain.getFirstCertificate(); + } + // CertificateChain caChain = certAuthority.getCACertChain(); + // X509Certificate caCert = caChain.getFirstCertificate(); X509CertImpl caCert = certAuthority.getCACert(); - if( caCert == null || CMS.isPreOpMode() ) { + if (caCert == null || CMS.isPreOpMode()) { return; } - KeyIdentifier keyId = formKeyIdentifier(caCert); + KeyIdentifier keyId = formKeyIdentifier(caCert); if (keyId != null) { try { @@ -176,7 +172,7 @@ public class AuthorityKeyIdentifierExt extends APolicyRule mCritical, keyId, null, null); } catch (IOException e) { String msg = NAME + ": " + - "Error forming Authority Key Identifier extension: " + e; + "Error forming Authority Key Identifier extension: " + e; log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_AUTHORITY_KEY_ID_1", NAME)); throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg)); @@ -184,33 +180,33 @@ public class AuthorityKeyIdentifierExt extends APolicyRule } else { } - // form instance params + // form instance params mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical); mInstanceParams.addElement(PROP_ALT_KEYID_TYPE + "=" + mAltKeyIdType); } /** - * Adds Authority Key Identifier Extension to a certificate. - * If the extension is already there, accept it if it's from the agent, - * else replace it. - * - * @param req The request on which to apply policy. + * Adds Authority Key Identifier Extension to a certificate. If the + * extension is already there, accept it if it's from the agent, else + * replace it. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { // get certInfo from request. - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (ci == null || ci[0] == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), ""); - return PolicyResult.REJECTED; + return PolicyResult.REJECTED; } for (int i = 0; i < ci.length; i++) { PolicyResult certResult = applyCert(req, ci[i]); - if (certResult == PolicyResult.REJECTED) + if (certResult == PolicyResult.REJECTED) return certResult; } return PolicyResult.ACCEPTED; @@ -219,11 +215,11 @@ public class AuthorityKeyIdentifierExt extends APolicyRule public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) { try { - // if authority key id extension already exists, leave it if + // if authority key id extension already exists, leave it if // from agent. else replace it. AuthorityKeyIdentifierExtension authorityKeyIdExt = null; CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); try { if (extensions != null) { @@ -231,65 +227,66 @@ public class AuthorityKeyIdentifierExt extends APolicyRule extensions.get(AuthorityKeyIdentifierExtension.class.getSimpleName()); } } catch (IOException e) { - // extension isn't there. + // extension isn't there. } if (authorityKeyIdExt != null) { if (agentApproved(req)) { CMS.debug( - "AuthorityKeyIdentifierKeyExt: agent approved request id " + req.getRequestId() + - " already has authority key id extension with value " + - authorityKeyIdExt); + "AuthorityKeyIdentifierKeyExt: agent approved request id " + req.getRequestId() + + " already has authority key id extension with value " + + authorityKeyIdExt); return PolicyResult.ACCEPTED; } else { CMS.debug( - "AuthorityKeyIdentifierKeyExt: request id from user " + req.getRequestId() + - " had authority key identifier - deleted"); + "AuthorityKeyIdentifierKeyExt: request id from user " + req.getRequestId() + + " had authority key identifier - deleted"); extensions.delete(AuthorityKeyIdentifierExtension.class.getSimpleName()); } } - // if no authority key identifier should be set b/c CA does not - // have a subject key identifier, return here. - if (mTheExtension == null) + // if no authority key identifier should be set b/c CA does not + // have a subject key identifier, return here. + if (mTheExtension == null) return PolicyResult.ACCEPTED; - // add authority key id extension. + // add authority key id extension. if (extensions == null) { certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } extensions.set( - AuthorityKeyIdentifierExtension.class.getSimpleName(), mTheExtension); + AuthorityKeyIdentifierExtension.class.getSimpleName(), mTheExtension); CMS.debug( - "AuthorityKeyIdentifierKeyExt: added authority key id ext to request " + req.getRequestId()); + "AuthorityKeyIdentifierKeyExt: added authority key id ext to request " + req.getRequestId()); return PolicyResult.ACCEPTED; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.toString())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.toString())); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()), ""); return PolicyResult.REJECTED; } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_CERT", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_CERT", e.getMessage())); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", NAME, "Certificate Info Error"), ""); return PolicyResult.REJECTED; } } /** - * Form the Key Identifier in the Authority Key Identifier extension. - * from the CA's cert. + * Form the Key Identifier in the Authority Key Identifier extension. from + * the CA's cert. * <p> + * * @param caCertImpl Certificate Info * @return A Key Identifier. * @throws com.netscape.certsrv.base.EBaseException on error */ protected KeyIdentifier formKeyIdentifier(X509CertImpl caCertImpl) - throws EBaseException { + throws EBaseException { KeyIdentifier keyId = null; // get CA's certInfo. @@ -298,50 +295,50 @@ public class AuthorityKeyIdentifierExt extends APolicyRule try { certInfo = (X509CertInfo) caCertImpl.get( X509CertImpl.NAME + "." + X509CertImpl.INFO); - if (certInfo == null) { + if (certInfo == null) { String msg = "Bad CA certificate encountered. " + - "TBS Certificate missing."; + "TBS Certificate missing."; log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_CERT_FORMAT")); throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", NAME + ": " + msg)); } } catch (CertificateException e) { log(ILogger.LL_FAILURE, NAME + ": " + - CMS.getLogMessage("BASE_DECODE_CERT_FAILED_1", e.toString())); + CMS.getLogMessage("BASE_DECODE_CERT_FAILED_1", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", NAME + " Error decoding the CA Certificate: " + e)); } // get Key Id from CA's Subject Key Id extension in CA's CertInfo. keyId = getKeyIdentifier(certInfo); - if (keyId != null) + if (keyId != null) return keyId; - // if none exists use the configured alternate. + // if none exists use the configured alternate. if (mAltKeyIdType == ALT_KEYID_TYPE_SPKISHA1) { keyId = formSpkiSHA1KeyId(certInfo); } /* - else if (mAltKeyIdType == ALT_KEYID_TYPE_EMPTY) { - keyId = formEmptyKeyId(certInfo); - } - */ else if (mAltKeyIdType == ALT_KEYID_TYPE_NONE) { + * else if (mAltKeyIdType == ALT_KEYID_TYPE_EMPTY) { keyId = + * formEmptyKeyId(certInfo); } + */else if (mAltKeyIdType == ALT_KEYID_TYPE_NONE) { keyId = null; } else { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - mAltKeyIdType, + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", + mAltKeyIdType, "Unknown Alternate Key Identifier type.")); } return keyId; } /** - * Get the Key Identifier in a subject key identifier extension from a + * Get the Key Identifier in a subject key identifier extension from a * CertInfo. + * * @param certInfo the CertInfo structure. * @return Key Identifier in a Subject Key Identifier extension if any. */ - protected KeyIdentifier getKeyIdentifier(X509CertInfo certInfo) - throws EBaseException { + protected KeyIdentifier getKeyIdentifier(X509CertInfo certInfo) + throws EBaseException { CertificateExtensions exts = null; SubjectKeyIdentifierExtension subjKeyIdExt = null; KeyIdentifier keyId = null; @@ -357,7 +354,7 @@ public class AuthorityKeyIdentifierExt extends APolicyRule CMS.debug(NAME + ": " + "No extensions found. Error " + e); return null; } - if (exts == null) + if (exts == null) return null; try { @@ -366,7 +363,7 @@ public class AuthorityKeyIdentifierExt extends APolicyRule } catch (IOException e) { // extension isn't there. CMS.debug( - "AuthorityKeyIdentifierKeyExt: No Subject Key Identifier Extension found. Error: " + e); + "AuthorityKeyIdentifierKeyExt: No Subject Key Identifier Extension found. Error: " + e); return null; } if (subjKeyIdExt == null) @@ -376,9 +373,9 @@ public class AuthorityKeyIdentifierExt extends APolicyRule keyId = (KeyIdentifier) subjKeyIdExt.get( SubjectKeyIdentifierExtension.KEY_ID); } catch (IOException e) { - // no key identifier in subject key id extension. + // no key identifier in subject key id extension. String msg = NAME + ": " + - "Bad Subject Key Identifier Extension found. Error: " + e; + "Bad Subject Key Identifier Extension found. Error: " + e; log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_AUTHORITY_KEY_ID_1", NAME)); throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg)); @@ -388,40 +385,39 @@ public class AuthorityKeyIdentifierExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { return mInstanceParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { return mDefaultParams; } public String[] getExtendedPluginInfo(Locale locale) { String[] params = { PROP_CRITICAL + ";boolean;" + - "RFC 2459 recommendation: MUST NOT be marked critical.", + "RFC 2459 recommendation: MUST NOT be marked critical.", PROP_ALT_KEYID_TYPE + ";" + - "choice(" + ALT_KEYID_TYPE_SPKISHA1 + "," + ALT_KEYID_TYPE_NONE + ");" + - "Specifies whether to use a SHA1 hash of the CA's subject " + - "public key info for key identifier or leave out the " + - "authority key identifier extension if the CA certificate " + - "does not have a Subject Key Identifier extension.", + "choice(" + ALT_KEYID_TYPE_SPKISHA1 + "," + ALT_KEYID_TYPE_NONE + ");" + + "Specifies whether to use a SHA1 hash of the CA's subject " + + "public key info for key identifier or leave out the " + + "authority key identifier extension if the CA certificate " + + "does not have a Subject Key Identifier extension.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-authkeyid", + ";configuration-policyrules-authkeyid", IExtendedPluginInfo.HELP_TEXT + - ";Adds Authority Key Identifier Extension. " + - "See RFC 2459 (4.2.1.1)" + ";Adds Authority Key Identifier Extension. " + + "See RFC 2459 (4.2.1.1)" }; return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java index 1636902d..56062012 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -47,48 +46,46 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * Basic Constraints policy. - * Adds the Basic constraints extension. + * Basic Constraints policy. Adds the Basic constraints extension. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class BasicConstraintsExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_MAXPATHLEN = "maxPathLen"; protected static final String PROP_IS_CA = "isCA"; protected static final String PROP_IS_CRITICAL = "critical"; protected static final String ARG_PATHLEN = "BasicConstraintsPathLen"; - protected int mMaxPathLen = 0; // < 0 means unlimited + protected int mMaxPathLen = 0; // < 0 means unlimited protected String mOrigMaxPathLen = ""; // for UI display only protected boolean mCritical = true; - protected int mDefaultMaxPathLen = 0; // depends on the CA's path length. - protected int mCAPathLen = 0; + protected int mDefaultMaxPathLen = 0; // depends on the CA's path length. + protected int mCAPathLen = 0; protected boolean mRemoveExt = true; protected boolean mIsCA = true; public static final boolean DEFAULT_CRITICALITY = true; /** - * Adds the basic constraints extension as a critical extension in - * CA certificates i.e. certype is ca, with either a requested - * or configured path len. - * The requested or configured path length cannot be greater than - * or equal to the CA's basic constraints path length. - * If the CA path length is 0, all requests for CA certs are rejected. + * Adds the basic constraints extension as a critical extension in CA + * certificates i.e. certype is ca, with either a requested or configured + * path len. The requested or configured path length cannot be greater than + * or equal to the CA's basic constraints path length. If the CA path length + * is 0, all requests for CA certs are rejected. */ public BasicConstraintsExt() { NAME = "BasicConstraintsExt"; - DESC = + DESC = "Sets critical basic constraints extension in subordinate CA certs"; } @@ -96,54 +93,54 @@ public class BasicConstraintsExt extends APolicyRule * Initializes this policy rule. * <p> * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.implName=BasicConstraintsExtImpl - * ca.Policy.rule.<ruleName>.pathLen=<n>, -1 for undefined. - * ca.Policy.rule.<ruleName>.enable=true - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.implName=BasicConstraintsExtImpl + * ca.Policy.rule.<ruleName>.pathLen=<n>, -1 for undefined. + * ca.Policy.rule.<ruleName>.enable=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { // get the CA's path len to check against configured max path len. ICertAuthority certAuthority = (ICertAuthority) - ((IPolicyProcessor) owner).getAuthority(); + ((IPolicyProcessor) owner).getAuthority(); if (certAuthority == null) { // should never get here. log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER")); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "Cannot find the Certificate Manager or Registration Manager")); } if (certAuthority instanceof IRegistrationAuthority) { - log(ILogger.LL_WARN, - "default basic constraints extension path len to -1."); + log(ILogger.LL_WARN, + "default basic constraints extension path len to -1."); mCAPathLen = -1; } else { CertificateChain caChain = certAuthority.getCACertChain(); - if( caChain == null || CMS.isPreOpMode() ) { + if (caChain == null || CMS.isPreOpMode()) { return; } X509Certificate caCert = caChain.getFirstCertificate(); mCAPathLen = caCert.getBasicConstraints(); } - // set default to one less than the CA's pathlen or 0 if CA's - // pathlen is 0. + // set default to one less than the CA's pathlen or 0 if CA's + // pathlen is 0. // If it's unlimited default the max pathlen also to unlimited. - if (mCAPathLen < 0) + if (mCAPathLen < 0) mDefaultMaxPathLen = -1; - else if (mCAPathLen > 0) + else if (mCAPathLen > 0) mDefaultMaxPathLen = mCAPathLen - 1; - else // (mCAPathLen == 0) + else // (mCAPathLen == 0) { - log(ILogger.LL_WARN, - CMS.getLogMessage("POLICY_PATHLEN_ZERO")); - //return; + log(ILogger.LL_WARN, + CMS.getLogMessage("POLICY_PATHLEN_ZERO")); + // return; } - // get configured max path len, use defaults if not configured. + // get configured max path len, use defaults if not configured. boolean pathLenConfigured = true; try { @@ -151,19 +148,19 @@ public class BasicConstraintsExt extends APolicyRule mIsCA = config.getBoolean(PROP_IS_CA, true); mMaxPathLen = config.getInteger(PROP_MAXPATHLEN); if (mMaxPathLen < 0) { - log(ILogger.LL_MISCONF, - CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN_4", "", - String.valueOf(mMaxPathLen))); + log(ILogger.LL_MISCONF, + CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN_4", "", + String.valueOf(mMaxPathLen))); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_INVALID_MAXPATHLEN_1", - NAME, String.valueOf(mMaxPathLen))); + NAME, String.valueOf(mMaxPathLen))); } mOrigMaxPathLen = Integer.toString(mMaxPathLen); } catch (EBaseException e) { - if (!(e instanceof EPropertyNotFound) && - !(e instanceof EPropertyNotDefined)) { - log(ILogger.LL_MISCONF, - CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN")); + if (!(e instanceof EPropertyNotFound) && + !(e instanceof EPropertyNotDefined)) { + log(ILogger.LL_MISCONF, + CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN")); throw e; } @@ -175,53 +172,53 @@ public class BasicConstraintsExt extends APolicyRule // check if configured path len is valid. if (pathLenConfigured) { - // if CA's pathlen is unlimited, any max pathlen is ok. - // else maxPathlen must be at most one less than the CA's - // pathlen or 0 if CA's pathlen is 0. - - if (mCAPathLen > 0 && - (mMaxPathLen >= mCAPathLen || mMaxPathLen < 0)) { - String maxStr = (mMaxPathLen < 0) ? - String.valueOf(mMaxPathLen) + "(unlimited)" : - String.valueOf(mMaxPathLen); - - log(ILogger.LL_MISCONF, - CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", "", - maxStr, - String.valueOf(mCAPathLen))); + // if CA's pathlen is unlimited, any max pathlen is ok. + // else maxPathlen must be at most one less than the CA's + // pathlen or 0 if CA's pathlen is 0. + + if (mCAPathLen > 0 && + (mMaxPathLen >= mCAPathLen || mMaxPathLen < 0)) { + String maxStr = (mMaxPathLen < 0) ? + String.valueOf(mMaxPathLen) + "(unlimited)" : + String.valueOf(mMaxPathLen); + + log(ILogger.LL_MISCONF, + CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", "", + maxStr, + String.valueOf(mCAPathLen))); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_MAXPATHLEN_TOO_BIG_1", - NAME, maxStr, Integer.toString(mCAPathLen))); + NAME, maxStr, Integer.toString(mCAPathLen))); } else if (mCAPathLen == 0 && mMaxPathLen != 0) { - log(ILogger.LL_MISCONF, - CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN_2", "", String.valueOf(mMaxPathLen))); + log(ILogger.LL_MISCONF, + CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN_2", "", String.valueOf(mMaxPathLen))); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_INVALID_MAXPATHLEN", - NAME, String.valueOf(mMaxPathLen))); + NAME, String.valueOf(mMaxPathLen))); } } } /** - * Checks if the basic contraints extension in certInfo is valid and - * add the basic constraints extension for CA certs if none exists. - * Non-CA certs do not get a basic constraints extension. - * - * @param req The request on which to apply policy. + * Checks if the basic contraints extension in certInfo is valid and add the + * basic constraints extension for CA certs if none exists. Non-CA certs do + * not get a basic constraints extension. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { PolicyResult res = PolicyResult.ACCEPTED; // get cert info. - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); X509CertInfo certInfo = null; if (ci == null || (certInfo = ci[0]) == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), ""); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), ""); return PolicyResult.REJECTED; // unrecoverable error. } @@ -229,24 +226,22 @@ public class BasicConstraintsExt extends APolicyRule boolean isCA = mIsCA; /** - boolean isCA = false; - String type = (String)req.get(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); - if (type != null && type.equalsIgnoreCase(IRequest.CA_CERT)) { - isCA = true; - } + * boolean isCA = false; String type = + * (String)req.get(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); if (type + * != null && type.equalsIgnoreCase(IRequest.CA_CERT)) { isCA = true; } **/ for (int i = 0; i < ci.length; i++) { PolicyResult certResult = applyCert(req, isCA, certInfo); - if (certResult == PolicyResult.REJECTED) + if (certResult == PolicyResult.REJECTED) return certResult; } return PolicyResult.ACCEPTED; } public PolicyResult applyCert( - IRequest req, boolean isCA, X509CertInfo certInfo) { + IRequest req, boolean isCA, X509CertInfo certInfo) { // get basic constraints extension from cert info if any. CertificateExtensions extensions = null; @@ -266,19 +261,19 @@ public class BasicConstraintsExt extends APolicyRule // no extensions or basic constraints extension. } - // for non-CA certs, pkix says it SHOULD NOT have the extension + // for non-CA certs, pkix says it SHOULD NOT have the extension // so remove it. if (!isCA) { if (extensions == null) { try { // create extensions set if none. - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } catch (CertificateException e) { } catch (IOException e) { - // not possible + // not possible } } if (basicExt != null) { @@ -293,54 +288,54 @@ public class BasicConstraintsExt extends APolicyRule try { critExt = new BasicConstraintsExtension(isCA, mCritical, mMaxPathLen); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2", - e.toString())); - setError(req, - CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), ""); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2", + e.toString())); + setError(req, + CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), ""); return PolicyResult.REJECTED; // unrecoverable error. } - + try { extensions.set(BasicConstraintsExtension.class.getSimpleName(), critExt); } catch (IOException e) { } CMS.debug( - "BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request " + - req.getRequestId()); + "BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request " + + req.getRequestId()); return PolicyResult.ACCEPTED; } // For CA certs, check if existing extension is valid, and adjust. - // Extension must be marked critial and pathlen must be < CA's pathlen. + // Extension must be marked critial and pathlen must be < CA's pathlen. // if CA's pathlen is 0 all ca certs are rejected. if (mCAPathLen == 0) { - // reject all subordinate CA cert requests because CA's + // reject all subordinate CA cert requests because CA's // path length is 0. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_NO_SUB_CA_CERTS_ALLOWED_1", NAME)); - setError(req, CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED", NAME), ""); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_NO_SUB_CA_CERTS_ALLOWED_1", NAME)); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED", NAME), ""); return PolicyResult.REJECTED; } - if (basicExt != null) { + if (basicExt != null) { try { - boolean extIsCA = - ((Boolean) basicExt.get(BasicConstraintsExtension.IS_CA)).booleanValue(); - int pathLen = - ((Integer) basicExt.get(BasicConstraintsExtension.PATH_LEN)).intValue(); + boolean extIsCA = + ((Boolean) basicExt.get(BasicConstraintsExtension.IS_CA)).booleanValue(); + int pathLen = + ((Integer) basicExt.get(BasicConstraintsExtension.PATH_LEN)).intValue(); if (mMaxPathLen > -1) { if (pathLen > mMaxPathLen || pathLen < 0) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", NAME, "unlimited", String.valueOf(pathLen))); - if (pathLen < 0) + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", NAME, "unlimited", String.valueOf(pathLen))); + if (pathLen < 0) setError(req, CMS.getUserMessage("CMS_POLICY_MAXPATHLEN_TOO_BIG", NAME, "unlimited", Integer.toString(mMaxPathLen)), ""); else setError(req, CMS.getUserMessage("CMS_POLICY_MAXPATHLEN_TOO_BIG", - NAME, Integer.toString(pathLen), + NAME, Integer.toString(pathLen), Integer.toString(mMaxPathLen)), ""); return PolicyResult.REJECTED; } @@ -348,20 +343,20 @@ public class BasicConstraintsExt extends APolicyRule // adjust isCA field if (!extIsCA) { - basicExt.set(BasicConstraintsExtension.IS_CA, - Boolean.valueOf(true)); + basicExt.set(BasicConstraintsExtension.IS_CA, + Boolean.valueOf(true)); } // adjust path length field. if (mMaxPathLen == 0) { if (pathLen != 0) { - basicExt.set(BasicConstraintsExtension.PATH_LEN, - Integer.valueOf(0)); + basicExt.set(BasicConstraintsExtension.PATH_LEN, + Integer.valueOf(0)); pathLen = 0; } } else if (mMaxPathLen > 0 && pathLen > mMaxPathLen) { - basicExt.set(BasicConstraintsExtension.PATH_LEN, - Integer.valueOf(mMaxPathLen)); + basicExt.set(BasicConstraintsExtension.PATH_LEN, + Integer.valueOf(mMaxPathLen)); pathLen = mMaxPathLen; } @@ -372,10 +367,10 @@ public class BasicConstraintsExt extends APolicyRule try { critExt = new BasicConstraintsExtension(isCA, mCritical, pathLen); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_1", NAME)); - setError(req, - CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), ""); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_1", NAME)); + setError(req, + CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), ""); return PolicyResult.REJECTED; // unrecoverable error. } extensions.delete(BasicConstraintsExtension.class.getSimpleName()); @@ -385,8 +380,8 @@ public class BasicConstraintsExt extends APolicyRule // not possible in these cases. } CMS.debug( - "BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request " + - req.getRequestId()); + "BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request " + + req.getRequestId()); return PolicyResult.ACCEPTED; } @@ -394,14 +389,14 @@ public class BasicConstraintsExt extends APolicyRule if (extensions == null) { try { // create extensions set if none. - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } catch (CertificateException e) { // not possible } catch (IOException e) { - // not possible + // not possible } } @@ -413,29 +408,29 @@ public class BasicConstraintsExt extends APolicyRule if (reqPathLenStr == null) { reqPathLen = mMaxPathLen; } else { - try { - reqPathLen = Integer.parseInt(reqPathLenStr); + try { + reqPathLen = Integer.parseInt(reqPathLenStr); if ((mMaxPathLen == 0 && reqPathLen != 0) || - (mMaxPathLen > 0 && + (mMaxPathLen > 0 && (reqPathLen > mMaxPathLen || reqPathLen < 0))) { - String plenStr = - ((reqPathLen < 0) ? - reqPathLenStr + "(unlimited)" : reqPathLenStr); - - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_PATHLEN_TOO_BIG_3", plenStr, - String.valueOf(mMaxPathLen))); - setError(req, - CMS.getUserMessage("CMS_POLICY_PATHLEN_TOO_BIG", - NAME, plenStr, String.valueOf(mMaxPathLen)), ""); + String plenStr = + ((reqPathLen < 0) ? + reqPathLenStr + "(unlimited)" : reqPathLenStr); + + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_PATHLEN_TOO_BIG_3", plenStr, + String.valueOf(mMaxPathLen))); + setError(req, + CMS.getUserMessage("CMS_POLICY_PATHLEN_TOO_BIG", + NAME, plenStr, String.valueOf(mMaxPathLen)), ""); return PolicyResult.REJECTED; } } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_INVALID_PATHLEN_FORMAT_2", NAME, reqPathLenStr)); - setError(req, CMS.getUserMessage("CMS_POLICY_INVALID_PATHLEN_FORMAT", + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_INVALID_PATHLEN_FORMAT_2", NAME, reqPathLenStr)); + setError(req, CMS.getUserMessage("CMS_POLICY_INVALID_PATHLEN_FORMAT", NAME, reqPathLenStr), ""); - return PolicyResult.REJECTED; + return PolicyResult.REJECTED; } } BasicConstraintsExtension newExt; @@ -443,29 +438,29 @@ public class BasicConstraintsExt extends APolicyRule try { newExt = new BasicConstraintsExtension(isCA, mCritical, reqPathLen); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2", e.toString())); - setError(req, - CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), ""); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2", e.toString())); + setError(req, + CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), ""); return PolicyResult.REJECTED; // unrecoverable error. } try { extensions.set(BasicConstraintsExtension.class.getSimpleName(), newExt); - }catch (IOException e) { + } catch (IOException e) { // doesn't happen. } CMS.debug( - "BasicConstraintsExt: added the extension to request " + - req.getRequestId()); + "BasicConstraintsExt: added the extension to request " + + req.getRequestId()); return PolicyResult.ACCEPTED; } /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { Vector<String> params = new Vector<String>(); // Because of one of the UI bugs 385273, we should leave the empty space @@ -478,10 +473,10 @@ public class BasicConstraintsExt extends APolicyRule /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { Vector<String> defParams = new Vector<String>(); defParams.addElement(PROP_IS_CRITICAL + "=true"); @@ -494,17 +489,16 @@ public class BasicConstraintsExt extends APolicyRule String[] params = { PROP_MAXPATHLEN + ";number;'0' means : no subordinates allowed, 'n' means : at most n subordinates allowed.", PROP_IS_CRITICAL + ";boolean;" + - "RFC 2459 recommendation: MUST be critical in CA certs, SHOULD NOT appear in EE certs.", + "RFC 2459 recommendation: MUST be critical in CA certs, SHOULD NOT appear in EE certs.", PROP_IS_CA + ";boolean;" + - "Identifies the subject of the certificate is a CA or not.", + "Identifies the subject of the certificate is a CA or not.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-basicconstraints", + ";configuration-policyrules-basicconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Adds the Basic Constraints extension. See RFC 2459 (4.2.1.10)" + ";Adds the Basic Constraints extension. See RFC 2459 (4.2.1.10)" }; return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java index 05d4a28e..688997df 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Hashtable; @@ -50,18 +49,18 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * The type of the distribution point or issuer name. The name is expressed - * as a simple string in the configuration file, so this attribute is needed - * to tell whether the simple string should be stored in an X.500 Name, - * a URL, or an RDN. + * The type of the distribution point or issuer name. The name is expressed as a + * simple string in the configuration file, so this attribute is needed to tell + * whether the simple string should be stored in an X.500 Name, a URL, or an + * RDN. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ @@ -69,7 +68,7 @@ class NameType { private NameType() { } // no default constructor - private String stringRep; // string representation of this type + private String stringRep; // string representation of this type private NameType(String s) { map.put(s, this); @@ -79,8 +78,8 @@ class NameType { private static Hashtable<String, NameType> map = new Hashtable<String, NameType>(); /** - * Looks up a NameType from its string representation. Returns null - * if no matching NameType was found. + * Looks up a NameType from its string representation. Returns null if no + * matching NameType was found. */ public static NameType fromString(String s) { return map.get(s); @@ -93,14 +92,13 @@ class NameType { public static final NameType DIRECTORY_NAME = new NameType("DirectoryName"); public static final NameType URI = new NameType("URI"); public static final NameType RELATIVE_TO_ISSUER = - new NameType("RelativeToIssuer"); + new NameType("RelativeToIssuer"); } - /** - * These are the parameters that may be given in the configuration file - * for each distribution point. They are parsed by DPParamsToDP(). - * Any of them may be null. + * These are the parameters that may be given in the configuration file for each + * distribution point. They are parsed by DPParamsToDP(). Any of them may be + * null. */ class DistPointParams { public String pointName; @@ -124,13 +122,12 @@ class DistPointParams { } - /** - * CRL Distribution Points policy. - * Adds the CRL Distribution Points extension to the certificate. + * CRL Distribution Points policy. Adds the CRL Distribution Points extension to + * the certificate. */ public class CRLDistributionPointsExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { public static final String PROP_IS_CRITICAL = "critical"; public static final String PROP_NUM_POINTS = "numPoints"; @@ -173,29 +170,29 @@ public class CRLDistributionPointsExt extends APolicyRule // should replace MAX_POINTS with mNumPoints if bug 385118 is fixed for (int i = 0; i < MAX_POINTS; i++) { v.addElement(PROP_POINT_TYPE + Integer.toString(i) + ";choice(" + - "DirectoryName,URI,RelativeToIssuer);" + - "The type of the CRL distribution point."); + "DirectoryName,URI,RelativeToIssuer);" + + "The type of the CRL distribution point."); v.addElement(PROP_POINT_NAME + Integer.toString(i) + ";string;" + - "The name of the CRL distribution point depending on the CRLDP type."); + "The name of the CRL distribution point depending on the CRLDP type."); v.addElement(PROP_REASONS + Integer.toString(i) + ";string;" + - "The revocation reasons for the CRL maintained at this distribution point. It's a comma-seperated list of the following constants: unused, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold."); + "The revocation reasons for the CRL maintained at this distribution point. It's a comma-seperated list of the following constants: unused, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold."); v.addElement(PROP_ISSUER_TYPE + Integer.toString(i) + ";choice(" + - "DirectoryName,URI);" + - "The type of the issuer that has signed the CRL maintained at this distribution point."); + "DirectoryName,URI);" + + "The type of the issuer that has signed the CRL maintained at this distribution point."); v.addElement(PROP_ISSUER_NAME + Integer.toString(i) + ";string;" + - "The name of the issuer that has signed the CRL maintained at this distribution point. The value depends on the issuer type."); + "The name of the issuer that has signed the CRL maintained at this distribution point. The value depends on the issuer type."); } v.addElement(PROP_NUM_POINTS + - ";number;The total number of CRL distribution points to be contained or allowed in the extension."); + ";number;The total number of CRL distribution points to be contained or allowed in the extension."); v.addElement(PROP_IS_CRITICAL + - ";boolean;RFC 2459 recommendation: SHOULD be non-critical. But recommends support for this extension by CAs and applications."); + ";boolean;RFC 2459 recommendation: SHOULD be non-critical. But recommends support for this extension by CAs and applications."); v.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-crldistributionpoints"); + ";configuration-policyrules-crldistributionpoints"); v.addElement(IExtendedPluginInfo.HELP_TEXT + - ";This policy inserts the CRL Distribution Points " + - "Extension into the certificate. See RFC 2459 (4.2.1.14). " - ); + ";This policy inserts the CRL Distribution Points " + + "Extension into the certificate. See RFC 2459 (4.2.1.14). " + ); mExtParams = com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); } @@ -212,13 +209,13 @@ public class CRLDistributionPointsExt extends APolicyRule * Performs one-time initialization of the policy. */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { // Register the CRL Distribution Points extension. try { netscape.security.x509.OIDMap.addAttribute( - CRLDistributionPointsExtension.class.getName(), - CRLDistributionPointsExtension.OID, - CRLDistributionPointsExtension.class.getSimpleName()); + CRLDistributionPointsExtension.class.getName(), + CRLDistributionPointsExtension.OID, + CRLDistributionPointsExtension.class.getSimpleName()); } catch (CertificateException e) { // ignore, just means it has already been added } @@ -269,11 +266,11 @@ public class CRLDistributionPointsExt extends APolicyRule } /** - * Parses the parameters in the config file to create an - * actual CRL Distribution Point object. + * Parses the parameters in the config file to create an actual CRL + * Distribution Point object. */ private CRLDistributionPoint DPParamsToDP(DistPointParams params) - throws EBaseException { + throws EBaseException { CRLDistributionPoint crlDP = new CRLDistributionPoint(); try { @@ -337,14 +334,14 @@ public class CRLDistributionPointsExt extends APolicyRule if (r == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_REASON", s)); - throw new EBaseException("Unknown reason: " + s); + throw new EBaseException("Unknown reason: " + s); } else { reasonBits |= r.getBitMask(); } } if (reasonBits != 0) { BitArray ba = new BitArray(8, new byte[] { reasonBits } - ); + ); crlDP.setReasons(ba); } @@ -421,15 +418,15 @@ public class CRLDistributionPointsExt extends APolicyRule try { // find the extensions in the certInfo CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); // prepare the extensions data structure if (extensions == null) { certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } else { // remove any previously computed version of the extension @@ -446,13 +443,13 @@ public class CRLDistributionPointsExt extends APolicyRule } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage())); setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME, - e.getMessage()); + e.getMessage()); return PolicyResult.REJECTED; } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME, - e.getMessage()); + e.getMessage()); return PolicyResult.REJECTED; } } @@ -471,7 +468,7 @@ public class CRLDistributionPointsExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector<String> getInstanceParams() { diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java index 1e61c4ad..c4384e75 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Locale; @@ -50,21 +49,20 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * Certificate Policies. - * Adds certificate policies extension. + * Certificate Policies. Adds certificate policies extension. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class CertificatePoliciesExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_CRITICAL = "critical"; protected static final String PROP_NUM_CERTPOLICIES = "numCertPolicies"; @@ -91,17 +89,16 @@ public class CertificatePoliciesExt extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.predicate=certType==ca - * ca.Policy.rule.<ruleName>.implName= - * ca.Policy.rule.<ruleName>.enable=true - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.predicate=certType==ca + * ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; mEnabled = mConfig.getBoolean( @@ -117,7 +114,7 @@ public class CertificatePoliciesExt extends APolicyRule "value must be greater than or equal to 1")); } - // init Policy Mappings, check values if enabled. + // init Policy Mappings, check values if enabled. mCertPolicies = new CertPolicy[mNumCertPolicies]; for (int i = 0; i < mNumCertPolicies; i++) { String subtreeName = PROP_CERTPOLICY + i; @@ -126,7 +123,7 @@ public class CertificatePoliciesExt extends APolicyRule mCertPolicies[i] = new CertPolicy(subtreeName, mConfig, mEnabled); } catch (EBaseException e) { log(ILogger.LL_FAILURE, NAME + ": " + - CMS.getLogMessage("POLICY_ERROR_CREATE_CERT_POLICY", e.toString())); + CMS.getLogMessage("POLICY_ERROR_CREATE_CERT_POLICY", e.toString())); throw e; } } @@ -138,21 +135,21 @@ public class CertificatePoliciesExt extends APolicyRule for (int j = 0; j < mNumCertPolicies; j++) { CertPolicies.addElement( - mCertPolicies[j].mCertificatePolicyInfo); + mCertPolicies[j].mCertificatePolicyInfo); } - mCertificatePoliciesExtension = + mCertificatePoliciesExtension = new CertificatePoliciesExtension(mCritical, CertPolicies); } catch (IOException e) { throw new EBaseException( CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", - "Error initializing " + NAME + " Error: " + e)); + "Error initializing " + NAME + " Error: " + e)); } } - // form instance params + // form instance params mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical); mInstanceParams.addElement( - PROP_NUM_CERTPOLICIES + "=" + mNumCertPolicies); + PROP_NUM_CERTPOLICIES + "=" + mNumCertPolicies); for (int i = 0; i < mNumCertPolicies; i++) { mCertPolicies[i].getInstanceParams(mInstanceParams); } @@ -161,19 +158,19 @@ public class CertificatePoliciesExt extends APolicyRule /** * Applies the policy on the given Request. * <p> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { // get certInfo from request. - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); - + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + if (ci == null || ci[0] == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); - return PolicyResult.REJECTED; + return PolicyResult.REJECTED; } for (int i = 0; i < ci.length; i++) { @@ -194,8 +191,8 @@ public class CertificatePoliciesExt extends APolicyRule if (extensions == null) { extensions = new CertificateExtensions(); try { - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } catch (Exception e) { } @@ -204,8 +201,9 @@ public class CertificatePoliciesExt extends APolicyRule try { extensions.delete(CertificatePoliciesExtension.class.getSimpleName()); } catch (IOException e) { - // this is the hack: for some reason, the key which is the name - // of the policy has been converted into the OID + // this is the hack: for some reason, the key which is the + // name + // of the policy has been converted into the OID try { extensions.delete("2.5.29.32"); } catch (IOException ee) { @@ -213,24 +211,24 @@ public class CertificatePoliciesExt extends APolicyRule } } extensions.set(CertificatePoliciesExtension.class.getSimpleName(), - mCertificatePoliciesExtension); + mCertificatePoliciesExtension); } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", e.toString())); setError(req, - CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME); + CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME); return PolicyResult.REJECTED; } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", e.toString())); setError(req, - CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME); + CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME); return PolicyResult.REJECTED; } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", e.toString())); setError(req, - CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME); + CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME); return PolicyResult.REJECTED; } return PolicyResult.ACCEPTED; @@ -238,51 +236,50 @@ public class CertificatePoliciesExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { return mInstanceParams; } /** - * Default config parameters. - * To add more permitted or excluded subtrees, - * increase the num to greater than 0 and more configuration params - * will show up in the console. + * Default config parameters. To add more permitted or excluded subtrees, + * increase the num to greater than 0 and more configuration params will + * show up in the console. */ private static Vector<String> mDefParams = new Vector<String>(); static { mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL); mDefParams.addElement( - PROP_NUM_CERTPOLICIES + "=" + DEF_NUM_CERTPOLICIES); + PROP_NUM_CERTPOLICIES + "=" + DEF_NUM_CERTPOLICIES); String certPolicy0Dot = PROP_CERTPOLICY + "0."; mDefParams.addElement( - certPolicy0Dot + CertPolicy.PROP_POLICY_IDENTIFIER + "=" + ""); + certPolicy0Dot + CertPolicy.PROP_POLICY_IDENTIFIER + "=" + ""); mDefParams.addElement( - certPolicy0Dot + CertPolicy.PROP_NOTICE_REF_ORG + "=" + ""); + certPolicy0Dot + CertPolicy.PROP_NOTICE_REF_ORG + "=" + ""); mDefParams.addElement( - certPolicy0Dot + CertPolicy.PROP_NOTICE_REF_NUMS + "=" + ""); + certPolicy0Dot + CertPolicy.PROP_NOTICE_REF_NUMS + "=" + ""); mDefParams.addElement( - certPolicy0Dot + CertPolicy.PROP_USER_NOTICE_TEXT + "=" + ""); + certPolicy0Dot + CertPolicy.PROP_USER_NOTICE_TEXT + "=" + ""); mDefParams.addElement( - certPolicy0Dot + CertPolicy.PROP_CPS_URI + "=" + ""); + certPolicy0Dot + CertPolicy.PROP_CPS_URI + "=" + ""); } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { return mDefParams; } public String[] getExtendedPluginInfo(Locale locale) { Vector<String> theparams = new Vector<String>(); - + theparams.addElement(PROP_CRITICAL + ";boolean;RFC 3280 recommendation: MUST be non-critical."); theparams.addElement(PROP_NUM_CERTPOLICIES + ";number; Number of certificate policies. The value must be greater than or equal to 1"); @@ -290,22 +287,22 @@ public class CertificatePoliciesExt extends APolicyRule String certPolicykDot = PROP_CERTPOLICY + k + "."; theparams.addElement(certPolicykDot + - CertPolicy.PROP_POLICY_IDENTIFIER + ";string,required;An object identifier in the form n.n.n.n"); + CertPolicy.PROP_POLICY_IDENTIFIER + ";string,required;An object identifier in the form n.n.n.n"); theparams.addElement(certPolicykDot + - CertPolicy.PROP_NOTICE_REF_ORG + ";string;See RFC 3280 sec 4.2.1.5"); + CertPolicy.PROP_NOTICE_REF_ORG + ";string;See RFC 3280 sec 4.2.1.5"); theparams.addElement(certPolicykDot + - CertPolicy.PROP_NOTICE_REF_NUMS + - ";string;comma-separated list of numbers. See RFC 3280 sec 4.2.1.5"); + CertPolicy.PROP_NOTICE_REF_NUMS + + ";string;comma-separated list of numbers. See RFC 3280 sec 4.2.1.5"); theparams.addElement(certPolicykDot + - CertPolicy.PROP_USER_NOTICE_TEXT + ";string;See RFC 3280 sec 4.2.1.5"); + CertPolicy.PROP_USER_NOTICE_TEXT + ";string;See RFC 3280 sec 4.2.1.5"); theparams.addElement(certPolicykDot + - CertPolicy.PROP_CPS_URI + ";string;See RFC 3280 sec 4.2.1.5"); + CertPolicy.PROP_CPS_URI + ";string;See RFC 3280 sec 4.2.1.5"); } theparams.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-certificatepolicies"); + ";configuration-policyrules-certificatepolicies"); theparams.addElement(IExtendedPluginInfo.HELP_TEXT + - ";Adds Certificate Policies Extension. See RFC 3280 (4.2.1.5)"); + ";Adds Certificate Policies Extension. See RFC 3280 (4.2.1.5)"); String[] params = new String[theparams.size()]; @@ -314,7 +311,6 @@ public class CertificatePoliciesExt extends APolicyRule } } - class CertPolicy { protected static final String PROP_POLICY_IDENTIFIER = "policyId"; @@ -337,34 +333,35 @@ class CertPolicy { /** * forms policy map parameters. + * * @param name name of this policy map, for example certPolicy0 * @param config parent's config from where we find this configuration. * @param enabled whether policy was enabled. */ - protected CertPolicy(String name, IConfigStore config, boolean enabled) - throws EBaseException { + protected CertPolicy(String name, IConfigStore config, boolean enabled) + throws EBaseException { mName = name; mConfig = config.getSubStore(mName); mNameDot = mName + "."; - if( mConfig == null ) { - CMS.debug( "CertificatePoliciesExt::CertPolicy - mConfig is " + - "null!" ); - throw new EBaseException( "mConfig is null" ); + if (mConfig == null) { + CMS.debug("CertificatePoliciesExt::CertPolicy - mConfig is " + + "null!"); + throw new EBaseException("mConfig is null"); } // if there's no configuration for this policy put it there. if (mConfig.size() == 0) { - config.putString(mNameDot + PROP_POLICY_IDENTIFIER, ""); - config.putString(mNameDot + PROP_NOTICE_REF_ORG, ""); - config.putString(mNameDot + PROP_NOTICE_REF_NUMS, ""); - config.putString(mNameDot + PROP_USER_NOTICE_TEXT, ""); - config.putString(mNameDot + PROP_CPS_URI, ""); + config.putString(mNameDot + PROP_POLICY_IDENTIFIER, ""); + config.putString(mNameDot + PROP_NOTICE_REF_ORG, ""); + config.putString(mNameDot + PROP_NOTICE_REF_NUMS, ""); + config.putString(mNameDot + PROP_USER_NOTICE_TEXT, ""); + config.putString(mNameDot + PROP_CPS_URI, ""); mConfig = config.getSubStore(mName); - if(mConfig == null || mConfig.size() == 0) { - CMS.debug( "CertificatePoliciesExt::CertPolicy - mConfig " + - "is null or empty!" ); - throw new EBaseException( "mConfig is null or empty" ); + if (mConfig == null || mConfig.size() == 0) { + CMS.debug("CertificatePoliciesExt::CertPolicy - mConfig " + + "is null or empty!"); + throw new EBaseException("mConfig is null or empty"); } } @@ -376,28 +373,28 @@ class CertPolicy { mCpsUri = mConfig.getString(PROP_CPS_URI, null); // adjust for "" and console returning "null" - if (mPolicyId != null && - (mPolicyId.length() == 0 || + if (mPolicyId != null && + (mPolicyId.length() == 0 || mPolicyId.equals("null"))) { mPolicyId = null; } - if (mNoticeRefOrg != null && - (mNoticeRefOrg.length() == 0 || + if (mNoticeRefOrg != null && + (mNoticeRefOrg.length() == 0 || mNoticeRefOrg.equals("null"))) { mNoticeRefOrg = null; } - if (mNoticeRefNums != null && - (mNoticeRefNums.length() == 0 || + if (mNoticeRefNums != null && + (mNoticeRefNums.length() == 0 || mNoticeRefNums.equals("null"))) { mNoticeRefNums = null; } - if (mNoticeRefExplicitText != null && - (mNoticeRefExplicitText.length() == 0 || + if (mNoticeRefExplicitText != null && + (mNoticeRefExplicitText.length() == 0 || mNoticeRefExplicitText.equals("null"))) { mNoticeRefExplicitText = null; } - if (mCpsUri != null && - (mCpsUri.length() == 0 || + if (mCpsUri != null && + (mCpsUri.length() == 0 || mCpsUri.equals("null"))) { mCpsUri = null; } @@ -405,42 +402,44 @@ class CertPolicy { // policy ids cannot be null if policy is enabled. String msg = "value cannot be null."; - if (mPolicyId == null && enabled) + if (mPolicyId == null && enabled) throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", mNameDot + PROP_POLICY_IDENTIFIER, msg)); msg = "NoticeReference is optional; If chosen to include, NoticeReference must at least has 'organization'"; - if (mNoticeRefOrg == null && mNoticeRefNums != null && enabled) + if (mNoticeRefOrg == null && mNoticeRefNums != null && enabled) throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", mNameDot + PROP_NOTICE_REF_ORG, msg)); - - // if a policy id is not null check that it is a valid OID. + + // if a policy id is not null check that it is a valid OID. ObjectIdentifier policyId = null; - if (mPolicyId != null) + if (mPolicyId != null) policyId = CMS.checkOID( mNameDot + PROP_POLICY_IDENTIFIER, mPolicyId); - - // if enabled, form CertificatePolicyInfo to be encoded in - // extension. Policy ids should be all set. + + // if enabled, form CertificatePolicyInfo to be encoded in + // extension. Policy ids should be all set. if (enabled) { - CMS.debug("CertPolicy: in CertPolicy"); + CMS.debug("CertPolicy: in CertPolicy"); DisplayText displayText = null; - if (mNoticeRefExplicitText != null && - !mNoticeRefExplicitText.equals("")) + if (mNoticeRefExplicitText != null && + !mNoticeRefExplicitText.equals("")) displayText = new DisplayText(DisplayText.tag_VisibleString, mNoticeRefExplicitText); - // new DisplayText(DisplayText.tag_IA5String, mNoticeRefExplicitText); + // new DisplayText(DisplayText.tag_IA5String, + // mNoticeRefExplicitText); DisplayText orgName = null; - if (mNoticeRefOrg != null && - !mNoticeRefOrg.equals("")) + if (mNoticeRefOrg != null && + !mNoticeRefOrg.equals("")) orgName = new DisplayText(DisplayText.tag_VisibleString, mNoticeRefOrg); - // new DisplayText(DisplayText.tag_VisibleString, mNoticeRefOrg); + // new DisplayText(DisplayText.tag_VisibleString, mNoticeRefOrg); - int[] nums = new int[0];; - if (mNoticeRefNums != null && - !mNoticeRefNums.equals("")) { + int[] nums = new int[0]; + ; + if (mNoticeRefNums != null && + !mNoticeRefNums.equals("")) { // should add a method to NoticeReference to take a // Vector...but let's do this for now @@ -468,24 +467,23 @@ class CertPolicy { try { cpolicyId = new CertificatePolicyId(ObjectIdentifier.getObjectIdentifier(mPolicyId)); } catch (Exception e) { - throw new - EBaseException(CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR", mPolicyId)); + throw new EBaseException(CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR", mPolicyId)); } PolicyQualifiers policyQualifiers = new PolicyQualifiers(); - + NoticeReference noticeReference = null; - + if (orgName != null) noticeReference = new NoticeReference(orgName, nums); UserNotice userNotice = null; if (displayText != null || noticeReference != null) { - userNotice = new UserNotice (noticeReference, displayText); - + userNotice = new UserNotice(noticeReference, displayText); + PolicyQualifierInfo policyQualifierInfo1 = - new PolicyQualifierInfo(PolicyQualifierInfo.QT_UNOTICE, userNotice); + new PolicyQualifierInfo(PolicyQualifierInfo.QT_UNOTICE, userNotice); policyQualifiers.add(policyQualifierInfo1); } @@ -493,25 +491,25 @@ class CertPolicy { CPSuri cpsUri = null; if (mCpsUri != null && mCpsUri.length() > 0) { - cpsUri = new CPSuri (mCpsUri); + cpsUri = new CPSuri(mCpsUri); PolicyQualifierInfo policyQualifierInfo2 = - new PolicyQualifierInfo(PolicyQualifierInfo.QT_CPS, cpsUri); - + new PolicyQualifierInfo(PolicyQualifierInfo.QT_CPS, cpsUri); + policyQualifiers.add(policyQualifierInfo2); } if ((mNoticeRefOrg == null || mNoticeRefOrg.equals("")) && - (mNoticeRefExplicitText == null || mNoticeRefExplicitText.equals("")) && - (mCpsUri == null || mCpsUri.equals(""))) { - CMS.debug("CertPolicy mNoticeRefOrg = "+mNoticeRefOrg); - CMS.debug("CertPolicy mNoticeRefExplicitText = "+mNoticeRefExplicitText); - CMS.debug("CertPolicy mCpsUri = "+mCpsUri); + (mNoticeRefExplicitText == null || mNoticeRefExplicitText.equals("")) && + (mCpsUri == null || mCpsUri.equals(""))) { + CMS.debug("CertPolicy mNoticeRefOrg = " + mNoticeRefOrg); + CMS.debug("CertPolicy mNoticeRefExplicitText = " + mNoticeRefExplicitText); + CMS.debug("CertPolicy mCpsUri = " + mCpsUri); mCertificatePolicyInfo = new CertificatePolicyInfo(cpolicyId); } else { - CMS.debug("CertPolicy mNoticeRefOrg = "+mNoticeRefOrg); - CMS.debug("CertPolicy mNoticeRefExplicitText = "+mNoticeRefExplicitText); - CMS.debug("CertPolicy mCpsUri = "+mCpsUri); + CMS.debug("CertPolicy mNoticeRefOrg = " + mNoticeRefOrg); + CMS.debug("CertPolicy mNoticeRefExplicitText = " + mNoticeRefExplicitText); + CMS.debug("CertPolicy mCpsUri = " + mCpsUri); mCertificatePolicyInfo = new CertificatePolicyInfo(cpolicyId, policyQualifiers); } } @@ -519,20 +517,19 @@ class CertPolicy { protected void getInstanceParams(Vector<String> instanceParams) { instanceParams.addElement( - mNameDot + PROP_POLICY_IDENTIFIER + "=" + (mPolicyId == null ? "" : - mPolicyId)); + mNameDot + PROP_POLICY_IDENTIFIER + "=" + (mPolicyId == null ? "" : + mPolicyId)); instanceParams.addElement( - mNameDot + PROP_NOTICE_REF_ORG + "=" + (mNoticeRefOrg == null ? "" : - mNoticeRefOrg)); + mNameDot + PROP_NOTICE_REF_ORG + "=" + (mNoticeRefOrg == null ? "" : + mNoticeRefOrg)); instanceParams.addElement( - mNameDot + PROP_NOTICE_REF_NUMS + "=" + (mNoticeRefNums == null ? "" : - mNoticeRefNums)); + mNameDot + PROP_NOTICE_REF_NUMS + "=" + (mNoticeRefNums == null ? "" : + mNoticeRefNums)); instanceParams.addElement( - mNameDot + PROP_USER_NOTICE_TEXT + "=" + (mNoticeRefExplicitText == null ? "" : - mNoticeRefExplicitText)); + mNameDot + PROP_USER_NOTICE_TEXT + "=" + (mNoticeRefExplicitText == null ? "" : + mNoticeRefExplicitText)); instanceParams.addElement( - mNameDot + PROP_CPS_URI + "=" + (mCpsUri == null ? "" : - mCpsUri)); + mNameDot + PROP_CPS_URI + "=" + (mCpsUri == null ? "" : + mCpsUri)); } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java index e3927502..7471a580 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Date; @@ -40,20 +39,20 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Certificate Renewal Window Extension Policy * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class CertificateRenewalWindowExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_END_TIME = "relativeEndTime"; protected static final String PROP_BEGIN_TIME = "relativeBeginTime"; @@ -64,9 +63,8 @@ public class CertificateRenewalWindowExt extends APolicyRule protected String mEndTime; /** - * Adds the Netscape comment in the end-entity certificates or - * CA certificates. The policy is set to be non-critical with the - * provided OID. + * Adds the Netscape comment in the end-entity certificates or CA + * certificates. The policy is set to be non-critical with the provided OID. */ public CertificateRenewalWindowExt() { NAME = "CertificateRenewalWindowExt"; @@ -75,11 +73,11 @@ public class CertificateRenewalWindowExt extends APolicyRule /** * Initializes this policy rule. - * - * @param config The config store reference + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mCritical = config.getBoolean(PROP_CRITICAL, false); mBeginTime = config.getString(PROP_BEGIN_TIME, null); mEndTime = config.getString(PROP_END_TIME, null); @@ -89,16 +87,16 @@ public class CertificateRenewalWindowExt extends APolicyRule /** * Applies the policy on the given Request. * <p> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { PolicyResult res = PolicyResult.ACCEPTED; // get cert info. - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (ci == null || ci[0] == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); @@ -128,8 +126,8 @@ public class CertificateRenewalWindowExt extends APolicyRule if (extensions == null) { extensions = new CertificateExtensions(); try { - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } catch (Exception e) { } @@ -137,10 +135,10 @@ public class CertificateRenewalWindowExt extends APolicyRule // remove any previously computed version of the extension try { extensions.delete(CertificateRenewalWindowExtension.class.getSimpleName()); - + } catch (IOException e) { // this is the hack: for some reason, the key which is the name - // of the policy has been converted into the OID + // of the policy has been converted into the OID try { extensions.delete("2.16.840.1.113730.1.15"); } catch (IOException ee) { @@ -154,22 +152,22 @@ public class CertificateRenewalWindowExt extends APolicyRule if (mEndTime == null || mEndTime.equals("")) { crwExt = new CertificateRenewalWindowExtension( - mCritical, + mCritical, getDateValue(now, mBeginTime), null); } else { crwExt = new CertificateRenewalWindowExtension( - mCritical, + mCritical, getDateValue(now, mBeginTime), getDateValue(now, mEndTime)); } - extensions.set(CertificateRenewalWindowExtension.class.getSimpleName(), - crwExt); + extensions.set(CertificateRenewalWindowExtension.class.getSimpleName(), + crwExt); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", NAME)); + CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", NAME)); setError(req, - CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME); + CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME); return PolicyResult.REJECTED; } return PolicyResult.ACCEPTED; @@ -179,13 +177,13 @@ public class CertificateRenewalWindowExt extends APolicyRule long time; if (s.endsWith("s")) { - time = 1000 * Long.parseLong(s.substring(0, + time = 1000 * Long.parseLong(s.substring(0, s.length() - 1)); } else if (s.endsWith("m")) { - time = 60 * 1000 * Long.parseLong(s.substring(0, + time = 60 * 1000 * Long.parseLong(s.substring(0, s.length() - 1)); } else if (s.endsWith("h")) { - time = 60 * 60 * 1000 * Long.parseLong(s.substring(0, + time = 60 * 60 * 1000 * Long.parseLong(s.substring(0, s.length() - 1)); } else if (s.endsWith("D")) { time = 24 * 60 * 60 * 1000 * Long.parseLong( @@ -206,9 +204,9 @@ public class CertificateRenewalWindowExt extends APolicyRule PROP_BEGIN_TIME + ";string;Start Time in seconds (Relative to the time of issuance). Optionally, time unit (s - seconds, m - minutes, h - hours, D - days, M - months) can be specified right after the value. For example, 5 days can be expressed as 5D.", PROP_END_TIME + ";string;End Time in seconds (Optional, Relative to the time of issuance). Optionally, time unit (s - seconds, m - minutes, h - hours, D - days, M - months) can be specified right after the value. For example, 5 days can be expressed as 5D.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-certificaterenewalwindow", + ";configuration-policyrules-certificaterenewalwindow", IExtendedPluginInfo.HELP_TEXT + - ";Adds 'Certificate Renewal Window' extension. See manual" + ";Adds 'Certificate Renewal Window' extension. See manual" }; return params; @@ -217,10 +215,10 @@ public class CertificateRenewalWindowExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { Vector<String> params = new Vector<String>(); params.addElement(PROP_CRITICAL + "=" + mCritical); @@ -239,10 +237,10 @@ public class CertificateRenewalWindowExt extends APolicyRule /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { Vector<String> defParams = new Vector<String>(); defParams.addElement(PROP_CRITICAL + "=false"); diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java index 14ef4213..bf1bc8a4 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Locale; @@ -43,31 +42,31 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * Certificate Scope Of Use extension policy. This extension - * is defined in draft-thayes-cert-scope-00.txt + * Certificate Scope Of Use extension policy. This extension is defined in + * draft-thayes-cert-scope-00.txt * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ -public class CertificateScopeOfUseExt extends APolicyRule implements +public class CertificateScopeOfUseExt extends APolicyRule implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_CRITICAL = - "critical"; + "critical"; protected static final String PROP_ENTRY = - "entry"; + "entry"; protected static final String PROP_NAME = - "name"; + "name"; protected static final String PROP_NAME_TYPE = - "name_type"; + "name_type"; protected static final String PROP_PORT_NUMBER = - "port_number"; + "port_number"; public static final int MAX_ENTRY = 5; @@ -82,11 +81,11 @@ public class CertificateScopeOfUseExt extends APolicyRule implements Vector<String> v = new Vector<String>(); v.addElement(PROP_CRITICAL + - ";boolean; This extension may be either critical or non-critical."); + ";boolean; This extension may be either critical or non-critical."); v.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-certificatescopeofuse"); + ";configuration-policyrules-certificatescopeofuse"); v.addElement(IExtendedPluginInfo.HELP_TEXT + - ";Adds Certificate Scope of Use Extension."); + ";Adds Certificate Scope of Use Extension."); for (int i = 0; i < MAX_ENTRY; i++) { v.addElement(PROP_ENTRY + Integer.toString(i) + "_" + PROP_NAME + ";" + IGeneralNameUtil.GENNAME_VALUE_INFO); @@ -99,17 +98,17 @@ public class CertificateScopeOfUseExt extends APolicyRule implements /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt - * ca.Policy.rule.<ruleName>.enable=true - * ca.Policy.rule.<ruleName>.predicate= - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt + * ca.Policy.rule.<ruleName>.enable=true + * ca.Policy.rule.<ruleName>.predicate= + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; } @@ -124,7 +123,7 @@ public class CertificateScopeOfUseExt extends APolicyRule implements // for (int i = 0;; i++) { // get port number (optional) - String port = mConfig.getString(PROP_ENTRY + + String port = mConfig.getString(PROP_ENTRY + Integer.toString(i) + "_" + PROP_PORT_NUMBER, null); BigInt portNumber = null; @@ -137,11 +136,11 @@ public class CertificateScopeOfUseExt extends APolicyRule implements // TAG ::= uriName | dirName // VALUE ::= [value defined by TAG] // - String name_type = mConfig.getString(PROP_ENTRY + - Integer.toString(i) + + String name_type = mConfig.getString(PROP_ENTRY + + Integer.toString(i) + "_" + PROP_NAME_TYPE, null); - String name = mConfig.getString(PROP_ENTRY + - Integer.toString(i) + + String name = mConfig.getString(PROP_ENTRY + + Integer.toString(i) + "_" + PROP_NAME, null); if (name == null || name.equals("")) @@ -154,10 +153,10 @@ public class CertificateScopeOfUseExt extends APolicyRule implements } /** - * If this policy is enabled, add the authority information - * access extension to the certificate. + * If this policy is enabled, add the authority information access extension + * to the certificate. * <P> - * + * * @param req The request on which to apply policy. * @return The policy result object. */ @@ -169,7 +168,7 @@ public class CertificateScopeOfUseExt extends APolicyRule implements IRequest.CERT_INFO); if (ci == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); return PolicyResult.REJECTED; // unrecoverable error. } @@ -177,29 +176,29 @@ public class CertificateScopeOfUseExt extends APolicyRule implements certInfo = ci[j]; if (certInfo == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CA_CERT_INFO_ERROR", NAME)); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Configuration Info Error"); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CA_CERT_INFO_ERROR", NAME)); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Configuration Info Error"); return PolicyResult.REJECTED; // unrecoverable error. } try { // Find the extensions in the certInfo CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); // add access descriptions Vector<CertificateScopeEntry> entries = getScopeEntries(); if (entries.size() == 0) { return res; - } - + } + if (extensions == null) { // create extension if not exist certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } else { @@ -212,29 +211,29 @@ public class CertificateScopeOfUseExt extends APolicyRule implements } // Create the extension - CertificateScopeOfUseExtension suExt = new - CertificateScopeOfUseExtension(mConfig.getBoolean( - PROP_CRITICAL, false), entries); + CertificateScopeOfUseExtension suExt = new + CertificateScopeOfUseExtension(mConfig.getBoolean( + PROP_CRITICAL, false), entries); extensions.set(CertificateScopeOfUseExtension.NAME, suExt); } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, e.getMessage()); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, e.getMessage()); return PolicyResult.REJECTED; // unrecoverable error. } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - "Configuration Info Error encountered: " + - e.getMessage()); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Configuration Info Error"); + log(ILogger.LL_FAILURE, + "Configuration Info Error encountered: " + + e.getMessage()); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Configuration Info Error"); return PolicyResult.REJECTED; // unrecoverable error. } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Certificate Info Error"); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Certificate Info Error"); return PolicyResult.REJECTED; // unrecoverable error. } } @@ -244,15 +243,15 @@ public class CertificateScopeOfUseExt extends APolicyRule implements /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { Vector<String> params = new Vector<String>(); try { - params.addElement(PROP_CRITICAL + "=" + - mConfig.getBoolean(PROP_CRITICAL, false)); + params.addElement(PROP_CRITICAL + "=" + + mConfig.getBoolean(PROP_CRITICAL, false)); } catch (EBaseException e) { } @@ -260,50 +259,50 @@ public class CertificateScopeOfUseExt extends APolicyRule implements String name_type = null; try { - name_type = mConfig.getString(PROP_ENTRY + - Integer.toString(i) + "_" + PROP_NAME_TYPE, + name_type = mConfig.getString(PROP_ENTRY + + Integer.toString(i) + "_" + PROP_NAME_TYPE, null); } catch (EBaseException e) { } if (name_type == null) break; - params.addElement(PROP_ENTRY + - Integer.toString(i) + - "_" + PROP_NAME_TYPE + "=" + name_type); + params.addElement(PROP_ENTRY + + Integer.toString(i) + + "_" + PROP_NAME_TYPE + "=" + name_type); String name = null; try { - name = mConfig.getString(PROP_ENTRY + - Integer.toString(i) + "_" + PROP_NAME, + name = mConfig.getString(PROP_ENTRY + + Integer.toString(i) + "_" + PROP_NAME, null); } catch (EBaseException e) { } if (name == null) break; - params.addElement(PROP_ENTRY + - Integer.toString(i) + - "_" + PROP_NAME + "=" + name); + params.addElement(PROP_ENTRY + + Integer.toString(i) + + "_" + PROP_NAME + "=" + name); String port = null; try { - port = mConfig.getString(PROP_ENTRY + - Integer.toString(i) + "_" + PROP_PORT_NUMBER, + port = mConfig.getString(PROP_ENTRY + + Integer.toString(i) + "_" + PROP_PORT_NUMBER, ""); } catch (EBaseException e) { } - params.addElement(PROP_ENTRY + - Integer.toString(i) + - "_" + PROP_PORT_NUMBER + "=" + port); + params.addElement(PROP_ENTRY + + Integer.toString(i) + + "_" + PROP_PORT_NUMBER + "=" + port); } return params; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { Vector<String> defParams = new Vector<String>(); defParams.addElement(PROP_CRITICAL + "=false"); @@ -314,14 +313,13 @@ public class CertificateScopeOfUseExt extends APolicyRule implements // the CMS.cfg // for (int i = 0; i < MAX_ENTRY; i++) { - defParams.addElement(PROP_ENTRY + Integer.toString(i) + - "_" + PROP_NAME_TYPE + "="); - defParams.addElement(PROP_ENTRY + Integer.toString(i) + - "_" + PROP_NAME + "="); - defParams.addElement(PROP_ENTRY + Integer.toString(i) + - "_" + PROP_PORT_NUMBER + "="); + defParams.addElement(PROP_ENTRY + Integer.toString(i) + + "_" + PROP_NAME_TYPE + "="); + defParams.addElement(PROP_ENTRY + Integer.toString(i) + + "_" + PROP_NAME + "="); + defParams.addElement(PROP_ENTRY + Integer.toString(i) + + "_" + PROP_PORT_NUMBER + "="); } return defParams; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java index 94d7d8df..2684d02c 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Locale; @@ -40,20 +39,20 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * This implements the extended key usage extension. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class ExtendedKeyUsageExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { public static final String PROP_CRITICAL = "critical"; protected static final String PROP_PURPOSE_ID = "id"; protected static final String PROP_NUM_IDS = "numIds"; @@ -63,7 +62,7 @@ public class ExtendedKeyUsageExt extends APolicyRule private Vector<ObjectIdentifier> mUsages = null; private String[] mParams = null; - + // PKIX specifies the that the extension SHOULD NOT be critical public static final boolean DEFAULT_CRITICALITY = false; @@ -81,7 +80,7 @@ public class ExtendedKeyUsageExt extends APolicyRule * Performs one-time initialization of the policy. */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; setExtendedPluginInfo(); setupParams(); @@ -99,7 +98,7 @@ public class ExtendedKeyUsageExt extends APolicyRule } X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (ci == null || ci[0] == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); @@ -119,15 +118,15 @@ public class ExtendedKeyUsageExt extends APolicyRule try { // find the extensions in the certInfo CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); // prepare the extensions data structure if (extensions == null) { certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } else { try { @@ -143,17 +142,17 @@ public class ExtendedKeyUsageExt extends APolicyRule } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME, - e.getMessage()); + e.getMessage()); return PolicyResult.REJECTED; } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME, - e.getMessage()); + e.getMessage()); return PolicyResult.REJECTED; } } - + /** * Returns instance specific parameters. */ @@ -172,16 +171,16 @@ public class ExtendedKeyUsageExt extends APolicyRule for (int i = 0; i < numIds; i++) { if (mUsages.size() <= i) { - params.addElement(PROP_PURPOSE_ID + - Integer.toString(i) + "="); + params.addElement(PROP_PURPOSE_ID + + Integer.toString(i) + "="); } else { usage = ((ObjectIdentifier) mUsages.elementAt(i)).toString(); if (usage == null) { - params.addElement(PROP_PURPOSE_ID + - Integer.toString(i) + "="); + params.addElement(PROP_PURPOSE_ID + + Integer.toString(i) + "="); } else { - params.addElement(PROP_PURPOSE_ID + - Integer.toString(i) + "=" + usage); + params.addElement(PROP_PURPOSE_ID + + Integer.toString(i) + "=" + usage); } } } @@ -200,17 +199,17 @@ public class ExtendedKeyUsageExt extends APolicyRule } for (int i = 0; i < mNum; i++) { v.addElement(PROP_PURPOSE_ID + Integer.toString(i) + ";string;" + - "A unique,valid OID specified in dot-separated numeric component notation. e.g. 2.16.840.1.113730.1.99"); + "A unique,valid OID specified in dot-separated numeric component notation. e.g. 2.16.840.1.113730.1.99"); } v.addElement(PROP_NUM_IDS + ";number;The total number of policy IDs."); v.addElement(PROP_CRITICAL + - ";boolean;RFC 2459 recommendation: This extension may, at the option of the certificate issuer, be either critical or non-critical."); + ";boolean;RFC 2459 recommendation: This extension may, at the option of the certificate issuer, be either critical or non-critical."); v.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-extendedkeyusage"); + ";configuration-policyrules-extendedkeyusage"); v.addElement(IExtendedPluginInfo.HELP_TEXT + - ";Adds Extended Key Usage Extension. Defined in RFC 2459 " + - "(4.2.1.13)"); + ";Adds Extended Key Usage Extension. Defined in RFC 2459 " + + "(4.2.1.13)"); mParams = com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); } @@ -221,7 +220,7 @@ public class ExtendedKeyUsageExt extends APolicyRule } return mParams; } - + /** * Returns default parameters. */ @@ -235,30 +234,32 @@ public class ExtendedKeyUsageExt extends APolicyRule } return defParams; } - + /** * Setups parameters. */ private void setupParams() throws EBaseException { - + mCritical = mConfig.getBoolean(PROP_CRITICAL, false); if (mUsages == null) { mUsages = new Vector<ObjectIdentifier>(); } - + int mNum = mConfig.getInteger(PROP_NUM_IDS, MAX_PURPOSE_ID); for (int i = 0; i < mNum; i++) { ObjectIdentifier usageOID = null; - - String usage = mConfig.getString(PROP_PURPOSE_ID + + + String usage = mConfig.getString(PROP_PURPOSE_ID + Integer.toString(i), null); try { - - if (usage == null) break; + + if (usage == null) + break; usage = usage.trim(); - if (usage.equals("")) break; + if (usage.equals("")) + break; if (usage.equalsIgnoreCase("ocspsigning")) { usageOID = ObjectIdentifier.getObjectIdentifier(ExtendedKeyUsageExtension.OID_OCSPSigning); } else if (usage.equalsIgnoreCase("codesigning")) { @@ -268,10 +269,10 @@ public class ExtendedKeyUsageExt extends APolicyRule usageOID = ObjectIdentifier.getObjectIdentifier(usage); } } catch (IOException ex) { - throw new EBaseException(this.getClass().getName() + ":" + + throw new EBaseException(this.getClass().getName() + ":" + ex.getMessage()); } catch (NumberFormatException ex) { - throw new EBaseException(this.getClass().getName() + ":" + + throw new EBaseException(this.getClass().getName() + ":" + "OID '" + usage + "' format error"); } mUsages.addElement(usageOID); diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java b/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java index bdfdb14a..c382416f 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.File; import java.io.FileInputStream; import java.io.IOException; @@ -46,12 +45,10 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * Private Integer extension policy. - * If this policy is enabled, it adds an Private Integer - * extension to the certificate. - * + * Private Integer extension policy. If this policy is enabled, it adds an + * Private Integer extension to the certificate. + * * The following listed sample configuration parameters: * * ca.Policy.impl.privateInteger.class=com.netscape.certsrv.policy.genericASNExt @@ -78,51 +75,52 @@ import com.netscape.cms.policy.APolicyRule; * ca.Policy.rule.genericASNExt.implName=genericASNExt * ca.Policy.rule.genericASNExt.predicate= * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ -public class GenericASN1Ext extends APolicyRule implements +public class GenericASN1Ext extends APolicyRule implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final int MAX_ATTR = 10; protected static final String PROP_CRITICAL = - "critical"; + "critical"; protected static final String PROP_NAME = - "name"; + "name"; protected static final String PROP_OID = - "oid"; + "oid"; protected static final String PROP_PATTERN = - "pattern"; + "pattern"; protected static final String PROP_ATTRIBUTE = - "attribute"; + "attribute"; protected static final String PROP_TYPE = - "type"; + "type"; protected static final String PROP_SOURCE = - "source"; + "source"; protected static final String PROP_VALUE = - "value"; + "value"; protected static final String PROP_PREDICATE = - "predicate"; + "predicate"; protected static final String PROP_ENABLE = - "enable"; + "enable"; public IConfigStore mConfig = null; private String pattern = null; - + public String[] getExtendedPluginInfo(Locale locale) { String s[] = { "enable" + ";boolean;Enable this policy", "predicate" + ";string;", PROP_CRITICAL + ";boolean;", - PROP_NAME + ";string;Name for this extension.", - PROP_OID + ";string;OID number for this extension. It should be unique.", + PROP_NAME + ";string;Name for this extension.", + PROP_OID + ";string;OID number for this extension. It should be unique.", PROP_PATTERN + ";string;Pattern for extension; {012}34", // Attribute 0 PROP_ATTRIBUTE + "." + "0" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", @@ -165,14 +163,14 @@ public class GenericASN1Ext extends APolicyRule implements PROP_ATTRIBUTE + "." + "9" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", PROP_ATTRIBUTE + "." + "9" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-genericasn1ext", + ";configuration-policyrules-genericasn1ext", IExtendedPluginInfo.HELP_TEXT + - ";Adds Private extension based on ASN1. See manual" + ";Adds Private extension based on ASN1. See manual" }; return s; } - + public GenericASN1Ext() { NAME = "GenericASN1Ext"; DESC = "Sets Generic extension for certificates"; @@ -181,17 +179,17 @@ public class GenericASN1Ext extends APolicyRule implements /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.implName=genericASNExt - * ca.Policy.rule.<ruleName>.enable=true - * ca.Policy.rule.<ruleName>.predicate= - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.implName=genericASNExt + * ca.Policy.rule.<ruleName>.enable=true + * ca.Policy.rule.<ruleName>.predicate= + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; if (mConfig == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_INIT_ERROR")); @@ -202,33 +200,33 @@ public class GenericASN1Ext extends APolicyRule implements if (enable == false) return; - + String oid = mConfig.getString(PROP_OID, null); if ((oid == null) || (oid.length() == 0)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_INIT_ERROR")); return; } - + String name = mConfig.getString(PROP_NAME, null); if ((name == null) || (name.length() == 0)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_INIT_ERROR")); return; } - + try { if (File.separatorChar == '\\') { pattern = mConfig.getString(PROP_PATTERN, null); checkFilename(0); - } + } } catch (IOException e) { log(ILogger.LL_FAILURE, "" + e.toString()); } catch (EBaseException e) { log(ILogger.LL_FAILURE, "" + e.toString()); } - - // Check OID value + + // Check OID value CMS.checkOID(name, oid); pattern = mConfig.getString(PROP_PATTERN, null); checkOID(0); @@ -241,14 +239,14 @@ public class GenericASN1Ext extends APolicyRule implements } catch (CertificateException e) { log(ILogger.LL_FAILURE, "" + e.toString()); } - + } // Check filename - private int checkFilename(int index) - throws IOException, EBaseException { + private int checkFilename(int index) + throws IOException, EBaseException { String source = null; - + while (index < pattern.length()) { char ch = pattern.charAt(index); @@ -262,28 +260,28 @@ public class GenericASN1Ext extends APolicyRule implements return index; default: - source = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_SOURCE, null); + source = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_SOURCE, null); if ((source != null) && (source.equalsIgnoreCase("file"))) { - String oValue = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, null); + String oValue = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, null); String nValue = oValue.replace('\\', '/'); - mConfig.putString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, nValue); + mConfig.putString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, nValue); FileInputStream fis = new FileInputStream(nValue); fis.close(); - } + } } index++; - } + } return index; } // Check oid - private int checkOID(int index) - throws EBaseException { + private int checkOID(int index) + throws EBaseException { String type = null; String oid = null; - + while (index < pattern.length()) { char ch = pattern.charAt(index); @@ -297,23 +295,23 @@ public class GenericASN1Ext extends APolicyRule implements return index; default: - type = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_TYPE, null); + type = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_TYPE, null); if ((type != null) && (type.equalsIgnoreCase("OID"))) { - oid = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, null); + oid = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, null); CMS.checkOID(oid, oid); - } + } } index++; - } + } return index; } - + /** - * If this policy is enabled, add the private Integer - * information extension to the certificate. + * If this policy is enabled, add the private Integer information extension + * to the certificate. * <P> - * + * * @param req The request on which to apply policy. * @return The policy result object. */ @@ -321,9 +319,9 @@ public class GenericASN1Ext extends APolicyRule implements PolicyResult res = PolicyResult.ACCEPTED; X509CertInfo certInfo; X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO); - + if (ci == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); return PolicyResult.REJECTED; // unrecoverable error. } @@ -343,7 +341,7 @@ public class GenericASN1Ext extends APolicyRule implements if (extensions == null) { // create extension if not exist certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } else { @@ -358,35 +356,35 @@ public class GenericASN1Ext extends APolicyRule implements // Create the extension GenericASN1Extension priExt = mkExtension(); - + extensions.set(priExt.getName(), priExt); } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, e.getMessage()); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, e.getMessage()); return PolicyResult.REJECTED; // unrecoverable error. } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Configuration Info Error"); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Configuration Info Error"); return PolicyResult.REJECTED; // unrecoverable error. } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Certificate Info Error"); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Certificate Info Error"); return PolicyResult.REJECTED; // unrecoverable error. } catch (ParseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_EXTENSION_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Pattern parsing error"); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_EXTENSION_ERROR", e.getMessage())); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Pattern parsing error"); return PolicyResult.REJECTED; // unrecoverable error. } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_UNKNOWN_EXCEPTION", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Unknown Error"); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_UNKNOWN_EXCEPTION", e.getMessage())); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Unknown Error"); return PolicyResult.REJECTED; // unrecoverable error. } } @@ -397,7 +395,7 @@ public class GenericASN1Ext extends APolicyRule implements * Construct GenericASN1Extension with value from CMS.cfg */ protected GenericASN1Extension mkExtension() - throws IOException, EBaseException, ParseException { + throws IOException, EBaseException, ParseException { GenericASN1Extension ext; Hashtable<String, String> h = new Hashtable<String, String>(); @@ -413,21 +411,21 @@ public class GenericASN1Ext extends APolicyRule implements String proptype = PROP_ATTRIBUTE + "." + idx + "." + PROP_TYPE; String propsource = PROP_ATTRIBUTE + "." + idx + "." + PROP_SOURCE; String propvalue = PROP_ATTRIBUTE + "." + idx + "." + PROP_VALUE; - + h.put(proptype, mConfig.getString(proptype, null)); h.put(propsource, mConfig.getString(propsource, null)); h.put(propvalue, mConfig.getString(propvalue, null)); } ext = new GenericASN1Extension(h); return ext; - } - + } + /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { int idx = 0; Vector<String> params = new Vector<String>(); @@ -436,7 +434,7 @@ public class GenericASN1Ext extends APolicyRule implements params.addElement(PROP_NAME + "=" + mConfig.getString(PROP_NAME, null)); params.addElement(PROP_OID + "=" + mConfig.getString(PROP_OID, null)); params.addElement(PROP_PATTERN + "=" + mConfig.getString(PROP_PATTERN, null)); - + for (idx = 0; idx < MAX_ATTR; idx++) { String proptype = PROP_ATTRIBUTE + "." + idx + "." + PROP_TYPE; String propsource = PROP_ATTRIBUTE + "." + idx + "." + PROP_SOURCE; @@ -447,7 +445,8 @@ public class GenericASN1Ext extends APolicyRule implements params.addElement(propvalue + "=" + mConfig.getString(propvalue, null)); } params.addElement(PROP_PREDICATE + "=" + mConfig.getString(PROP_PREDICATE, null)); - } catch (EBaseException e) {; + } catch (EBaseException e) { + ; } return params; @@ -455,26 +454,25 @@ public class GenericASN1Ext extends APolicyRule implements /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { int idx = 0; - + Vector<String> defParams = new Vector<String>(); defParams.addElement(PROP_CRITICAL + "=false"); defParams.addElement(PROP_NAME + "="); defParams.addElement(PROP_OID + "="); defParams.addElement(PROP_PATTERN + "="); - + for (idx = 0; idx < MAX_ATTR; idx++) { defParams.addElement(PROP_ATTRIBUTE + "." + idx + "." + PROP_TYPE + "="); defParams.addElement(PROP_ATTRIBUTE + "." + idx + "." + PROP_SOURCE + "="); defParams.addElement(PROP_ATTRIBUTE + "." + idx + "." + PROP_VALUE + "="); } - + return defParams; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/IssuerAltNameExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/IssuerAltNameExt.java index 9524f689..fc975fd3 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/IssuerAltNameExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/IssuerAltNameExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Locale; @@ -41,23 +40,23 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Issuer Alt Name Extension policy. * - * This extension is used to associate Internet-style identities - * with the Certificate issuer. + * This extension is used to associate Internet-style identities with the + * Certificate issuer. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class IssuerAltNameExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { public static final String PROP_CRITICAL = "critical"; // PKIX specifies the that the extension SHOULD NOT be critical @@ -69,15 +68,15 @@ public class IssuerAltNameExt extends APolicyRule static { defaultParams.addElement(PROP_CRITICAL + "=" + DEFAULT_CRITICALITY); CMS.getGeneralNamesConfigDefaultParams(null, true, defaultParams); - + Vector<String> info = new Vector<String>(); info.addElement(PROP_CRITICAL + ";boolean;RFC 2459 recommendation: SHOULD NOT be marked critical."); info.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-issueraltname"); + ";configuration-policyrules-issueraltname"); info.addElement(IExtendedPluginInfo.HELP_TEXT + - ";This policy inserts the Issuer Alternative Name " + - "Extension into the certificate. See RFC 2459 (4.2.1.8). "); + ";This policy inserts the Issuer Alternative Name " + + "Extension into the certificate. See RFC 2459 (4.2.1.8). "); CMS.getGeneralNamesConfigExtendedPluginInfo(null, true, info); @@ -102,10 +101,11 @@ public class IssuerAltNameExt extends APolicyRule /** * Initializes this policy rule. - * @param config The config store reference + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; // get criticality @@ -120,43 +120,43 @@ public class IssuerAltNameExt extends APolicyRule // form extension try { - if (mEnabled && - mGNs.getGeneralNames() != null && !mGNs.getGeneralNames().isEmpty()) { - mExtension = + if (mEnabled && + mGNs.getGeneralNames() != null && !mGNs.getGeneralNames().isEmpty()) { + mExtension = new IssuerAlternativeNameExtension( - Boolean.valueOf(mCritical), mGNs.getGeneralNames()); + Boolean.valueOf(mCritical), mGNs.getGeneralNames()); } } catch (Exception e) { throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } // init instance params - mParams.addElement(PROP_CRITICAL + "=" + mCritical); + mParams.addElement(PROP_CRITICAL + "=" + mCritical); mGNs.getInstanceParams(mParams); return; } /** - * Adds a extension if none exists. - * - * @param req The request on which to apply policy. + * Adds a extension if none exists. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { PolicyResult res = PolicyResult.ACCEPTED; - if (mEnabled == false || mExtension == null) + if (mEnabled == false || mExtension == null) return res; - // get cert info. - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + // get cert info. + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); X509CertInfo certInfo = null; if (ci == null || (certInfo = ci[0]) == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); return PolicyResult.REJECTED; // unrecoverable error. } @@ -188,7 +188,7 @@ public class IssuerAltNameExt extends APolicyRule extensions = new CertificateExtensions(); try { certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } catch (CertificateException e) { // not possible @@ -214,10 +214,10 @@ public class IssuerAltNameExt extends APolicyRule try { extensions.set(IssuerAlternativeNameExtension.class.getSimpleName(), mExtension); } catch (Exception e) { - if (e instanceof RuntimeException) + if (e instanceof RuntimeException) throw (RuntimeException) e; - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CRL_CREATE_ISSUER_ALT_NAME_EXT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_ISSUER_ALT_NAME_EXT", e.toString())); setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR"), NAME); return PolicyResult.REJECTED; } @@ -226,21 +226,21 @@ public class IssuerAltNameExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return Empty Vector since this policy has no configuration parameters. - * for this policy instance. + * for this policy instance. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { return mParams; } /** * Return default parameters for a policy implementation. - * - * @return Empty Vector since this policy implementation has no - * configuration parameters. + * + * @return Empty Vector since this policy implementation has no + * configuration parameters. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { return defaultParams; } @@ -249,4 +249,3 @@ public class IssuerAltNameExt extends APolicyRule } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java index 4e9ef825..0988a636 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -44,25 +43,25 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * Policy to add Key Usage Extension. - * Adds the key usage extension based on what's requested. + * Policy to add Key Usage Extension. Adds the key usage extension based on + * what's requested. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class KeyUsageExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { private final static String HTTP_INPUT = "HTTP_INPUT"; - protected static final boolean[] DEF_BITS = - new boolean[KeyUsageExtension.NBITS]; + protected static final boolean[] DEF_BITS = + new boolean[KeyUsageExtension.NBITS]; protected int mCAPathLen = -1; protected IConfigStore mConfig = null; protected static final String PROP_CRITICAL = "critical"; @@ -97,25 +96,24 @@ public class KeyUsageExt extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.implName=KeyUsageExt - * ca.Policy.rule.<ruleName>.enable=true - * ca.Policy.rule.<ruleName>. - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.implName=KeyUsageExt + * ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>. + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; ICertAuthority certAuthority = (ICertAuthority) - ((IPolicyProcessor) owner).getAuthority(); + ((IPolicyProcessor) owner).getAuthority(); if (certAuthority == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER")); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "Cannot find the Certificate Manager or Registration Manager")); } @@ -123,9 +121,9 @@ public class KeyUsageExt extends APolicyRule CertificateChain caChain = certAuthority.getCACertChain(); X509Certificate caCert = null; - // Note that in RA the chain could be null if CA was not up when - // RA was started. In that case just set the length to -1 and let - // CA reject if it does not allow any subordinate CA certs. + // Note that in RA the chain could be null if CA was not up when + // RA was started. In that case just set the length to -1 and let + // CA reject if it does not allow any subordinate CA certs. if (caChain != null) { caCert = caChain.getFirstCertificate(); mCAPathLen = caCert.getBasicConstraints(); @@ -145,30 +143,29 @@ public class KeyUsageExt extends APolicyRule } /** - * Adds the key usage extension if not set already. - * (CRMF, agent, authentication (currently) or PKCS#10 (future) - * or RA could have set the extension.) - * If not set, set from http input parameters or use default if + * Adds the key usage extension if not set already. (CRMF, agent, + * authentication (currently) or PKCS#10 (future) or RA could have set the + * extension.) If not set, set from http input parameters or use default if * no http input parameters are set. * - * Note: this allows any bits requested - does not check if user - * authenticated is allowed to have a Key Usage Extension with - * those bits. Unless the CA's certificate path length is 0, then - * we do not allow CA sign or CRL sign bits in any request. + * Note: this allows any bits requested - does not check if user + * authenticated is allowed to have a Key Usage Extension with those bits. + * Unless the CA's certificate path length is 0, then we do not allow CA + * sign or CRL sign bits in any request. * * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { PolicyResult res = PolicyResult.ACCEPTED; - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (ci == null || ci[0] == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); return PolicyResult.REJECTED; // unrecoverable error. } @@ -184,7 +181,7 @@ public class KeyUsageExt extends APolicyRule public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) { try { CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); KeyUsageExtension ext = null; if (extensions != null) { @@ -195,7 +192,7 @@ public class KeyUsageExt extends APolicyRule // extension isn't there. ext = null; } - // check if CA does not allow subordinate CA certs. + // check if CA does not allow subordinate CA certs. // otherwise accept existing key usage extension. if (ext != null) { if (mCAPathLen == 0) { @@ -203,11 +200,11 @@ public class KeyUsageExt extends APolicyRule if ((bits.length > KeyUsageExtension.KEY_CERTSIGN_BIT && bits[KeyUsageExtension.KEY_CERTSIGN_BIT] == true) || - (bits.length > KeyUsageExtension.CRL_SIGN_BIT && + (bits.length > KeyUsageExtension.CRL_SIGN_BIT && bits[KeyUsageExtension.CRL_SIGN_BIT] == true)) { - setError(req, - CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED"), - NAME); + setError(req, + CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED"), + NAME); return PolicyResult.REJECTED; } } @@ -216,8 +213,8 @@ public class KeyUsageExt extends APolicyRule } else { // create extensions set if none. if (extensions == null) { - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } @@ -225,41 +222,41 @@ public class KeyUsageExt extends APolicyRule boolean[] bits = new boolean[KeyUsageExtension.NBITS]; - bits[KeyUsageExtension.DIGITAL_SIGNATURE_BIT] = getBit("digital_signature", - mDigitalSignature, req); - bits[KeyUsageExtension.NON_REPUDIATION_BIT] = getBit("non_repudiation", + bits[KeyUsageExtension.DIGITAL_SIGNATURE_BIT] = getBit("digital_signature", + mDigitalSignature, req); + bits[KeyUsageExtension.NON_REPUDIATION_BIT] = getBit("non_repudiation", mNonRepudiation, req); - bits[KeyUsageExtension.KEY_ENCIPHERMENT_BIT] = getBit("key_encipherment", + bits[KeyUsageExtension.KEY_ENCIPHERMENT_BIT] = getBit("key_encipherment", mKeyEncipherment, req); - bits[KeyUsageExtension.DATA_ENCIPHERMENT_BIT] = getBit("data_encipherment", + bits[KeyUsageExtension.DATA_ENCIPHERMENT_BIT] = getBit("data_encipherment", mDataEncipherment, req); - bits[KeyUsageExtension.KEY_AGREEMENT_BIT] = getBit("key_agreement", - mKeyAgreement, req); - bits[KeyUsageExtension.KEY_CERTSIGN_BIT] = getBit("key_certsign", + bits[KeyUsageExtension.KEY_AGREEMENT_BIT] = getBit("key_agreement", + mKeyAgreement, req); + bits[KeyUsageExtension.KEY_CERTSIGN_BIT] = getBit("key_certsign", mKeyCertsign, req); bits[KeyUsageExtension.CRL_SIGN_BIT] = getBit("crl_sign", mCrlSign, req); bits[KeyUsageExtension.ENCIPHER_ONLY_BIT] = getBit("encipher_only", mEncipherOnly, req); - bits[KeyUsageExtension.DECIPHER_ONLY_BIT] = getBit("decipher_only", + bits[KeyUsageExtension.DECIPHER_ONLY_BIT] = getBit("decipher_only", mDecipherOnly, req); - - // don't allow no bits set or the extension does not + + // don't allow no bits set or the extension does not // encode/decode properlly. boolean bitset = false; for (int i = 0; i < bits.length; i++) { if (bits[i]) { - bitset = true; + bitset = true; break; } } if (!bitset) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_NO_KEYUSAGE_EXTENSION_BITS_SET", NAME)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_NO_KEYUSAGE_EXTENSION_BITS_SET", NAME)); setError(req, CMS.getUserMessage("CMS_POLICY_NO_KEYUSAGE_EXTENSION_BITS_SET"), - NAME); + NAME); return PolicyResult.REJECTED; } - + // create the extension. try { mKeyUsage = new KeyUsageExtension(mCritical, bits); @@ -269,23 +266,23 @@ public class KeyUsageExt extends APolicyRule return PolicyResult.ACCEPTED; } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, e.getMessage()); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, e.getMessage()); return PolicyResult.REJECTED; // unrecoverable error. } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Certificate Info Error"); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Certificate Info Error"); return PolicyResult.REJECTED; // unrecoverable error. } } /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { Vector<String> params = new Vector<String>(); params.addElement(PROP_CRITICAL + "=" + mCritical); @@ -328,21 +325,21 @@ public class KeyUsageExt extends APolicyRule PROP_ENCIPHER_ONLY + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", PROP_DECIPHER_ONLY + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-keyusage", + ";configuration-policyrules-keyusage", IExtendedPluginInfo.HELP_TEXT + - ";Adds Key Usage Extension; See in RFC 2459 (4.2.1.3)" + ";Adds Key Usage Extension; See in RFC 2459 (4.2.1.3)" - }; + }; return params; } - + /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { return mDefParams; } @@ -355,4 +352,3 @@ public class KeyUsageExt extends APolicyRule return Boolean.valueOf(choice).booleanValue(); } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java index 019e3e08..c453eb0d 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.BufferedReader; import java.io.FileInputStream; import java.io.FileNotFoundException; @@ -45,21 +44,20 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * Netscape comment - * Adds Netscape comment policy + * Netscape comment Adds Netscape comment policy * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class NSCCommentExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_USER_NOTICE_DISPLAY_TEXT = "displayText"; protected static final String PROP_COMMENT_FILE = "commentFile"; @@ -68,19 +66,18 @@ public class NSCCommentExt extends APolicyRule protected static final String TEXT = "Text"; protected static final String FILE = "File"; - protected String mUserNoticeDisplayText; - protected String mCommentFile; - protected String mInputType; + protected String mUserNoticeDisplayText; + protected String mCommentFile; + protected String mInputType; protected boolean mCritical; private Vector<String> mParams = new Vector<String>(); - protected String tempCommentFile; + protected String tempCommentFile; protected boolean certApplied = false; /** - * Adds the Netscape comment in the end-entity certificates or - * CA certificates. The policy is set to be non-critical with the - * provided OID. + * Adds the Netscape comment in the end-entity certificates or CA + * certificates. The policy is set to be non-critical with the provided OID. */ public NSCCommentExt() { NAME = "NSCCommentExt"; @@ -91,16 +88,16 @@ public class NSCCommentExt extends APolicyRule * Initializes this policy rule. * <p> * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.implName=NSCCommentExtImpl - * ca.Policy.rule.<ruleName>.displayText=<n> - * ca.Policy.rule.<ruleName>.commentFile=<n> - * ca.Policy.rule.<ruleName>.enable=false - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.implName=NSCCommentExtImpl + * ca.Policy.rule.<ruleName>.displayText=<n> + * ca.Policy.rule.<ruleName>.commentFile=<n> + * ca.Policy.rule.<ruleName>.enable=false + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { FileInputStream fileStream = null; @@ -138,11 +135,11 @@ public class NSCCommentExt extends APolicyRule mParams.addElement(PROP_COMMENT_FILE + "=" + mCommentFile); } catch (FileNotFoundException e) { - Object[] params = {getInstanceName(), "File not found : " + tempCommentFile}; + Object[] params = { getInstanceName(), "File not found : " + tempCommentFile }; throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG"), params); } catch (Exception e) { - Object[] params = {getInstanceName(), e.getMessage()}; + Object[] params = { getInstanceName(), e.getMessage() }; throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG"), params); } @@ -151,16 +148,16 @@ public class NSCCommentExt extends APolicyRule /** * Applies the policy on the given Request. * <p> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { PolicyResult res = PolicyResult.ACCEPTED; // get cert info. - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (ci == null || ci[0] == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); @@ -191,8 +188,8 @@ public class NSCCommentExt extends APolicyRule if (extensions == null) { extensions = new CertificateExtensions(); try { - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } catch (Exception e) { } @@ -200,10 +197,10 @@ public class NSCCommentExt extends APolicyRule // remove any previously computed version of the extension try { extensions.delete(NSCCommentExtension.class.getSimpleName()); - + } catch (IOException e) { // this is the hack: for some reason, the key which is the name - // of the policy has been converted into the OID + // of the policy has been converted into the OID try { extensions.delete("2.16.840.1.113730.1.13"); } catch (IOException ee) { @@ -211,7 +208,8 @@ public class NSCCommentExt extends APolicyRule } } if (mInputType.equals("File")) { - // if ((mUserNoticeDisplayText.equals("")) && !(mCommentFile.equals(""))) { + // if ((mUserNoticeDisplayText.equals("")) && + // !(mCommentFile.equals(""))) { try { // Read the comments file BufferedReader fis = new BufferedReader(new FileReader(mCommentFile)); @@ -225,9 +223,9 @@ public class NSCCommentExt extends APolicyRule fis.close(); } catch (IOException e) { setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, " Comment Text file not found : " + mCommentFile); + NAME, " Comment Text file not found : " + mCommentFile); log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_COMMENT_FILE_NOT_FOUND", e.toString())); + CMS.getLogMessage("POLICY_COMMENT_FILE_NOT_FOUND", e.toString())); return PolicyResult.REJECTED; } @@ -235,20 +233,20 @@ public class NSCCommentExt extends APolicyRule } certApplied = true; - + DisplayText displayText = - new DisplayText(DisplayText.tag_IA5String, mUserNoticeDisplayText); + new DisplayText(DisplayText.tag_IA5String, mUserNoticeDisplayText); try { - NSCCommentExtension cpExt = - new NSCCommentExtension(mCritical, mUserNoticeDisplayText); + NSCCommentExtension cpExt = + new NSCCommentExtension(mCritical, mUserNoticeDisplayText); extensions.set(NSCCommentExtension.class.getSimpleName(), cpExt); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", NAME)); + CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", NAME)); setError(req, - CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME); + CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME); return PolicyResult.REJECTED; } return PolicyResult.ACCEPTED; @@ -258,16 +256,16 @@ public class NSCCommentExt extends APolicyRule String[] params = { PROP_CRITICAL + ";boolean;Netscape recommendation: non-critical.", PROP_INPUT_TYPE + ";choice(Text,File);Whether the comments " + - "would be entered in the displayText field or come from " + - "a file.", + "would be entered in the displayText field or come from " + + "a file.", PROP_USER_NOTICE_DISPLAY_TEXT + ";string;The comment that may be " + - "displayed to the user when the certificate is viewed.", + "displayed to the user when the certificate is viewed.", PROP_COMMENT_FILE + ";string; If data source is 'File', specify " + - "the file name with full path.", + "the file name with full path.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-nsccomment", + ";configuration-policyrules-nsccomment", IExtendedPluginInfo.HELP_TEXT + - ";Adds 'netscape comment' extension. See manual" + ";Adds 'netscape comment' extension. See manual" }; return params; @@ -276,19 +274,19 @@ public class NSCCommentExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { return mParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { Vector<String> defParams = new Vector<String>(); defParams.addElement(PROP_CRITICAL + "=false"); diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java index 88c57d2e..c80f65e5 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -46,45 +45,45 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * NS Cert Type policy. - * Adds the ns cert type extension depending on cert type requested. + * NS Cert Type policy. Adds the ns cert type extension depending on cert type + * requested. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class NSCertTypeExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_SET_DEFAULT_BITS = "setDefaultBits"; protected static final boolean DEF_SET_DEFAULT_BITS = true; - protected static final String DEF_SET_DEFAULT_BITS_VAL = - Boolean.valueOf(DEF_SET_DEFAULT_BITS).toString(); + protected static final String DEF_SET_DEFAULT_BITS_VAL = + Boolean.valueOf(DEF_SET_DEFAULT_BITS).toString(); protected static final int DEF_PATHLEN = -1; - protected static final boolean[] DEF_BITS = - new boolean[NSCertTypeExtension.NBITS]; + protected static final boolean[] DEF_BITS = + new boolean[NSCertTypeExtension.NBITS]; - // XXX for future use. currenlty always allow. + // XXX for future use. currenlty always allow. protected static final String PROP_AGENT_OVERR = "allowAgentOverride"; protected static final String PROP_EE_OVERR = "AllowEEOverride"; - // XXX for future use. currently always critical - // (standard says SHOULD be marked critical if included.) + // XXX for future use. currently always critical + // (standard says SHOULD be marked critical if included.) protected static final String PROP_CRITICAL = "critical"; - // XXX for future use to allow overrides from forms. + // XXX for future use to allow overrides from forms. // request must be agent approved or authenticated. protected boolean mAllowAgentOverride = false; protected boolean mAllowEEOverride = false; - // XXX for future use. currently always non-critical + // XXX for future use. currently always non-critical protected boolean mCritical = false; protected int mCAPathLen = -1; @@ -112,25 +111,25 @@ public class NSCertTypeExt extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ra.Policy.rule.<ruleName>.implName=nsCertTypeExt - * ra.Policy.rule.<ruleName>.enable=true - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=nsCertTypeExt + * ra.Policy.rule.<ruleName>.enable=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; // XXX future use. - //mAllowAgentOverride = config.getBoolean(PROP_AGENT_OVERR, false); - //mAllowEEOverride = config.getBoolean(PROP_EE_OVERR, false); + // mAllowAgentOverride = config.getBoolean(PROP_AGENT_OVERR, false); + // mAllowEEOverride = config.getBoolean(PROP_EE_OVERR, false); mCritical = config.getBoolean(PROP_CRITICAL, false); ICertAuthority certAuthority = (ICertAuthority) - ((IPolicyProcessor) owner).getAuthority(); + ((IPolicyProcessor) owner).getAuthority(); if (certAuthority instanceof ICertificateAuthority) { CertificateChain caChain = certAuthority.getCACertChain(); @@ -141,7 +140,7 @@ public class NSCertTypeExt extends APolicyRule // CA reject if it does not allow any subordinate CA certs. if (caChain != null) { caCert = caChain.getFirstCertificate(); - if (caCert != null) + if (caCert != null) mCAPathLen = caCert.getBasicConstraints(); } } @@ -151,25 +150,24 @@ public class NSCertTypeExt extends APolicyRule } /** - * Adds the ns cert type if not set already. - * reads ns cert type choices from form. If no choices from form - * will defaults to all. + * Adds the ns cert type if not set already. reads ns cert type choices from + * form. If no choices from form will defaults to all. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { CMS.debug("NSCertTypeExt: Impl: " + NAME + ", Instance: " + getInstanceName() + "::apply()"); PolicyResult res = PolicyResult.ACCEPTED; - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); - + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo certInfo = null; if (ci == null || (certInfo = ci[0]) == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); return PolicyResult.REJECTED; // unrecoverable error. } @@ -184,10 +182,10 @@ public class NSCertTypeExt extends APolicyRule public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) { try { - String certType = - req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); + String certType = + req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); NSCertTypeExtension nsCertTypeExt = null; if (extensions != null) { @@ -201,13 +199,13 @@ public class NSCertTypeExt extends APolicyRule } // XXX agent servlet currently sets this. it should be // delayed to here. - if (nsCertTypeExt != null && - extensionIsGood(nsCertTypeExt, req)) { + if (nsCertTypeExt != null && + extensionIsGood(nsCertTypeExt, req)) { CMS.debug( - "NSCertTypeExt: already has correct ns cert type ext"); + "NSCertTypeExt: already has correct ns cert type ext"); return PolicyResult.ACCEPTED; - } else if ((nsCertTypeExt != null) && - (certType.equals("ocspResponder"))) { + } else if ((nsCertTypeExt != null) && + (certType.equals("ocspResponder"))) { // Fix for #528732 : Always delete // this extension from OCSP signing cert extensions.delete(NSCertTypeExtension.class.getSimpleName()); @@ -216,12 +214,12 @@ public class NSCertTypeExt extends APolicyRule } else { // create extensions set if none. if (extensions == null) { - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); CMS.debug( - "NSCertTypeExt: Created extensions for adding ns cert type.."); + "NSCertTypeExt: Created extensions for adding ns cert type.."); } } // add ns cert type extension if not set or not set correctly. @@ -229,13 +227,13 @@ public class NSCertTypeExt extends APolicyRule bits = getBitsFromRequest(req, mSetDefaultBits); - // check if ca doesn't allow any subordinate ca - if (mCAPathLen == 0 && bits != null) { - if (bits[NSCertTypeExtension.SSL_CA_BIT] || - bits[NSCertTypeExtension.EMAIL_CA_BIT] || - bits[NSCertTypeExtension.OBJECT_SIGNING_CA_BIT]) { - setError(req, - CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED"), NAME); + // check if ca doesn't allow any subordinate ca + if (mCAPathLen == 0 && bits != null) { + if (bits[NSCertTypeExtension.SSL_CA_BIT] || + bits[NSCertTypeExtension.EMAIL_CA_BIT] || + bits[NSCertTypeExtension.OBJECT_SIGNING_CA_BIT]) { + setError(req, + CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED"), NAME); return PolicyResult.REJECTED; } } @@ -249,11 +247,12 @@ public class NSCertTypeExt extends APolicyRule int j; for (j = 0; bits != null && j < bits.length; j++) - if (bits[j]) break; + if (bits[j]) + break; if (bits == null || j == bits.length) { if (!mSetDefaultBits) { CMS.debug( - "NSCertTypeExt: no bits requested, not setting default."); + "NSCertTypeExt: no bits requested, not setting default."); return PolicyResult.ACCEPTED; } else bits = DEF_BITS; @@ -264,30 +263,29 @@ public class NSCertTypeExt extends APolicyRule return PolicyResult.ACCEPTED; } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, e.getMessage()); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, e.getMessage()); return PolicyResult.REJECTED; // unrecoverable error. } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Certificate Info Error"); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Certificate Info Error"); return PolicyResult.REJECTED; // unrecoverable error. } } /** - * check if ns cert type extension is set correctly, - * correct bits if not. - * if not authorized to set extension, bits will be replaced. + * check if ns cert type extension is set correctly, correct bits if not. if + * not authorized to set extension, bits will be replaced. */ protected boolean extensionIsGood( - NSCertTypeExtension nsCertTypeExt, IRequest req) - throws IOException, CertificateException { + NSCertTypeExtension nsCertTypeExt, IRequest req) + throws IOException, CertificateException { // always return false for now to make sure minimum is set. // agents and ee can add others. - // must be agent approved or authenticated for allowing extensions + // must be agent approved or authenticated for allowing extensions // which is always the case if we get to this point. IAuthToken token = req.getExtDataInAuthToken(IRequest.AUTH_TOKEN); @@ -295,7 +293,7 @@ public class NSCertTypeExt extends APolicyRule // don't know where this came from. // set all bits to false to reset. CMS.debug( - "NSCertTypeExt: unknown origin: setting ns cert type bits to false"); + "NSCertTypeExt: unknown origin: setting ns cert type bits to false"); boolean[] bits = new boolean[8]; for (int i = bits.length - 1; i >= 0; i--) { @@ -316,36 +314,36 @@ public class NSCertTypeExt extends APolicyRule } if (certType.equals(IRequest.CA_CERT)) { if (!nsCertTypeExt.isSet(NSCertTypeExtension.SSL_CA_BIT) && - !nsCertTypeExt.isSet(NSCertTypeExtension.EMAIL_CA_BIT) && - !nsCertTypeExt.isSet( - NSCertTypeExtension.OBJECT_SIGNING_CA_BIT)) { + !nsCertTypeExt.isSet(NSCertTypeExtension.EMAIL_CA_BIT) && + !nsCertTypeExt.isSet( + NSCertTypeExtension.OBJECT_SIGNING_CA_BIT)) { // min not set so set all. CMS.debug( - "NSCertTypeExt: is extension good: no ca bits set. set all"); + "NSCertTypeExt: is extension good: no ca bits set. set all"); - nsCertTypeExt.set(NSCertTypeExtension.SSL_CA, - Boolean.valueOf(true)); + nsCertTypeExt.set(NSCertTypeExtension.SSL_CA, + Boolean.valueOf(true)); nsCertTypeExt.set(NSCertTypeExtension.EMAIL_CA, - Boolean.valueOf(true)); + Boolean.valueOf(true)); nsCertTypeExt.set(NSCertTypeExtension.OBJECT_SIGNING_CA, - Boolean.valueOf(true)); + Boolean.valueOf(true)); } return true; } else if (certType.equals(IRequest.CLIENT_CERT)) { if (!nsCertTypeExt.isSet(NSCertTypeExtension.SSL_CLIENT_BIT) && - !nsCertTypeExt.isSet(NSCertTypeExtension.EMAIL_BIT) && - !nsCertTypeExt.isSet(NSCertTypeExtension.SSL_SERVER_BIT) && - !nsCertTypeExt.isSet( - NSCertTypeExtension.OBJECT_SIGNING_BIT)) { + !nsCertTypeExt.isSet(NSCertTypeExtension.EMAIL_BIT) && + !nsCertTypeExt.isSet(NSCertTypeExtension.SSL_SERVER_BIT) && + !nsCertTypeExt.isSet( + NSCertTypeExtension.OBJECT_SIGNING_BIT)) { // min not set so set all. CMS.debug( - "NSCertTypeExt: is extension good: no cl bits set. set all"); - nsCertTypeExt.set(NSCertTypeExtension.SSL_CLIENT, - new Boolean(true)); + "NSCertTypeExt: is extension good: no cl bits set. set all"); + nsCertTypeExt.set(NSCertTypeExtension.SSL_CLIENT, + new Boolean(true)); nsCertTypeExt.set(NSCertTypeExtension.EMAIL, - new Boolean(true)); + new Boolean(true)); nsCertTypeExt.set(NSCertTypeExtension.OBJECT_SIGNING, - new Boolean(true)); + new Boolean(true)); } return true; } else if (certType.equals(IRequest.SERVER_CERT)) { @@ -358,14 +356,13 @@ public class NSCertTypeExt extends APolicyRule } /** - * Gets ns cert type bits from request. - * If none set, use cert type to determine correct bits. - * If no cert type, use default. - */ + * Gets ns cert type bits from request. If none set, use cert type to + * determine correct bits. If no cert type, use default. + */ protected boolean[] getBitsFromRequest(IRequest req, boolean setDefault) { boolean[] bits = null; - + CMS.debug("NSCertTypeExt: ns cert type getting ns cert type vars"); bits = getNSCertTypeBits(req); if (bits == null && setDefault) { @@ -440,23 +437,23 @@ public class NSCertTypeExt extends APolicyRule */ protected boolean[] getCertTypeBits(IRequest req) { String certType = - req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); + req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); - if (certType == null || certType.length() == 0) + if (certType == null || certType.length() == 0) return null; boolean[] bits = new boolean[KeyUsageExtension.NBITS]; - for (int i = bits.length - 1; i >= 0; i--) + for (int i = bits.length - 1; i >= 0; i--) bits[i] = false; if (certType.equals(IRequest.CLIENT_CERT)) { CMS.debug("NSCertTypeExt: setting bits for client cert"); - // we can only guess here when it's client. + // we can only guess here when it's client. // sets all client bit for default. bits[NSCertTypeExtension.SSL_CLIENT_BIT] = true; bits[NSCertTypeExtension.EMAIL_BIT] = true; - //bits[NSCertTypeExtension.OBJECT_SIGNING_BIT] = true; + // bits[NSCertTypeExtension.OBJECT_SIGNING_BIT] = true; } else if (certType.equals(IRequest.SERVER_CERT)) { CMS.debug("NSCertTypeExt: setting bits for server cert"); bits[NSCertTypeExtension.SSL_SERVER_BIT] = true; @@ -477,9 +474,8 @@ public class NSCertTypeExt extends APolicyRule } /** - * merge bits with those set from form. - * make sure required minimum is set. Agent or auth can set others. - * XXX form shouldn't set the extension + * merge bits with those set from form. make sure required minimum is set. + * Agent or auth can set others. XXX form shouldn't set the extension */ public void mergeBits(NSCertTypeExtension nsCertTypeExt, boolean[] bits) { for (int i = bits.length - 1; i >= 0; i--) { @@ -492,37 +488,37 @@ public class NSCertTypeExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { Vector<String> params = new Vector<String>(); params.addElement(PROP_CRITICAL + "=" + mCritical); params.addElement(PROP_SET_DEFAULT_BITS + "=" + mSetDefaultBits); - //new Boolean(mSetDefaultBits).toString()); + // new Boolean(mSetDefaultBits).toString()); return params; } private static Vector<String> mDefParams = new Vector<String>(); static { mDefParams.addElement( - PROP_CRITICAL + "=false"); + PROP_CRITICAL + "=false"); mDefParams.addElement( - PROP_SET_DEFAULT_BITS + "=" + DEF_SET_DEFAULT_BITS); + PROP_SET_DEFAULT_BITS + "=" + DEF_SET_DEFAULT_BITS); } public String[] getExtendedPluginInfo(Locale locale) { String[] params = { PROP_CRITICAL + ";boolean;Netscape recommendation: non-critical.", PROP_SET_DEFAULT_BITS + ";boolean;Specify whether to set the Netscape certificate " + - "type extension with default bits ('ssl client' and 'email') in certificates " + - "specified by the predicate " + - "expression.", + "type extension with default bits ('ssl client' and 'email') in certificates " + + "specified by the predicate " + + "expression.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-nscerttype", + ";configuration-policyrules-nscerttype", IExtendedPluginInfo.HELP_TEXT + - ";Adds Netscape Certificate Type extension." + ";Adds Netscape Certificate Type extension." }; return params; @@ -530,11 +526,10 @@ public class NSCertTypeExt extends APolicyRule /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { return mDefParams; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java index 8b8001bb..e47cf978 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Locale; @@ -43,22 +42,21 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * Name Constraints Extension Policy - * Adds the name constraints extension to a (CA) certificate. - * Filtering of CA certificates is done through predicates. + * Name Constraints Extension Policy Adds the name constraints extension to a + * (CA) certificate. Filtering of CA certificates is done through predicates. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class NameConstraintsExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_CRITICAL = "critical"; protected static final String PROP_NUM_PERMITTEDSUBTREES = "numPermittedSubtrees"; protected static final String PROP_NUM_EXCLUDEDSUBTREES = "numExcludedSubtrees"; @@ -90,37 +88,31 @@ public class NameConstraintsExt extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.predicate=certType==ca - * ca.Policy.rule.<ruleName>.implName= - * ca.Policy.rule.<ruleName>.enable=true - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.predicate=certType==ca + * ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; - // XXX should do do this ? - // if CA does not allow subordinate CAs by way of basic constraints, - // this policy always rejects + // XXX should do do this ? + // if CA does not allow subordinate CAs by way of basic constraints, + // this policy always rejects /***** - ICertAuthority certAuthority = (ICertAuthority) - ((IPolicyProcessor)owner).getAuthority(); - if (certAuthority instanceof ICertificateAuthority) { - CertificateChain caChain = certAuthority.getCACertChain(); - X509Certificate caCert = null; - // Note that in RA the chain could be null if CA was not up when - // RA was started. In that case just set the length to -1 and let - // CA reject if it does not allow any subordinate CA certs. - if (caChain != null) { - caCert = caChain.getFirstCertificate(); - if (caCert != null) - mCAPathLen = caCert.getBasicConstraints(); - } - } + * ICertAuthority certAuthority = (ICertAuthority) + * ((IPolicyProcessor)owner).getAuthority(); if (certAuthority + * instanceof ICertificateAuthority) { CertificateChain caChain = + * certAuthority.getCACertChain(); X509Certificate caCert = null; // + * Note that in RA the chain could be null if CA was not up when // RA + * was started. In that case just set the length to -1 and let // CA + * reject if it does not allow any subordinate CA certs. if (caChain != + * null) { caCert = caChain.getFirstCertificate(); if (caCert != null) + * mCAPathLen = caCert.getBasicConstraints(); } } ****/ mEnabled = mConfig.getBoolean( @@ -133,25 +125,25 @@ public class NameConstraintsExt extends APolicyRule if (mNumPermittedSubtrees < 0) { throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - PROP_NUM_PERMITTEDSUBTREES, + PROP_NUM_PERMITTEDSUBTREES, "value must be greater than or equal to 0")); } if (mNumExcludedSubtrees < 0) { throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - PROP_NUM_EXCLUDEDSUBTREES, + PROP_NUM_EXCLUDEDSUBTREES, "value must be greater than or equal to 0")); } // init permitted subtrees if any. if (mNumPermittedSubtrees > 0) { - mPermittedSubtrees = + mPermittedSubtrees = form_subtrees(PROP_PERMITTEDSUBTREES, mNumPermittedSubtrees); CMS.debug("NameConstraintsExt: formed permitted subtrees"); } // init excluded subtrees if any. if (mNumExcludedSubtrees > 0) { - mExcludedSubtrees = + mExcludedSubtrees = form_subtrees(PROP_EXCLUDEDSUBTREES, mNumExcludedSubtrees); CMS.debug("NameConstraintsExt: formed excluded subtrees"); } @@ -163,13 +155,13 @@ public class NameConstraintsExt extends APolicyRule for (int i = 0; i < mNumPermittedSubtrees; i++) { permittedSubtrees.addElement( - mPermittedSubtrees[i].mGeneralSubtree); + mPermittedSubtrees[i].mGeneralSubtree); } Vector<GeneralSubtree> excludedSubtrees = new Vector<GeneralSubtree>(); for (int j = 0; j < mNumExcludedSubtrees; j++) { excludedSubtrees.addElement( - mExcludedSubtrees[j].mGeneralSubtree); + mExcludedSubtrees[j].mGeneralSubtree); } GeneralSubtrees psb = null; @@ -181,44 +173,44 @@ public class NameConstraintsExt extends APolicyRule if (excludedSubtrees.size() > 0) { esb = new GeneralSubtrees(excludedSubtrees); } - mNameConstraintsExtension = - new NameConstraintsExtension(mCritical, - psb, - esb); + mNameConstraintsExtension = + new NameConstraintsExtension(mCritical, + psb, + esb); CMS.debug("NameConstraintsExt: formed Name Constraints Extension " + - mNameConstraintsExtension); + mNameConstraintsExtension); } catch (IOException e) { throw new EBaseException( CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", - "Error initializing Name Constraints Extension: " + e)); + "Error initializing Name Constraints Extension: " + e)); } } - // form instance params + // form instance params mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical); mInstanceParams.addElement( - PROP_NUM_PERMITTEDSUBTREES + "=" + mNumPermittedSubtrees); + PROP_NUM_PERMITTEDSUBTREES + "=" + mNumPermittedSubtrees); mInstanceParams.addElement( - PROP_NUM_EXCLUDEDSUBTREES + "=" + mNumExcludedSubtrees); + PROP_NUM_EXCLUDEDSUBTREES + "=" + mNumExcludedSubtrees); if (mNumPermittedSubtrees > 0) { - for (int i = 0; i < mPermittedSubtrees.length; i++) + for (int i = 0; i < mPermittedSubtrees.length; i++) mPermittedSubtrees[i].getInstanceParams(mInstanceParams); } if (mNumExcludedSubtrees > 0) { - for (int j = 0; j < mExcludedSubtrees.length; j++) + for (int j = 0; j < mExcludedSubtrees.length; j++) mExcludedSubtrees[j].getInstanceParams(mInstanceParams); } } - Subtree[] form_subtrees(String subtreesName, int numSubtrees) - throws EBaseException { + Subtree[] form_subtrees(String subtreesName, int numSubtrees) + throws EBaseException { Subtree[] subtrees = new Subtree[numSubtrees]; for (int i = 0; i < numSubtrees; i++) { String subtreeName = subtreesName + i; IConfigStore subtreeConfig = mConfig.getSubStore(subtreeName); - Subtree subtree = - new Subtree(subtreeName, subtreeConfig, mEnabled); + Subtree subtree = + new Subtree(subtreeName, subtreeConfig, mEnabled); subtrees[i] = subtree; } @@ -228,28 +220,28 @@ public class NameConstraintsExt extends APolicyRule /** * Adds Name Constraints Extension to a (CA) certificate. * - * If a Name constraints Extension is already there, accept it if - * it's been approved by agent, else replace it. - * - * @param req The request on which to apply policy. + * If a Name constraints Extension is already there, accept it if it's been + * approved by agent, else replace it. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { - // if extension hasn't been properly configured reject requests until + // if extension hasn't been properly configured reject requests until // it has been resolved (or disabled). if (mNameConstraintsExtension == null) { - //setError(req, PolicyResources.EXTENSION_NOT_INITED_1, NAME); - //return PolicyResult.REJECTED; + // setError(req, PolicyResources.EXTENSION_NOT_INITED_1, NAME); + // return PolicyResult.REJECTED; return PolicyResult.ACCEPTED; } // get certInfo from request. - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (ci == null || ci[0] == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); - return PolicyResult.REJECTED; + return PolicyResult.REJECTED; } for (int i = 0; i < ci.length; i++) { @@ -269,7 +261,7 @@ public class NameConstraintsExt extends APolicyRule try { NameConstraintsExtension nameConstraintsExt = null; CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); try { if (extensions != null) { @@ -277,71 +269,70 @@ public class NameConstraintsExt extends APolicyRule extensions.get(NameConstraintsExtension.class.getSimpleName()); } } catch (IOException e) { - // extension isn't there. + // extension isn't there. } if (nameConstraintsExt != null) { if (agentApproved(req)) { CMS.debug( - "NameConstraintsExt: request id from agent " + req.getRequestId() + - " already has name constraints - accepted"); + "NameConstraintsExt: request id from agent " + req.getRequestId() + + " already has name constraints - accepted"); return PolicyResult.ACCEPTED; } else { CMS.debug( - "NameConstraintsExt: request id " + req.getRequestId() + " from user " + - " already has name constraints - deleted"); + "NameConstraintsExt: request id " + req.getRequestId() + " from user " + + " already has name constraints - deleted"); extensions.delete(NameConstraintsExtension.class.getSimpleName()); } } if (extensions == null) { certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } extensions.set( - NameConstraintsExtension.class.getSimpleName(), mNameConstraintsExtension); + NameConstraintsExtension.class.getSimpleName(), mNameConstraintsExtension); CMS.debug( - "NameConstraintsExt: added Name Constraints Extension to request " + - req.getRequestId()); + "NameConstraintsExt: added Name Constraints Extension to request " + + req.getRequestId()); return PolicyResult.ACCEPTED; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_NAME_CONST_EXTENSION", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, e.getMessage()); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_NAME_CONST_EXTENSION", e.getMessage())); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, e.getMessage()); return PolicyResult.REJECTED; } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Certificate Info Error"); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Certificate Info Error"); return PolicyResult.REJECTED; } } /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { return mInstanceParams; } /** - * Default config parameters. - * To add more permitted or excluded subtrees, - * increase the num to greater than 0 and more configuration params - * will show up in the console. + * Default config parameters. To add more permitted or excluded subtrees, + * increase the num to greater than 0 and more configuration params will + * show up in the console. */ private static Vector<String> mDefParams = new Vector<String>(); static { mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL); mDefParams.addElement( - PROP_NUM_PERMITTEDSUBTREES + "=" + DEF_NUM_PERMITTEDSUBTREES); + PROP_NUM_PERMITTEDSUBTREES + "=" + DEF_NUM_PERMITTEDSUBTREES); mDefParams.addElement( - PROP_NUM_EXCLUDEDSUBTREES + "=" + DEF_NUM_EXCLUDEDSUBTREES); + PROP_NUM_EXCLUDEDSUBTREES + "=" + DEF_NUM_EXCLUDEDSUBTREES); for (int k = 0; k < DEF_NUM_PERMITTEDSUBTREES; k++) { Subtree.getDefaultParams(PROP_PERMITTEDSUBTREES + k, mDefParams); } @@ -352,10 +343,10 @@ public class NameConstraintsExt extends APolicyRule /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { return mDefParams; } @@ -364,9 +355,9 @@ public class NameConstraintsExt extends APolicyRule theparams.addElement(PROP_CRITICAL + ";boolean;RFC 2459 recommendation: MUST be critical."); theparams.addElement( - PROP_NUM_PERMITTEDSUBTREES + ";number;See RFC 2459 sec 4.2.1.11"); + PROP_NUM_PERMITTEDSUBTREES + ";number;See RFC 2459 sec 4.2.1.11"); theparams.addElement( - PROP_NUM_EXCLUDEDSUBTREES + ";number;See RFC 2459 sec 4.2.1.11"); + PROP_NUM_EXCLUDEDSUBTREES + ";number;See RFC 2459 sec 4.2.1.11"); // now do the subtrees. for (int k = 0; k < DEF_NUM_PERMITTEDSUBTREES; k++) { @@ -376,9 +367,9 @@ public class NameConstraintsExt extends APolicyRule Subtree.getExtendedPluginInfo(PROP_EXCLUDEDSUBTREES + l, theparams); } theparams.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-nameconstraints"); + ";configuration-policyrules-nameconstraints"); theparams.addElement(IExtendedPluginInfo.HELP_TEXT + - ";Adds Name Constraints Extension. See RFC 2459"); + ";Adds Name Constraints Extension. See RFC 2459"); String[] info = new String[theparams.size()]; @@ -387,9 +378,8 @@ public class NameConstraintsExt extends APolicyRule } } - /** - * subtree configuration + * subtree configuration */ class Subtree { @@ -400,8 +390,7 @@ class Subtree { protected static final int DEF_MIN = 0; protected static final int DEF_MAX = -1; // -1 (less than 0) means not set. - protected static final String - MINMAX_INFO = "number;See RFC 2459 section 4.2.1.11"; + protected static final String MINMAX_INFO = "number;See RFC 2459 section 4.2.1.11"; String mName = null; IConfigStore mConfig = null; @@ -414,13 +403,13 @@ class Subtree { String mNameDotMax = null; public Subtree( - String subtreeName, IConfigStore config, boolean policyEnabled) - throws EBaseException { + String subtreeName, IConfigStore config, boolean policyEnabled) + throws EBaseException { mName = subtreeName; mConfig = config; if (mName != null) { - mNameDot = mName + "."; + mNameDot = mName + "."; mNameDotMin = mNameDot + PROP_MIN; mNameDotMax = mNameDot + PROP_MAX; } else { @@ -439,13 +428,14 @@ class Subtree { // if policy enabled get values to form the general subtree. mMin = mConfig.getInteger(PROP_MIN, DEF_MIN); mMax = mConfig.getInteger(PROP_MAX, DEF_MAX); - if (mMax < -1) mMax = -1; + if (mMax < -1) + mMax = -1; mBase = CMS.createGeneralNameAsConstraintsConfig( - mNameDot + PROP_BASE, mConfig.getSubStore(PROP_BASE), + mNameDot + PROP_BASE, mConfig.getSubStore(PROP_BASE), true, policyEnabled); if (policyEnabled) { - mGeneralSubtree = + mGeneralSubtree = new GeneralSubtree(mBase.getGeneralName(), mMin, mMax); } } @@ -476,4 +466,3 @@ class Subtree { info.addElement(nameDot + PROP_MAX + ";" + MINMAX_INFO); } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java index 9e36ae80..b57ff58a 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Locale; @@ -39,25 +38,25 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * This implements an OCSP Signing policy, it - * adds the OCSP Signing extension to the certificate. + * This implements an OCSP Signing policy, it adds the OCSP Signing extension to + * the certificate. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$ $Date$ */ public class OCSPNoCheckExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { - + implements IEnrollmentPolicy, IExtendedPluginInfo { + public static final String PROP_CRITICAL = "critical"; private boolean mCritical = false; - + // PKIX specifies the that the extension SHOULD NOT be critical public static final boolean DEFAULT_CRITICALITY = false; @@ -75,9 +74,9 @@ public class OCSPNoCheckExt extends APolicyRule String[] params = { PROP_CRITICAL + ";boolean;RFC 2560 recommendation: SHOULD be non-critical.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-ocspnocheck", + ";configuration-policyrules-ocspnocheck", IExtendedPluginInfo.HELP_TEXT + - ";Adds OCSP signing extension to certificate" + ";Adds OCSP signing extension to certificate" }; return params; @@ -88,9 +87,9 @@ public class OCSPNoCheckExt extends APolicyRule * Performs one-time initialization of the policy. */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mOCSPNoCheck = new OCSPNoCheckExtension(); - + if (mOCSPNoCheck != null) { // configure the extension itself mCritical = config.getBoolean(PROP_CRITICAL, @@ -110,7 +109,7 @@ public class OCSPNoCheckExt extends APolicyRule } X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (ci == null || ci[0] == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); @@ -131,22 +130,23 @@ public class OCSPNoCheckExt extends APolicyRule // find the extensions in the certInfo CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); // prepare the extensions data structure if (extensions == null) { certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } else { try { extensions.delete(OCSPNoCheckExtension.class.getSimpleName()); } catch (IOException ex) { // OCSPNoCheck extension is not already there - // log(ILogger.LL_FAILURE, "No previous extension: "+OCSPNoCheckExtension.NAME+" "+ex.getMessage()); + // log(ILogger.LL_FAILURE, + // "No previous extension: "+OCSPNoCheckExtension.NAME+" "+ex.getMessage()); } } @@ -157,16 +157,16 @@ public class OCSPNoCheckExt extends APolicyRule } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME, - e.getMessage()); + e.getMessage()); return PolicyResult.REJECTED; } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME, - e.getMessage()); + e.getMessage()); return PolicyResult.REJECTED; } } - + /** * Returns instance parameters. */ @@ -175,9 +175,9 @@ public class OCSPNoCheckExt extends APolicyRule params.addElement(PROP_CRITICAL + "=" + mCritical); return params; - + } - + /** * Returns default parameters. */ @@ -186,6 +186,6 @@ public class OCSPNoCheckExt extends APolicyRule defParams.addElement(PROP_CRITICAL + "=false"); return defParams; - + } } diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java index 849036c7..f1a18cf4 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Locale; @@ -40,31 +39,28 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * Policy Constraints Extension Policy - * Adds the policy constraints extension to (CA) certificates. - * Filtering of CA certificates is done through predicates. + * Policy Constraints Extension Policy Adds the policy constraints extension to + * (CA) certificates. Filtering of CA certificates is done through predicates. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class PolicyConstraintsExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_CRITICAL = "critical"; - protected static final String - PROP_REQ_EXPLICIT_POLICY = "reqExplicitPolicy"; - protected static final String - PROP_INHIBIT_POLICY_MAPPING = "inhibitPolicyMapping"; + protected static final String PROP_REQ_EXPLICIT_POLICY = "reqExplicitPolicy"; + protected static final String PROP_INHIBIT_POLICY_MAPPING = "inhibitPolicyMapping"; protected static final boolean DEF_CRITICAL = false; - protected static final int DEF_REQ_EXPLICIT_POLICY = -1; // not set - protected static final int DEF_INHIBIT_POLICY_MAPPING = -1; // not set + protected static final int DEF_REQ_EXPLICIT_POLICY = -1; // not set + protected static final int DEF_INHIBIT_POLICY_MAPPING = -1; // not set protected boolean mEnabled = false; protected IConfigStore mConfig = null; @@ -80,9 +76,9 @@ public class PolicyConstraintsExt extends APolicyRule static { mDefaultParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL); mDefaultParams.addElement( - PROP_REQ_EXPLICIT_POLICY + "=" + DEF_REQ_EXPLICIT_POLICY); + PROP_REQ_EXPLICIT_POLICY + "=" + DEF_REQ_EXPLICIT_POLICY); mDefaultParams.addElement( - PROP_INHIBIT_POLICY_MAPPING + "=" + DEF_INHIBIT_POLICY_MAPPING); + PROP_INHIBIT_POLICY_MAPPING + "=" + DEF_INHIBIT_POLICY_MAPPING); } public PolicyConstraintsExt() { @@ -93,37 +89,31 @@ public class PolicyConstraintsExt extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.predicate=certType==ca - * ca.Policy.rule.<ruleName>.implName= - * ca.Policy.rule.<ruleName>.enable=true - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.predicate=certType==ca + * ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; - // XXX should do do this ? - // if CA does not allow subordinate CAs by way of basic constraints, - // this policy always rejects + // XXX should do do this ? + // if CA does not allow subordinate CAs by way of basic constraints, + // this policy always rejects /***** - ICertAuthority certAuthority = (ICertAuthority) - ((GenericPolicyProcessor)owner).mAuthority; - if (certAuthority instanceof ICertificateAuthority) { - CertificateChain caChain = certAuthority.getCACertChain(); - X509Certificate caCert = null; - // Note that in RA the chain could be null if CA was not up when - // RA was started. In that case just set the length to -1 and let - // CA reject if it does not allow any subordinate CA certs. - if (caChain != null) { - caCert = caChain.getFirstCertificate(); - if (caCert != null) - mCAPathLen = caCert.getBasicConstraints(); - } - } + * ICertAuthority certAuthority = (ICertAuthority) + * ((GenericPolicyProcessor)owner).mAuthority; if (certAuthority + * instanceof ICertificateAuthority) { CertificateChain caChain = + * certAuthority.getCACertChain(); X509Certificate caCert = null; // + * Note that in RA the chain could be null if CA was not up when // RA + * was started. In that case just set the length to -1 and let // CA + * reject if it does not allow any subordinate CA certs. if (caChain != + * null) { caCert = caChain.getFirstCertificate(); if (caCert != null) + * mCAPathLen = caCert.getBasicConstraints(); } } ****/ mEnabled = mConfig.getBoolean( @@ -135,58 +125,58 @@ public class PolicyConstraintsExt extends APolicyRule mInhibitPolicyMapping = mConfig.getInteger( PROP_INHIBIT_POLICY_MAPPING, DEF_INHIBIT_POLICY_MAPPING); - if (mReqExplicitPolicy < -1) + if (mReqExplicitPolicy < -1) mReqExplicitPolicy = -1; - if (mInhibitPolicyMapping < -1) + if (mInhibitPolicyMapping < -1) mInhibitPolicyMapping = -1; - - // create instance of policy constraings extension + + // create instance of policy constraings extension try { - mPolicyConstraintsExtension = - new PolicyConstraintsExtension(mCritical, - mReqExplicitPolicy, mInhibitPolicyMapping); + mPolicyConstraintsExtension = + new PolicyConstraintsExtension(mCritical, + mReqExplicitPolicy, mInhibitPolicyMapping); CMS.debug( - "PolicyConstraintsExt: Created Policy Constraints Extension: " + - mPolicyConstraintsExtension); + "PolicyConstraintsExt: Created Policy Constraints Extension: " + + mPolicyConstraintsExtension); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_CANT_INIT_POLICY_CONST_EXT", e.toString())); + CMS.getLogMessage("POLICY_ERROR_CANT_INIT_POLICY_CONST_EXT", e.toString())); throw new EBaseException( CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", - "Could not init Policy Constraints Extension. Error: " + e)); + "Could not init Policy Constraints Extension. Error: " + e)); } - // form instance params + // form instance params mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical); mInstanceParams.addElement( - PROP_REQ_EXPLICIT_POLICY + "=" + mReqExplicitPolicy); + PROP_REQ_EXPLICIT_POLICY + "=" + mReqExplicitPolicy); mInstanceParams.addElement( - PROP_INHIBIT_POLICY_MAPPING + "=" + mInhibitPolicyMapping); + PROP_INHIBIT_POLICY_MAPPING + "=" + mInhibitPolicyMapping); } /** * Adds Policy Constraints Extension to a (CA) certificate. * - * If a Policy constraints Extension is already there, accept it if - * it's been approved by agent, else replace it. - * - * @param req The request on which to apply policy. + * If a Policy constraints Extension is already there, accept it if it's + * been approved by agent, else replace it. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { - // if extension hasn't been properly configured reject requests until + // if extension hasn't been properly configured reject requests until // it has been resolved (or disabled). if (mPolicyConstraintsExtension == null) { return PolicyResult.ACCEPTED; } // get certInfo from request. - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (ci == null || ci[0] == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); - return PolicyResult.REJECTED; + return PolicyResult.REJECTED; } for (int i = 0; i < ci.length; i++) { @@ -206,7 +196,7 @@ public class PolicyConstraintsExt extends APolicyRule try { PolicyConstraintsExtension policyConstraintsExt = null; CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); try { if (extensions != null) { @@ -214,7 +204,7 @@ public class PolicyConstraintsExt extends APolicyRule extensions.get(PolicyConstraintsExtension.class.getSimpleName()); } } catch (IOException e) { - // extension isn't there. + // extension isn't there. } if (policyConstraintsExt != null) { @@ -227,55 +217,55 @@ public class PolicyConstraintsExt extends APolicyRule if (extensions == null) { certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } extensions.set( - "PolicyConstriantsExt", mPolicyConstraintsExtension); + "PolicyConstriantsExt", mPolicyConstraintsExtension); CMS.debug("PolicyConstraintsExt: added our policy constraints extension"); return PolicyResult.ACCEPTED; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_CANT_PROCESS_POLICY_CONST_EXT", e.toString())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, e.getMessage()); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_CANT_PROCESS_POLICY_CONST_EXT", e.toString())); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, e.getMessage()); return PolicyResult.REJECTED; } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Certificate Info Error"); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Certificate Info Error"); return PolicyResult.REJECTED; } } /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { return mInstanceParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { return mDefaultParams; } /** - * gets plugin info for pretty console edit displays. + * gets plugin info for pretty console edit displays. */ public String[] getExtendedPluginInfo(Locale locale) { mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical); mInstanceParams.addElement( - PROP_REQ_EXPLICIT_POLICY + "=" + mReqExplicitPolicy); + PROP_REQ_EXPLICIT_POLICY + "=" + mReqExplicitPolicy); mInstanceParams.addElement( - PROP_INHIBIT_POLICY_MAPPING + "=" + mInhibitPolicyMapping); + PROP_INHIBIT_POLICY_MAPPING + "=" + mInhibitPolicyMapping); String[] params = { PROP_CRITICAL + ";boolean;RFC 2459 recommendation: may be critical or non-critical.", @@ -287,4 +277,3 @@ public class PolicyConstraintsExt extends APolicyRule return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java index 1d901d57..80efc78f 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Locale; @@ -43,22 +42,21 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * Policy Mappings Extension Policy - * Adds the Policy Mappings extension to a (CA) certificate. - * Filtering of CA certificates is done through predicates. + * Policy Mappings Extension Policy Adds the Policy Mappings extension to a (CA) + * certificate. Filtering of CA certificates is done through predicates. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class PolicyMappingsExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_CRITICAL = "critical"; protected static final String PROP_NUM_POLICYMAPPINGS = "numPolicyMappings"; @@ -85,37 +83,31 @@ public class PolicyMappingsExt extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.predicate=certType==ca - * ca.Policy.rule.<ruleName>.implName= - * ca.Policy.rule.<ruleName>.enable=true - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.predicate=certType==ca + * ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; - // XXX should do do this ? - // if CA does not allow subordinate CAs by way of basic constraints, - // this policy always rejects + // XXX should do do this ? + // if CA does not allow subordinate CAs by way of basic constraints, + // this policy always rejects /***** - ICertAuthority certAuthority = (ICertAuthority) - ((IPolicyProcessor)owner).getAuthority(); - if (certAuthority instanceof ICertificateAuthority) { - CertificateChain caChain = certAuthority.getCACertChain(); - X509Certificate caCert = null; - // Note that in RA the chain could be null if CA was not up when - // RA was started. In that case just set the length to -1 and let - // CA reject if it does not allow any subordinate CA certs. - if (caChain != null) { - caCert = caChain.getFirstCertificate(); - if (caCert != null) - mCAPathLen = caCert.getBasicConstraints(); - } - } + * ICertAuthority certAuthority = (ICertAuthority) + * ((IPolicyProcessor)owner).getAuthority(); if (certAuthority + * instanceof ICertificateAuthority) { CertificateChain caChain = + * certAuthority.getCACertChain(); X509Certificate caCert = null; // + * Note that in RA the chain could be null if CA was not up when // RA + * was started. In that case just set the length to -1 and let // CA + * reject if it does not allow any subordinate CA certs. if (caChain != + * null) { caCert = caChain.getFirstCertificate(); if (caCert != null) + * mCAPathLen = caCert.getBasicConstraints(); } } ****/ mEnabled = mConfig.getBoolean( @@ -131,7 +123,7 @@ public class PolicyMappingsExt extends APolicyRule "value must be greater than or equal to 1")); } - // init Policy Mappings, check values if enabled. + // init Policy Mappings, check values if enabled. mPolicyMaps = new PolicyMap[mNumPolicyMappings]; for (int i = 0; i < mNumPolicyMappings; i++) { String subtreeName = PROP_POLICYMAP + i; @@ -140,7 +132,7 @@ public class PolicyMappingsExt extends APolicyRule mPolicyMaps[i] = new PolicyMap(subtreeName, mConfig, mEnabled); } catch (EBaseException e) { log(ILogger.LL_FAILURE, NAME + ": " + - CMS.getLogMessage("POLICY_ERROR_CREATE_MAP", e.toString())); + CMS.getLogMessage("POLICY_ERROR_CREATE_MAP", e.toString())); throw e; } } @@ -152,21 +144,21 @@ public class PolicyMappingsExt extends APolicyRule for (int j = 0; j < mNumPolicyMappings; j++) { certPolicyMaps.addElement( - mPolicyMaps[j].mCertificatePolicyMap); + mPolicyMaps[j].mCertificatePolicyMap); } - mPolicyMappingsExtension = + mPolicyMappingsExtension = new PolicyMappingsExtension(mCritical, certPolicyMaps); } catch (IOException e) { throw new EBaseException( CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", - "Error initializing " + NAME + " Error: " + e)); + "Error initializing " + NAME + " Error: " + e)); } } - // form instance params + // form instance params mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical); mInstanceParams.addElement( - PROP_NUM_POLICYMAPPINGS + "=" + mNumPolicyMappings); + PROP_NUM_POLICYMAPPINGS + "=" + mNumPolicyMappings); for (int i = 0; i < mNumPolicyMappings; i++) { mPolicyMaps[i].getInstanceParams(mInstanceParams); } @@ -175,28 +167,28 @@ public class PolicyMappingsExt extends APolicyRule /** * Adds policy mappings Extension to a (CA) certificate. * - * If a policy mappings Extension is already there, accept it if - * it's been approved by agent, else replace it. - * - * @param req The request on which to apply policy. + * If a policy mappings Extension is already there, accept it if it's been + * approved by agent, else replace it. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { - // if extension hasn't been properly configured reject requests until + // if extension hasn't been properly configured reject requests until // it has been resolved (or disabled). if (mPolicyMappingsExtension == null) { - //setError(req, PolicyResources.EXTENSION_NOT_INITED_1, NAME); - //return PolicyResult.REJECTED; + // setError(req, PolicyResources.EXTENSION_NOT_INITED_1, NAME); + // return PolicyResult.REJECTED; return PolicyResult.ACCEPTED; } // get certInfo from request. - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); - + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + if (ci == null || ci[0] == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); - return PolicyResult.REJECTED; + return PolicyResult.REJECTED; } for (int i = 0; i < ci.length; i++) { @@ -215,7 +207,7 @@ public class PolicyMappingsExt extends APolicyRule try { PolicyMappingsExtension policyMappingsExt = null; CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); try { if (extensions != null) { @@ -223,7 +215,7 @@ public class PolicyMappingsExt extends APolicyRule extensions.get(PolicyMappingsExtension.class.getSimpleName()); } } catch (IOException e) { - // extension isn't there. + // extension isn't there. } if (policyMappingsExt != null) { @@ -236,87 +228,86 @@ public class PolicyMappingsExt extends APolicyRule if (extensions == null) { certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } extensions.set( - PolicyMappingsExtension.class.getSimpleName(), mPolicyMappingsExtension); + PolicyMappingsExtension.class.getSimpleName(), mPolicyMappingsExtension); return PolicyResult.ACCEPTED; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_PROCESS_POLICYMAP_EXT", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, e.getMessage()); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_PROCESS_POLICYMAP_EXT", e.getMessage())); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, e.getMessage()); return PolicyResult.REJECTED; } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Certificate Info Error"); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Certificate Info Error"); return PolicyResult.REJECTED; } } /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { return mInstanceParams; } /** - * Default config parameters. - * To add more permitted or excluded subtrees, - * increase the num to greater than 0 and more configuration params - * will show up in the console. + * Default config parameters. To add more permitted or excluded subtrees, + * increase the num to greater than 0 and more configuration params will + * show up in the console. */ private static Vector<String> mDefParams = new Vector<String>(); static { mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL); mDefParams.addElement( - PROP_NUM_POLICYMAPPINGS + "=" + DEF_NUM_POLICYMAPPINGS); + PROP_NUM_POLICYMAPPINGS + "=" + DEF_NUM_POLICYMAPPINGS); String policyMap0Dot = PROP_POLICYMAP + "0."; mDefParams.addElement( - policyMap0Dot + PolicyMap.PROP_ISSUER_DOMAIN_POLICY + "=" + ""); + policyMap0Dot + PolicyMap.PROP_ISSUER_DOMAIN_POLICY + "=" + ""); mDefParams.addElement( - policyMap0Dot + PolicyMap.PROP_SUBJECT_DOMAIN_POLICY + "=" + ""); + policyMap0Dot + PolicyMap.PROP_SUBJECT_DOMAIN_POLICY + "=" + ""); } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { return mDefParams; } public String[] getExtendedPluginInfo(Locale locale) { Vector<String> theparams = new Vector<String>(); - + theparams.addElement(PROP_CRITICAL + ";boolean;RFC 2459 recommendation: MUST be non-critical."); theparams.addElement(PROP_NUM_POLICYMAPPINGS + ";number; Number of policy mappings. The value must be greater than or equal to 1"); - String policyInfo = - ";string;An object identifier in the form n.n.n.n"; + String policyInfo = + ";string;An object identifier in the form n.n.n.n"; for (int k = 0; k < 5; k++) { String policyMapkDot = PROP_POLICYMAP + k + "."; theparams.addElement(policyMapkDot + - PolicyMap.PROP_ISSUER_DOMAIN_POLICY + policyInfo); + PolicyMap.PROP_ISSUER_DOMAIN_POLICY + policyInfo); theparams.addElement(policyMapkDot + - PolicyMap.PROP_SUBJECT_DOMAIN_POLICY + policyInfo); + PolicyMap.PROP_SUBJECT_DOMAIN_POLICY + policyInfo); } theparams.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-policymappings"); + ";configuration-policyrules-policymappings"); theparams.addElement(IExtendedPluginInfo.HELP_TEXT + - ";Adds Policy Mappings Extension. See RFC 2459 (4.2.1.6)"); + ";Adds Policy Mappings Extension. See RFC 2459 (4.2.1.6)"); String[] params = new String[theparams.size()]; @@ -325,7 +316,6 @@ public class PolicyMappingsExt extends APolicyRule } } - class PolicyMap { protected static String PROP_ISSUER_DOMAIN_POLICY = "issuerDomainPolicy"; @@ -340,47 +330,48 @@ class PolicyMap { /** * forms policy map parameters. + * * @param name name of this policy map, for example policyMap0 * @param config parent's config from where we find this configuration. * @param enabled whether policy was enabled. */ - protected PolicyMap(String name, IConfigStore config, boolean enabled) - throws EBaseException { + protected PolicyMap(String name, IConfigStore config, boolean enabled) + throws EBaseException { mName = name; mConfig = config.getSubStore(mName); mNameDot = mName + "."; - if( mConfig == null ) { - CMS.debug( "PolicyMappingsExt::PolicyMap - mConfig is null!" ); + if (mConfig == null) { + CMS.debug("PolicyMappingsExt::PolicyMap - mConfig is null!"); return; } // if there's no configuration for this map put it there. if (mConfig.size() == 0) { - config.putString(mNameDot + PROP_ISSUER_DOMAIN_POLICY, ""); - config.putString(mNameDot + PROP_SUBJECT_DOMAIN_POLICY, ""); + config.putString(mNameDot + PROP_ISSUER_DOMAIN_POLICY, ""); + config.putString(mNameDot + PROP_SUBJECT_DOMAIN_POLICY, ""); mConfig = config.getSubStore(mName); if (mConfig == null || mConfig.size() == 0) { - CMS.debug( "PolicyMappingsExt::PolicyMap - mConfig " + - "is null or empty!" ); + CMS.debug("PolicyMappingsExt::PolicyMap - mConfig " + + "is null or empty!"); return; } } // get policy ids from configuration. - mIssuerDomainPolicy = + mIssuerDomainPolicy = mConfig.getString(PROP_ISSUER_DOMAIN_POLICY, null); - mSubjectDomainPolicy = + mSubjectDomainPolicy = mConfig.getString(PROP_SUBJECT_DOMAIN_POLICY, null); // adjust for "" and console returning "null" - if (mIssuerDomainPolicy != null && - (mIssuerDomainPolicy.length() == 0 || + if (mIssuerDomainPolicy != null && + (mIssuerDomainPolicy.length() == 0 || mIssuerDomainPolicy.equals("null"))) { mIssuerDomainPolicy = null; } - if (mSubjectDomainPolicy != null && - (mSubjectDomainPolicy.length() == 0 || + if (mSubjectDomainPolicy != null && + (mSubjectDomainPolicy.length() == 0 || mSubjectDomainPolicy.equals("null"))) { mSubjectDomainPolicy = null; } @@ -388,26 +379,26 @@ class PolicyMap { // policy ids cannot be null if policy is enabled. String msg = "value cannot be null."; - if (mIssuerDomainPolicy == null && enabled) + if (mIssuerDomainPolicy == null && enabled) throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", mNameDot + PROP_ISSUER_DOMAIN_POLICY, msg)); - if (mSubjectDomainPolicy == null && enabled) + if (mSubjectDomainPolicy == null && enabled) throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", mNameDot + PROP_SUBJECT_DOMAIN_POLICY, msg)); - // if a policy id is not null check that it is a valid OID. + // if a policy id is not null check that it is a valid OID. ObjectIdentifier issuerPolicyId = null; ObjectIdentifier subjectPolicyId = null; - if (mIssuerDomainPolicy != null) + if (mIssuerDomainPolicy != null) issuerPolicyId = CMS.checkOID( mNameDot + PROP_ISSUER_DOMAIN_POLICY, mIssuerDomainPolicy); - if (mSubjectDomainPolicy != null) + if (mSubjectDomainPolicy != null) subjectPolicyId = CMS.checkOID( mNameDot + PROP_SUBJECT_DOMAIN_POLICY, mSubjectDomainPolicy); - - // if enabled, form CertificatePolicyMap to be encoded in extension. - // policy ids should be all set. + + // if enabled, form CertificatePolicyMap to be encoded in extension. + // policy ids should be all set. if (enabled) { mCertificatePolicyMap = new CertificatePolicyMap( new CertificatePolicyId(issuerPolicyId), @@ -417,12 +408,11 @@ class PolicyMap { protected void getInstanceParams(Vector<String> instanceParams) { instanceParams.addElement( - mNameDot + PROP_ISSUER_DOMAIN_POLICY + "=" + (mIssuerDomainPolicy == null ? "" : - mIssuerDomainPolicy)); + mNameDot + PROP_ISSUER_DOMAIN_POLICY + "=" + (mIssuerDomainPolicy == null ? "" : + mIssuerDomainPolicy)); instanceParams.addElement( - mNameDot + PROP_SUBJECT_DOMAIN_POLICY + "=" + (mSubjectDomainPolicy == null ? "" : - mSubjectDomainPolicy)); + mNameDot + PROP_SUBJECT_DOMAIN_POLICY + "=" + (mSubjectDomainPolicy == null ? "" : + mSubjectDomainPolicy)); } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PresenceExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PresenceExt.java index 125555c4..a171a400 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/PresenceExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PresenceExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.util.Locale; import java.util.Vector; @@ -32,11 +31,12 @@ import com.netscape.cms.policy.APolicyRule; /** * Checks extension presence. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ @@ -77,7 +77,7 @@ public class PresenceExt extends APolicyRule { } public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; mCritical = config.getBoolean(PROP_IS_CRITICAL, false); @@ -97,19 +97,18 @@ public class PresenceExt extends APolicyRule { PolicyResult res = PolicyResult.ACCEPTED; /* - PresenceServerExtension ext = new PresenceServerExtension(mCritical, - mOID, mVersion, mStreetAddress, - mTelephoneNumber, mRFC822Name, mID, - mHostName, mPortNumber, mMaxUsers, mServiceLevel); + * PresenceServerExtension ext = new PresenceServerExtension(mCritical, + * mOID, mVersion, mStreetAddress, mTelephoneNumber, mRFC822Name, mID, + * mHostName, mPortNumber, mMaxUsers, mServiceLevel); */ - + return res; } - public Vector<String> getInstanceParams() { - Vector<String> params = new Vector<String>(); + public Vector<String> getInstanceParams() { + Vector<String> params = new Vector<String>(); - params.addElement(PROP_IS_CRITICAL + "=" + mCritical); + params.addElement(PROP_IS_CRITICAL + "=" + mCritical); params.addElement(PROP_OID + "=" + mOID); params.addElement(PROP_VERSION + "=" + mVersion); params.addElement(PROP_STREET_ADDRESS + "=" + mStreetAddress); @@ -137,21 +136,21 @@ public class PresenceExt extends APolicyRule { PROP_MAX_USERS + ";string; max users", PROP_SERVICE_LEVEL + ";string; service level", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-presenceext", + ";configuration-policyrules-presenceext", IExtendedPluginInfo.HELP_TEXT + - ";Adds Presence Server Extension;" + ";Adds Presence Server Extension;" - }; + }; return params; } - + /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { return mDefParams; } } diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PrivateKeyUsagePeriodExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PrivateKeyUsagePeriodExt.java index 8b3ab40c..60c0dfbc 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/PrivateKeyUsagePeriodExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PrivateKeyUsagePeriodExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.text.SimpleDateFormat; @@ -42,20 +41,20 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * PrivateKeyUsagePeriod Identifier Extension policy. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class PrivateKeyUsagePeriodExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { private final static String PROP_NOT_BEFORE = "notBefore"; private final static String PROP_NOT_AFTER = "notAfter"; @@ -94,16 +93,16 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule public String[] getExtendedPluginInfo(Locale locale) { String[] params = { PROP_IS_CRITICAL + ";boolean;RFC 2459 recommendation: The profile " + - "recommends against the use of this extension. CAs " + - "conforming to the profile MUST NOT generate certs with " + - "critical private key usage period extensions.", + "recommends against the use of this extension. CAs " + + "conforming to the profile MUST NOT generate certs with " + + "critical private key usage period extensions.", PROP_NOT_BEFORE + ";string; Date before which the Private Key is invalid.", PROP_NOT_AFTER + ";string; Date after which the Private Key is invalid.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-privatekeyusageperiod", + ";configuration-policyrules-privatekeyusageperiod", IExtendedPluginInfo.HELP_TEXT + - ";Adds (deprecated) Private Key Usage Period Extension. " + - "Defined in RFC 2459 (4.2.1.4)" + ";Adds (deprecated) Private Key Usage Period Extension. " + + "Defined in RFC 2459 (4.2.1.4)" }; return params; @@ -119,17 +118,17 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule /** * Initializes this policy rule. - * ra.Policy.rule.<ruleName>.implName=PrivateKeyUsageExtension - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.notBefore=30 - * ra.Policy.rule.<ruleName>.notAfter=180 - * ra.Policy.rule.<ruleName>.critical=false - * ra.Policy.rule.<ruleName>.predicate=ou==Sales - * - * @param config The config store reference + * ra.Policy.rule.<ruleName>.implName=PrivateKeyUsageExtension + * ra.Policy.rule.<ruleName>.enable=true + * ra.Policy.rule.<ruleName>.notBefore=30 + * ra.Policy.rule.<ruleName>.notAfter=180 + * ra.Policy.rule.<ruleName>.critical=false + * ra.Policy.rule.<ruleName>.predicate=ou==Sales + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { try { // Get params. @@ -145,7 +144,7 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule notAfter = formatter.format(formatter.parse(mNotAfter.trim())); } catch (Exception e) { // e.printStackTrace(); - Object[] params = {getInstanceName(), e}; + Object[] params = { getInstanceName(), e }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG"), params); @@ -154,20 +153,20 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule } /** - * Adds a private key usage extension if none exists. - * - * @param req The request on which to apply policy. + * Adds a private key usage extension if none exists. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { PolicyResult res = PolicyResult.ACCEPTED; // get cert info. - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); - + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + if (ci == null || ci[0] == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); return PolicyResult.REJECTED; // unrecoverable error. } @@ -201,7 +200,7 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule // remove any previously computed version of the extension try { extensions.delete(PrivateKeyUsageExtension.class.getSimpleName()); - + } catch (IOException e) { } @@ -209,16 +208,16 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule try { ext = new PrivateKeyUsageExtension( - formatter.parse(mNotBefore), + formatter.parse(mNotBefore), formatter.parse(mNotAfter)); certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions.set(PrivateKeyUsageExtension.class.getSimpleName(), ext); } catch (Exception e) { - if (e instanceof RuntimeException) + if (e instanceof RuntimeException) throw (RuntimeException) e; - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_CREATE_PRIVATE_KEY_EXT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_CREATE_PRIVATE_KEY_EXT", e.toString())); setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR"), NAME); return PolicyResult.REJECTED; } @@ -227,11 +226,11 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return Empty Vector since this policy has no configuration parameters. - * for this policy instance. + * for this policy instance. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { Vector<String> params = new Vector<String>(); params.addElement(PROP_IS_CRITICAL + "=" + mCritical); @@ -242,11 +241,11 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule /** * Return default parameters for a policy implementation. - * - * @return Empty Vector since this policy implementation has no - * configuration parameters. + * + * @return Empty Vector since this policy implementation has no + * configuration parameters. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { Vector<String> defParams = new Vector<String>(); defParams.addElement(PROP_IS_CRITICAL + "=" + DEFAULT_CRITICALITY); @@ -255,4 +254,3 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule return defParams; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java index 396afc97..08c88e97 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Locale; @@ -37,55 +36,54 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * Remove Basic Constraints policy. - * Adds the Basic constraints extension. + * Remove Basic Constraints policy. Adds the Basic constraints extension. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class RemoveBasicConstraintsExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { public RemoveBasicConstraintsExt() { NAME = "RemoveBasicConstraintsExt"; DESC = "Remove Basic Constraints extension"; } public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { } public PolicyResult apply(IRequest req) { PolicyResult res = PolicyResult.ACCEPTED; // get cert info. - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); X509CertInfo certInfo = null; if (ci == null || (certInfo = ci[0]) == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); return PolicyResult.REJECTED; // unrecoverable error. } for (int i = 0; i < ci.length; i++) { PolicyResult certResult = applyCert(req, certInfo); - if (certResult == PolicyResult.REJECTED) + if (certResult == PolicyResult.REJECTED) return certResult; } return PolicyResult.ACCEPTED; } public PolicyResult applyCert( - IRequest req, X509CertInfo certInfo) { + IRequest req, X509CertInfo certInfo) { // get basic constraints extension from cert info if any. CertificateExtensions extensions = null; @@ -110,10 +108,10 @@ public class RemoveBasicConstraintsExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { Vector<String> params = new Vector<String>(); return params; @@ -121,10 +119,10 @@ public class RemoveBasicConstraintsExt extends APolicyRule /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { Vector<String> defParams = new Vector<String>(); return defParams; @@ -133,13 +131,12 @@ public class RemoveBasicConstraintsExt extends APolicyRule public String[] getExtendedPluginInfo(Locale locale) { String[] params = { IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-removebasicconstraints", + ";configuration-policyrules-removebasicconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Removes the Basic Constraints extension." + ";Removes the Basic Constraints extension." }; return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java index aab88ff3..8a91dca6 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Locale; @@ -42,56 +41,54 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * - * THIS POLICY HAS BEEN DEPRECATED SINCE CMS 4.2. - * New Policy is com.netscape.certsrv.policy.SubjectAltNameExt. + * THIS POLICY HAS BEEN DEPRECATED SINCE CMS 4.2. New Policy is + * com.netscape.certsrv.policy.SubjectAltNameExt. * <p> * * Subject Alternative Name extension policy in CMS 4.1. - * - * Adds the subject alternative name extension depending on the - * certificate type requested. - * - * Two forms are supported. 1) For S/MIME certificates, email - * addresses are copied from data stored in the request by the - * authentication component. Both 'e' and 'altEmail' are supported - * so that both the primary address and alternative forms may be - * certified. Only the primary goes in the subjectName position (which - * should be phased out). - * - * e - * mailAlternateAddress + * + * Adds the subject alternative name extension depending on the certificate type + * requested. + * + * Two forms are supported. 1) For S/MIME certificates, email addresses are + * copied from data stored in the request by the authentication component. Both + * 'e' and 'altEmail' are supported so that both the primary address and + * alternative forms may be certified. Only the primary goes in the subjectName + * position (which should be phased out). + * + * e mailAlternateAddress * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class SubjAltNameExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { - // for future use. currently always allow. + implements IEnrollmentPolicy, IExtendedPluginInfo { + // for future use. currently always allow. protected static final String PROP_AGENT_OVERR = "allowAgentOverride"; protected static final String PROP_EE_OVERR = "AllowEEOverride"; protected static final String PROP_ENABLE_MANUAL_VALUES = - "enableManualValues"; + "enableManualValues"; - // for future use. currently always non-critical - // (standard says SHOULD be marked critical if included.) + // for future use. currently always non-critical + // (standard says SHOULD be marked critical if included.) protected static final String PROP_CRITICAL = "critical"; - // for future use to allow overrides from forms. + // for future use to allow overrides from forms. // request must be agent approved or authenticated. protected boolean mAllowAgentOverride = false; protected boolean mAllowEEOverride = false; protected boolean mEnableManualValues = false; - // for future use. currently always critical - // (standard says SHOULD be marked critical if included.) + // for future use. currently always critical + // (standard says SHOULD be marked critical if included.) protected boolean mCritical = false; public SubjAltNameExt() { @@ -103,15 +100,15 @@ public class SubjAltNameExt extends APolicyRule String[] params = { PROP_CRITICAL + ";boolean;RFC 2459 recommendation: If the certificate subject field contains an empty sequence, the subjectAltName extension MUST be marked critical.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-subjaltname", + ";configuration-policyrules-subjaltname", IExtendedPluginInfo.HELP_TEXT + - ";This policy inserts the Subject Alternative Name " + - "Extension into the certificate. See RFC 2459 (4.2.1.7). " + - "* Note: you probably want to use this policy in " + - "conjunction with an authentication manager which sets " + - "the 'mail' or 'mailalternateaddress' values in the authToken. " + - "See the 'ldapStringAttrs' parameter in the Directory-based " + - "authentication plugin" + ";This policy inserts the Subject Alternative Name " + + "Extension into the certificate. See RFC 2459 (4.2.1.7). " + + "* Note: you probably want to use this policy in " + + "conjunction with an authentication manager which sets " + + "the 'mail' or 'mailalternateaddress' values in the authToken. " + + "See the 'ldapStringAttrs' parameter in the Directory-based " + + "authentication plugin" }; return params; @@ -121,40 +118,41 @@ public class SubjAltNameExt extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ra.Policy.rule.<ruleName>.implName=SubjAltNameExt - * ra.Policy.rule.<ruleName>.enable=true - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=SubjAltNameExt + * ra.Policy.rule.<ruleName>.enable=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { // future use. mAllowAgentOverride = config.getBoolean(PROP_AGENT_OVERR, false); mAllowEEOverride = config.getBoolean(PROP_EE_OVERR, false); mCritical = config.getBoolean(PROP_CRITICAL, false); - // mEnableManualValues = config.getBoolean(PROP_ENABLE_MANUAL_VALUES, false); + // mEnableManualValues = config.getBoolean(PROP_ENABLE_MANUAL_VALUES, + // false); } /** * Adds the subject alternative names extension if not set already. - * + * * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { PolicyResult res = PolicyResult.ACCEPTED; // Find the X509CertInfo object in the request - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (ci == null || ci[0] == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); return PolicyResult.REJECTED; // unrecoverable error. } @@ -174,12 +172,11 @@ public class SubjAltNameExt extends APolicyRule // // General error handling block // - apply: - try { + apply: try { // Find the extensions in the certInfo CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); if (extensions != null) { // @@ -193,17 +190,17 @@ public class SubjAltNameExt extends APolicyRule } // - // Determine the type of the request. For future expansion + // Determine the type of the request. For future expansion // this test should dispatch to a specialized object to - // handle each particular type. For now just return for + // handle each particular type. For now just return for // non-client certs, and implement client certs directly here. // String certType = - req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); + req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); if (certType == null || - !certType.equals(IRequest.CLIENT_CERT) || - !req.getExtDataInBoolean(IRequest.SMIME, false)) { + !certType.equals(IRequest.CLIENT_CERT) || + !req.getExtDataInBoolean(IRequest.SMIME, false)) { break apply; } @@ -212,30 +209,32 @@ public class SubjAltNameExt extends APolicyRule IAuthToken tok = findAuthToken(req, null); - if (tok == null) break apply; + if (tok == null) + break apply; Vector<String> emails = getEmailList(tok); - if (emails == null) break apply; + if (emails == null) + break apply; - // Create the extension + // Create the extension SubjectAlternativeNameExtension subjAltNameExt = mkExt(emails); if (extensions == null) extensions = createCertificateExtensions(certInfo); extensions.set(SubjectAlternativeNameExtension.class.getSimpleName(), - subjAltNameExt); + subjAltNameExt); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, e.getMessage()); + log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, e.getMessage()); return PolicyResult.REJECTED; // unrecoverable error. } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Certificate Info Error"); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Certificate Info Error"); return PolicyResult.REJECTED; // unrecoverable error. } @@ -243,28 +242,29 @@ public class SubjAltNameExt extends APolicyRule } /** - * Find a particular authentication token by manager name. - * If the token is not present return null + * Find a particular authentication token by manager name. If the token is + * not present return null */ protected IAuthToken - findAuthToken(IRequest req, String authMgrName) { + findAuthToken(IRequest req, String authMgrName) { return req.getExtDataInAuthToken(IRequest.AUTH_TOKEN); } /** - * Generate a String Vector containing all the email addresses - * found in this Authentication token + * Generate a String Vector containing all the email addresses found in this + * Authentication token */ protected Vector /* of String */<String> - getEmailList(IAuthToken tok) { + getEmailList(IAuthToken tok) { Vector<String> v = new Vector<String>(); addValues(tok, "mail", v); addValues(tok, "mailalternateaddress", v); - if (v.size() == 0) return null; + if (v.size() == 0) + return null; return v; } @@ -273,10 +273,11 @@ public class SubjAltNameExt extends APolicyRule * Add attribute values from an LDAP attribute to a vector */ protected void - addValues(IAuthToken tok, String attrName, Vector<String> v) { + addValues(IAuthToken tok, String attrName, Vector<String> v) { String attr[] = tok.getInStringArray(attrName); - if (attr == null) return; + if (attr == null) + return; for (int i = 0; i < attr.length; i++) { v.addElement(attr[i]); @@ -287,8 +288,8 @@ public class SubjAltNameExt extends APolicyRule * Make a Subject name extension given a list of email addresses */ protected SubjectAlternativeNameExtension - mkExt(Vector<String> emails) - throws IOException { + mkExt(Vector<String> emails) + throws IOException { SubjectAlternativeNameExtension sa; GeneralNames gns = new GeneralNames(); @@ -304,19 +305,18 @@ public class SubjAltNameExt extends APolicyRule } /** - * Create a new SET of extensions in the certificate info - * object. - * + * Create a new SET of extensions in the certificate info object. + * * This should be a method in the X509CertInfo object */ - protected CertificateExtensions - createCertificateExtensions(X509CertInfo certInfo) - throws IOException, CertificateException { + protected CertificateExtensions + createCertificateExtensions(X509CertInfo certInfo) + throws IOException, CertificateException { CertificateExtensions extensions; // Force version to V3 - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); @@ -326,34 +326,33 @@ public class SubjAltNameExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { Vector<String> params = new Vector<String>(); - //params.addElement("PROP_AGENT_OVERR = " + mAllowAgentOverride); - //params.addElement("PROP_EE_OVERR = " + mAllowEEOverride); + // params.addElement("PROP_AGENT_OVERR = " + mAllowAgentOverride); + // params.addElement("PROP_EE_OVERR = " + mAllowEEOverride); params.addElement(PROP_CRITICAL + "=" + mCritical); // params.addElement(PROP_ENABLE_MANUAL_VALUES + " = " + - // mEnableManualValues); + // mEnableManualValues); return params; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { - Vector<String> defParams = new Vector<String> (); + public Vector<String> getDefaultParams() { + Vector<String> defParams = new Vector<String>(); - //defParams.addElement("PROP_AGENT_OVERR = " + DEF_AGENT_OVERR); - //defParams.addElement("PROP_EE_OVERR = " + DEF_EE_OVERR); + // defParams.addElement("PROP_AGENT_OVERR = " + DEF_AGENT_OVERR); + // defParams.addElement("PROP_EE_OVERR = " + DEF_EE_OVERR); defParams.addElement(PROP_CRITICAL + "=false"); // defParams.addElement(PROP_ENABLE_MANUAL_VALUES + "= false"); return defParams; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java index b9bc6059..73ac5f0b 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Enumeration; @@ -45,33 +44,31 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Subject Alternative Name extension policy. - * + * * Adds the subject alternative name extension as configured. - * - * Two forms are supported. 1) For S/MIME certificates, email - * addresses are copied from data stored in the request by the - * authentication component. Both 'e' and 'altEmail' are supported - * so that both the primary address and alternative forms may be - * certified. Only the primary goes in the subjectName position (which - * should be phased out). - * - * e - * mailAlternateAddress + * + * Two forms are supported. 1) For S/MIME certificates, email addresses are + * copied from data stored in the request by the authentication component. Both + * 'e' and 'altEmail' are supported so that both the primary address and + * alternative forms may be certified. Only the primary goes in the subjectName + * position (which should be phased out). + * + * e mailAlternateAddress * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class SubjectAltNameExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { - // (standard says SHOULD be marked critical if included.) + implements IEnrollmentPolicy, IExtendedPluginInfo { + // (standard says SHOULD be marked critical if included.) protected static final String PROP_CRITICAL = "critical"; protected static final boolean DEF_CRITICAL = false; @@ -89,11 +86,11 @@ public class SubjectAltNameExt extends APolicyRule // default params. mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL); mDefParams.addElement( - IGeneralNameUtil.PROP_NUM_GENERALNAMES + "=" + - IGeneralNameUtil.DEF_NUM_GENERALNAMES); + IGeneralNameUtil.PROP_NUM_GENERALNAMES + "=" + + IGeneralNameUtil.DEF_NUM_GENERALNAMES); for (int i = 0; i < IGeneralNameUtil.DEF_NUM_GENERALNAMES; i++) { CMS.getSubjAltNameConfigDefaultParams( - IGeneralNameUtil.PROP_GENERALNAME + i, mDefParams); + IGeneralNameUtil.PROP_GENERALNAME + i, mDefParams); } } @@ -107,16 +104,16 @@ public class SubjectAltNameExt extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ra.Policy.rule.<ruleName>.implName=SubjectAltNameExt - * ra.Policy.rule.<ruleName>.enable=true - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=SubjectAltNameExt + * ra.Policy.rule.<ruleName>.enable=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; // get criticality @@ -127,11 +124,11 @@ public class SubjectAltNameExt extends APolicyRule IPolicyProcessor.PROP_ENABLE, false); // get general names configuration. - mNumGNs = mConfig.getInteger(IGeneralNameUtil.PROP_NUM_GENERALNAMES); + mNumGNs = mConfig.getInteger(IGeneralNameUtil.PROP_NUM_GENERALNAMES); if (mNumGNs <= 0) { throw new EBaseException( - CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", - IGeneralNameUtil.PROP_NUM_GENERALNAMES)); + CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", + IGeneralNameUtil.PROP_NUM_GENERALNAMES)); } mGNs = new ISubjAltNameConfig[mNumGNs]; for (int i = 0; i < mNumGNs; i++) { @@ -144,7 +141,7 @@ public class SubjectAltNameExt extends APolicyRule // init instance params. mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical); mInstanceParams.addElement( - IGeneralNameUtil.PROP_NUM_GENERALNAMES + "=" + mNumGNs); + IGeneralNameUtil.PROP_NUM_GENERALNAMES + "=" + mNumGNs); for (int j = 0; j < mGNs.length; j++) { mGNs[j].getInstanceParams(mInstanceParams); } @@ -152,21 +149,21 @@ public class SubjectAltNameExt extends APolicyRule /** * Adds the subject alternative names extension if not set already. - * + * * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { PolicyResult res = PolicyResult.ACCEPTED; // Find the X509CertInfo object in the request - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (ci == null || ci[0] == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); return PolicyResult.REJECTED; // unrecoverable error. } @@ -186,15 +183,15 @@ public class SubjectAltNameExt extends APolicyRule try { // Find the extensions in the certInfo CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); // Remove any previously computed version of the extension - // unless it is from RA. If from RA, accept what RA put in + // unless it is from RA. If from RA, accept what RA put in // request and don't add our own. if (extensions != null) { String sourceId = req.getSourceId(); - if (sourceId != null && sourceId.length() > 0) + if (sourceId != null && sourceId.length() > 0) return res; // accepted try { extensions.delete(SubjectAlternativeNameExtension.class.getSimpleName()); @@ -223,8 +220,8 @@ public class SubjectAltNameExt extends APolicyRule } // nothing was found in request to put into extension - if (gns.size() == 0) - return res; // accepted + if (gns.size() == 0) + return res; // accepted String subject = certInfo.get(X509CertInfo.SUBJECT).toString(); @@ -233,10 +230,9 @@ public class SubjectAltNameExt extends APolicyRule if (subject.equals("")) { curCritical = true; } - - // make the extension - SubjectAlternativeNameExtension - sa = new SubjectAlternativeNameExtension(curCritical, gns); + + // make the extension + SubjectAlternativeNameExtension sa = new SubjectAlternativeNameExtension(curCritical, gns); // add it to certInfo. if (extensions == null) @@ -248,37 +244,36 @@ public class SubjectAltNameExt extends APolicyRule } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, e.getMessage()); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, e.getMessage()); return PolicyResult.REJECTED; // unrecoverable error. } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Certificate Info Error"); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Certificate Info Error"); return PolicyResult.REJECTED; // unrecoverable error. } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INTERNAL_ERROR_1", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Internal Error"); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INTERNAL_ERROR_1", e.getMessage())); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Internal Error"); return PolicyResult.REJECTED; // unrecoverable error. } } /** - * Create a new SET of extensions in the certificate info - * object. - * + * Create a new SET of extensions in the certificate info object. + * * This should be a method in the X509CertInfo object */ - protected CertificateExtensions - createCertificateExtensions(X509CertInfo certInfo) - throws IOException, CertificateException { + protected CertificateExtensions + createCertificateExtensions(X509CertInfo certInfo) + throws IOException, CertificateException { CertificateExtensions extensions; // Force version to V3 - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); @@ -288,19 +283,19 @@ public class SubjectAltNameExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { return mInstanceParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { return mDefParams; } @@ -313,22 +308,21 @@ public class SubjectAltNameExt extends APolicyRule info.addElement(IGeneralNameUtil.PROP_NUM_GENERALNAMES_INFO); for (int i = 0; i < IGeneralNameUtil.DEF_NUM_GENERALNAMES; i++) { CMS.getSubjAltNameConfigExtendedPluginInfo( - IGeneralNameUtil.PROP_GENERALNAME + i, info); + IGeneralNameUtil.PROP_GENERALNAME + i, info); } info.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-subjaltname"); + ";configuration-policyrules-subjaltname"); info.addElement(IExtendedPluginInfo.HELP_TEXT + - ";This policy inserts the Subject Alternative Name " + - "Extension into the certificate. See RFC 2459 (4.2.1.7). " + - "* Note: you probably want to use this policy in " + - "conjunction with an authentication manager which sets " + - "the 'mail' or 'mailalternateaddress' values in the authToken. " + - "See the 'ldapStringAttrs' parameter in the Directory-based " + - "authentication plugin"); + ";This policy inserts the Subject Alternative Name " + + "Extension into the certificate. See RFC 2459 (4.2.1.7). " + + "* Note: you probably want to use this policy in " + + "conjunction with an authentication manager which sets " + + "the 'mail' or 'mailalternateaddress' values in the authToken. " + + "See the 'ldapStringAttrs' parameter in the Directory-based " + + "authentication plugin"); mExtendedPluginInfo = new String[info.size()]; info.copyInto(mExtendedPluginInfo); return mExtendedPluginInfo; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java index 34821fab..2f3812fe 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Enumeration; @@ -45,20 +44,20 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Policy to add the subject directory attributes extension. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ -public class SubjectDirectoryAttributesExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { +public class SubjectDirectoryAttributesExt extends APolicyRule + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_CRITICAL = "critical"; protected static final String PROP_ATTRIBUTE = "attribute"; protected static final String PROP_NUM_ATTRIBUTES = "numAttributes"; @@ -75,7 +74,7 @@ public class SubjectDirectoryAttributesExt extends APolicyRule protected SubjectDirAttributesExtension mExt = null; protected Vector<String> mParams = new Vector<String>(); - private String[] mEPI = null; // extended plugin info + private String[] mEPI = null; // extended plugin info protected static Vector<String> mDefParams = new Vector<String>(); static { @@ -85,16 +84,16 @@ public class SubjectDirectoryAttributesExt extends APolicyRule public SubjectDirectoryAttributesExt() { NAME = "SubjectDirectoryAttributesExtPolicy"; DESC = "Sets Subject Directory Attributes Extension in certificates."; - setExtendedPluginInfo(); + setExtendedPluginInfo(); } public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { boolean enabled = config.getBoolean("enabled", false); mConfig = config; - mCritical = mConfig.getBoolean(PROP_CRITICAL, false); + mCritical = mConfig.getBoolean(PROP_CRITICAL, false); mNumAttributes = mConfig.getInteger(PROP_NUM_ATTRIBUTES, DEF_NUM_ATTRIBUTES); if (mNumAttributes < 1) { EBaseException ex = new EBaseException( @@ -110,14 +109,14 @@ public class SubjectDirectoryAttributesExt extends APolicyRule mAttributes[i] = new AttributeConfig(name, c, enabled); } - if (enabled) { + if (enabled) { try { mExt = formExt(null); } catch (IOException e) { log(ILogger.LL_FAILURE, NAME + " Error: " + e.getMessage()); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "Error forming Subject Directory Attributes Extension. " + - "See log file for details.")); + "See log file for details.")); } } setInstanceParams(); @@ -126,7 +125,7 @@ public class SubjectDirectoryAttributesExt extends APolicyRule public PolicyResult apply(IRequest req) { PolicyResult res = PolicyResult.ACCEPTED; X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (ci == null || ci[0] == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); @@ -136,7 +135,7 @@ public class SubjectDirectoryAttributesExt extends APolicyRule for (int i = 0; i < ci.length; i++) { PolicyResult r = applyCert(req, ci[i]); - if (r == PolicyResult.REJECTED) + if (r == PolicyResult.REJECTED) return r; } return PolicyResult.ACCEPTED; @@ -153,13 +152,14 @@ public class SubjectDirectoryAttributesExt extends APolicyRule if (extensions == null) { extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } else { try { extensions.delete(SubjectDirAttributesExtension.class.getSimpleName()); } catch (IOException ee) { - // if name is not found, try deleting the extension using the OID + // if name is not found, try deleting the extension using + // the OID try { extensions.delete("2.5.29.9"); } catch (IOException eee) { @@ -173,7 +173,7 @@ public class SubjectDirectoryAttributesExt extends APolicyRule } else { SubjectDirAttributesExtension ext = formExt(req); - if (ext != null) + if (ext != null) extensions.set(SubjectDirAttributesExtension.class.getSimpleName(), formExt(req)); } return PolicyResult.ACCEPTED; @@ -181,17 +181,16 @@ public class SubjectDirectoryAttributesExt extends APolicyRule log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Certificate Info Error"); + NAME, "Certificate Info Error"); return PolicyResult.REJECTED; // unrecoverable error. } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "IOException Error"); + NAME, "IOException Error"); return PolicyResult.REJECTED; - } + } } - public Vector<String> getInstanceParams() { return mParams; // inited in init() } @@ -201,12 +200,12 @@ public class SubjectDirectoryAttributesExt extends APolicyRule } public String[] getExtendedPluginInfo(Locale locale) { - return mEPI; // inited in the constructor. + return mEPI; // inited in the constructor. } private void setInstanceParams() { - mParams.addElement(PROP_CRITICAL + "=" + mCritical); - mParams.addElement(PROP_NUM_ATTRIBUTES + "=" + mNumAttributes); + mParams.addElement(PROP_CRITICAL + "=" + mCritical); + mParams.addElement(PROP_NUM_ATTRIBUTES + "=" + mNumAttributes); for (int i = 0; i < mNumAttributes; i++) { mAttributes[i].getInstanceParams(mParams); } @@ -217,8 +216,8 @@ public class SubjectDirectoryAttributesExt extends APolicyRule } private static void setDefaultParams() { - mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL); - mDefParams.addElement(PROP_NUM_ATTRIBUTES + "=" + DEF_NUM_ATTRIBUTES); + mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL); + mDefParams.addElement(PROP_NUM_ATTRIBUTES + "=" + DEF_NUM_ATTRIBUTES); for (int i = 0; i < DEF_NUM_ATTRIBUTES; i++) { AttributeConfig.getDefaultParams(PROP_ATTRIBUTE + i, mDefParams); } @@ -228,32 +227,31 @@ public class SubjectDirectoryAttributesExt extends APolicyRule Vector<String> v = new Vector<String>(); v.addElement(PROP_CRITICAL + ";boolean;" + - "RFC 2459 recommendation: MUST be non-critical."); + "RFC 2459 recommendation: MUST be non-critical."); v.addElement(PROP_NUM_ATTRIBUTES + ";number;" + - "Number of Attributes in the extension."); + "Number of Attributes in the extension."); for (int i = 0; i < MAX_NUM_ATTRIBUTES; i++) { AttributeConfig.getExtendedPluginInfo(PROP_ATTRIBUTE + i, v); } v.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-subjectdirectoryattributes"); + ";configuration-policyrules-subjectdirectoryattributes"); v.addElement(IExtendedPluginInfo.HELP_TEXT + - ";Adds Subject Directory Attributes extension. See RFC 2459 (4.2.1.9). It's not recommended as an essential part of the profile, but may be used in local environments."); + ";Adds Subject Directory Attributes extension. See RFC 2459 (4.2.1.9). It's not recommended as an essential part of the profile, but may be used in local environments."); mEPI = com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); } - private SubjectDirAttributesExtension formExt(IRequest req) - throws IOException { + private SubjectDirAttributesExtension formExt(IRequest req) + throws IOException { Vector<Attribute> attrs = new Vector<Attribute>(); // if we're called from init and one attribute is from request attribute // the ext can't be formed yet. if (req == null) { for (int i = 0; i < mNumAttributes; i++) { - if (mAttributes[i].mWhereToGetValue == - AttributeConfig.USE_REQUEST_ATTR) + if (mAttributes[i].mWhereToGetValue == AttributeConfig.USE_REQUEST_ATTR) return null; } } @@ -265,24 +263,23 @@ public class SubjectDirectoryAttributesExt extends APolicyRule // skip attribute if request attribute doesn't exist. Attribute a = mAttributes[i].formAttr(req); - if (a == null) + if (a == null) continue; attrs.addElement(a); } } - if (attrs.size() == 0) + if (attrs.size() == 0) return null; Attribute[] attrList = new Attribute[attrs.size()]; attrs.copyInto(attrList); - SubjectDirAttributesExtension ext = - new SubjectDirAttributesExtension(attrList); + SubjectDirAttributesExtension ext = + new SubjectDirAttributesExtension(attrList); return ext; } } - class AttributeConfig { protected static final String PROP_ATTRIBUTE_NAME = "attributeName"; @@ -305,21 +302,21 @@ class AttributeConfig { protected Attribute mAttribute = null; protected static final String ATTRIBUTE_NAME_INFO = "Attribute name."; - protected static final String WTG_VALUE_INFO = - PROP_WTG_VALUE + ";choice(" + USE_REQUEST_ATTR + "," + USE_FIXED + ");" + - "Get value from a request attribute or use a fixed value specified below."; - protected static final String VALUE_INFO = - PROP_VALUE + ";string;" + - "Request attribute name or a fixed value to put into the extension."; - - public AttributeConfig(String name, IConfigStore config, boolean enabled) - throws EBaseException { + protected static final String WTG_VALUE_INFO = + PROP_WTG_VALUE + ";choice(" + USE_REQUEST_ATTR + "," + USE_FIXED + ");" + + "Get value from a request attribute or use a fixed value specified below."; + protected static final String VALUE_INFO = + PROP_VALUE + ";string;" + + "Request attribute name or a fixed value to put into the extension."; + + public AttributeConfig(String name, IConfigStore config, boolean enabled) + throws EBaseException { X500NameAttrMap map = X500NameAttrMap.getDefault(); mName = name; mConfig = config; if (enabled) { - mAttributeName = mConfig.getString(PROP_ATTRIBUTE_NAME); + mAttributeName = mConfig.getString(PROP_ATTRIBUTE_NAME); mWhereToGetValue = mConfig.getString(PROP_WTG_VALUE); mValue = mConfig.getString(PROP_VALUE); } else { @@ -330,7 +327,7 @@ class AttributeConfig { if (mAttributeName.length() > 0) { mAttributeOID = map.getOid(mAttributeName); - if (mAttributeOID == null) + if (mAttributeOID == null) throw new EBaseException( CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", mAttributeName)); } @@ -345,8 +342,8 @@ class AttributeConfig { if (dot != -1) { mPrefix = mValue.substring(0, dot); mReqAttr = mValue.substring(dot + 1); - if (mPrefix == null || mPrefix.length() == 0 || - mReqAttr == null || mReqAttr.length() == 0) { + if (mPrefix == null || mPrefix.length() == 0 || + mReqAttr == null || mReqAttr.length() == 0) { throw new EBaseException( CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", mValue)); } @@ -357,17 +354,17 @@ class AttributeConfig { } else if (mWhereToGetValue.equalsIgnoreCase(USE_FIXED)) { mWhereToGetValue = USE_FIXED; if (mAttributeOID != null) { - try { - checkValue(mAttributeOID, mValue); - mAttribute = new Attribute(mAttributeOID, mValue); + try { + checkValue(mAttributeOID, mValue); + mAttribute = new Attribute(mAttributeOID, mValue); } catch (Exception e) { throw new EBaseException( CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - mAttributeName, e.getMessage())); + mAttributeName, e.getMessage())); } } } else if (enabled || mWhereToGetValue.length() > 0) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_VALUE_FOR_TYPE", PROP_WTG_VALUE, + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_VALUE_FOR_TYPE", PROP_WTG_VALUE, "Must be either '" + USE_REQUEST_ATTR + "' or '" + USE_FIXED + "'.")); } } @@ -385,7 +382,7 @@ class AttributeConfig { String attrChoices = getAllNames(); v.addElement(nameDot + PROP_ATTRIBUTE_NAME + ";choice(" + attrChoices + ");" + - ATTRIBUTE_NAME_INFO); + ATTRIBUTE_NAME_INFO); v.addElement(nameDot + WTG_VALUE_INFO); v.addElement(nameDot + VALUE_INFO); } @@ -398,21 +395,21 @@ class AttributeConfig { v.addElement(nameDot + PROP_VALUE + "=" + mValue); } - public Attribute formAttr(IRequest req) - throws IOException { + public Attribute formAttr(IRequest req) + throws IOException { String val = req.getExtDataInString(mPrefix, mReqAttr); if (val == null || val.length() == 0) { return null; } - checkValue(mAttributeOID, val); + checkValue(mAttributeOID, val); return new Attribute(mAttributeOID, val); } static private String getAllNames() { Enumeration<String> n = X500NameAttrMap.getDefault().getAllNames(); StringBuffer sb = new StringBuffer(); - sb.append( n.nextElement()); + sb.append(n.nextElement()); while (n.hasMoreElements()) { sb.append(","); @@ -421,8 +418,8 @@ class AttributeConfig { return sb.toString(); } - private static void checkValue(ObjectIdentifier oid, String val) - throws IOException { + private static void checkValue(ObjectIdentifier oid, String val) + throws IOException { AVAValueConverter c = X500NameAttrMap.getDefault().getValueConverter(oid); DerValue derval; diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectKeyIdentifierExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectKeyIdentifierExt.java index 717a6482..08d72dcb 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectKeyIdentifierExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectKeyIdentifierExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -46,21 +45,21 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * Subject Public Key Extension Policy - * Adds the subject public key id extension to certificates. + * Subject Public Key Extension Policy Adds the subject public key id extension + * to certificates. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class SubjectKeyIdentifierExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_CRITICAL = "critical"; protected static final String PROP_KEYID_TYPE = "keyIdentifierType"; protected static final String PROP_REQATTR_NAME = "requestAttrName"; @@ -90,7 +89,7 @@ public class SubjectKeyIdentifierExt extends APolicyRule mDefaultParams.addElement(PROP_KEYID_TYPE + "=" + DEF_KEYID_TYPE); /* - mDefaultParams.addElement(PROP_REQATTR_NAME+"="+DEF_REQATTR_NAME); + * mDefaultParams.addElement(PROP_REQATTR_NAME+"="+DEF_REQATTR_NAME); */ } @@ -102,17 +101,16 @@ public class SubjectKeyIdentifierExt extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.predicate= - * ca.Policy.rule.<ruleName>.implName= - * ca.Policy.rule.<ruleName>.enable=true - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.predicate= ca.Policy.rule.<ruleName>.implName= + * ca.Policy.rule.<ruleName>.enable=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; mEnabled = mConfig.getBoolean( @@ -122,56 +120,57 @@ public class SubjectKeyIdentifierExt extends APolicyRule mKeyIdType = mConfig.getString(PROP_KEYID_TYPE, DEF_KEYID_TYPE); /* - mReqAttrName = mConfig.getString(PROP_REQATTR_NAME, DEF_REQATTR_NAME); + * mReqAttrName = mConfig.getString(PROP_REQATTR_NAME, + * DEF_REQATTR_NAME); */ // parse key id type - if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_SHA1)) + if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_SHA1)) mKeyIdType = KEYID_TYPE_SHA1; - else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_TYPEFIELD)) + else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_TYPEFIELD)) mKeyIdType = KEYID_TYPE_TYPEFIELD; - /* - else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_REQATTR) - mKeyIdType = KEYID_TYPE_REQATTR; - */ - else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_SPKISHA1)) + /* + * else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_REQATTR) mKeyIdType = + * KEYID_TYPE_REQATTR; + */ + else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_SPKISHA1)) mKeyIdType = KEYID_TYPE_SPKISHA1; else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("KRA_UNKNOWN_KEY_ID_TYPE", mKeyIdType)); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - PROP_KEYID_TYPE, + log(ILogger.LL_FAILURE, + CMS.getLogMessage("KRA_UNKNOWN_KEY_ID_TYPE", mKeyIdType)); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", + PROP_KEYID_TYPE, "value must be one of " + - KEYID_TYPE_SHA1 + ", " + - KEYID_TYPE_TYPEFIELD + ", " + - KEYID_TYPE_SPKISHA1)); + KEYID_TYPE_SHA1 + ", " + + KEYID_TYPE_TYPEFIELD + ", " + + KEYID_TYPE_SPKISHA1)); } - // form instance params + // form instance params mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical); mInstanceParams.addElement(PROP_KEYID_TYPE + "=" + mKeyIdType); /* - mInstanceParams.addElement(PROP_REQATTR_NAME+"="+mReqAttrName); + * mInstanceParams.addElement(PROP_REQATTR_NAME+"="+mReqAttrName); */ } /** - * Adds Subject Key identifier Extension to a certificate. - * If the extension is already there, accept it. - * - * @param req The request on which to apply policy. + * Adds Subject Key identifier Extension to a certificate. If the extension + * is already there, accept it. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { // get certInfo from request. - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); - + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + if (ci == null || ci[0] == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); - return PolicyResult.REJECTED; + return PolicyResult.REJECTED; } for (int i = 0; i < ci.length; i++) { @@ -189,7 +188,7 @@ public class SubjectKeyIdentifierExt extends APolicyRule // if subject key id extension already exists, leave it if approved. SubjectKeyIdentifierExtension subjectKeyIdExt = null; CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); try { if (extensions != null) { @@ -197,19 +196,19 @@ public class SubjectKeyIdentifierExt extends APolicyRule extensions.get(SubjectKeyIdentifierExtension.class.getSimpleName()); } } catch (IOException e) { - // extension isn't there. + // extension isn't there. } if (subjectKeyIdExt != null) { if (agentApproved(req)) { CMS.debug( - "SubjectKeyIdentifierExt: agent approved request id " + req.getRequestId() + - " already has subject key id extension with value " + - subjectKeyIdExt); + "SubjectKeyIdentifierExt: agent approved request id " + req.getRequestId() + + " already has subject key id extension with value " + + subjectKeyIdExt); return PolicyResult.ACCEPTED; } else { CMS.debug( - "SubjectKeyIdentifierExt: request id from user " + req.getRequestId() + - " had subject key identifier - deleted to be replaced"); + "SubjectKeyIdentifierExt: request id from user " + req.getRequestId() + + " had subject key identifier - deleted to be replaced"); extensions.delete(SubjectKeyIdentifierExtension.class.getSimpleName()); } } @@ -217,38 +216,38 @@ public class SubjectKeyIdentifierExt extends APolicyRule // create subject key id extension. KeyIdentifier keyId = null; - try { - keyId = formKeyIdentifier(certInfo, req); + try { + keyId = formKeyIdentifier(certInfo, req); } catch (EBaseException e) { setPolicyException(req, e); return PolicyResult.REJECTED; } - subjectKeyIdExt = + subjectKeyIdExt = new SubjectKeyIdentifierExtension( - mCritical, keyId.getIdentifier()); + mCritical, keyId.getIdentifier()); // add subject key id extension. if (extensions == null) { certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } extensions.set( - SubjectKeyIdentifierExtension.class.getSimpleName(), subjectKeyIdExt); + SubjectKeyIdentifierExtension.class.getSimpleName(), subjectKeyIdExt); CMS.debug( - "SubjectKeyIdentifierExt: added subject key id ext to request " + req.getRequestId()); + "SubjectKeyIdentifierExt: added subject key id ext to request " + req.getRequestId()); return PolicyResult.ACCEPTED; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR,NAME", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, e.getMessage()); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR,NAME", e.getMessage())); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, e.getMessage()); return PolicyResult.REJECTED; } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Certificate Info Error"); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Certificate Info Error"); return PolicyResult.REJECTED; } } @@ -256,12 +255,13 @@ public class SubjectKeyIdentifierExt extends APolicyRule /** * Form the Key Identifier in the Subject Key Identifier extension. * <p> + * * @param certInfo Certificate Info * @param req request * @return A Key Identifier. */ protected KeyIdentifier formKeyIdentifier( - X509CertInfo certInfo, IRequest req) throws EBaseException { + X509CertInfo certInfo, IRequest req) throws EBaseException { KeyIdentifier keyId = null; if (mKeyIdType == KEYID_TYPE_SHA1) { @@ -269,10 +269,9 @@ public class SubjectKeyIdentifierExt extends APolicyRule } else if (mKeyIdType == KEYID_TYPE_TYPEFIELD) { keyId = formTypeFieldKeyId(certInfo); } /* - else if (mKeyIdType == KEYID_TYPE_REQATTR) { - keyId = formReqAttrKeyId(certInfo, req); - } - */ else if (mKeyIdType == KEYID_TYPE_SPKISHA1) { + * else if (mKeyIdType == KEYID_TYPE_REQATTR) { keyId = + * formReqAttrKeyId(certInfo, req); } + */else if (mKeyIdType == KEYID_TYPE_SPKISHA1) { keyId = formSpkiSHA1KeyId(certInfo); } else { throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", @@ -282,22 +281,23 @@ public class SubjectKeyIdentifierExt extends APolicyRule } /** - * Form key identifier from a type field value of 0100 followed by - * the least significate 60 bits of the sha-1 hash of the subject - * public key BIT STRING in accordance with RFC 2459. + * Form key identifier from a type field value of 0100 followed by the least + * significate 60 bits of the sha-1 hash of the subject public key BIT + * STRING in accordance with RFC 2459. * <p> + * * @param certInfo - certificate info * @return A Key Identifier with value formulatd as described. */ protected KeyIdentifier formTypeFieldKeyId(X509CertInfo certInfo) - throws EBaseException { + throws EBaseException { KeyIdentifier keyId = null; X509Key key = null; try { CertificateX509Key certKey = - (CertificateX509Key) certInfo.get(X509CertInfo.KEY); + (CertificateX509Key) certInfo.get(X509CertInfo.KEY); if (certKey == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", NAME)); @@ -309,13 +309,13 @@ public class SubjectKeyIdentifierExt extends APolicyRule throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_MISSING_KEY", NAME)); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_GET_KEY_FROM_CERT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_GET_KEY_FROM_CERT", e.toString())); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME)); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_GET_KEY_FROM_CERT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_GET_KEY_FROM_CERT", e.toString())); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME)); } @@ -330,8 +330,8 @@ public class SubjectKeyIdentifierExt extends APolicyRule octetString[0] &= (0x08f & octetString[0]); keyId = new KeyIdentifier(octetString); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME)); } @@ -340,40 +340,39 @@ public class SubjectKeyIdentifierExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { return mInstanceParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { return mDefaultParams; } /** - * Gets extended plugin info for pretty Console displays. + * Gets extended plugin info for pretty Console displays. */ public String[] getExtendedPluginInfo(Locale locale) { String[] params = { PROP_CRITICAL + ";boolean;RFC 2459 recommendation: MUST NOT be marked critical.", PROP_KEYID_TYPE + ";" + - "choice(" + KEYID_TYPE_SHA1 + "," + - KEYID_TYPE_TYPEFIELD + "," + - KEYID_TYPE_SPKISHA1 + ");" + - "Method to derive the Key Identifier.", + "choice(" + KEYID_TYPE_SHA1 + "," + + KEYID_TYPE_TYPEFIELD + "," + + KEYID_TYPE_SPKISHA1 + ");" + + "Method to derive the Key Identifier.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-subjectkeyidentifier", + ";configuration-policyrules-subjectkeyidentifier", IExtendedPluginInfo.HELP_TEXT + - ";Adds the Subject Key Identifier extension. See RFC 2459 (4.2.1.2)" + ";Adds the Subject Key Identifier extension. See RFC 2459 (4.2.1.2)" }; return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java index 68c706f5..63032d99 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import java.util.Enumeration; import java.util.Hashtable; import java.util.Locale; @@ -49,10 +48,9 @@ import com.netscape.certsrv.registry.IPluginRegistry; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestStatus; - /** * This class implements a basic profile. - * + * * @version $Revision$, $Date$ */ public abstract class BasicProfile implements IProfile { @@ -76,8 +74,8 @@ public abstract class BasicProfile implements IProfile { public static final String PROP_NAME = "name"; public static final String PROP_DESC = "desc"; public static final String PROP_NO_DEFAULT = "noDefaultImpl"; - public static final String PROP_NO_CONSTRAINT= "noConstraintImpl"; - public static final String PROP_GENERIC_EXT_DEFAULT= "genericExtDefaultImpl"; + public static final String PROP_NO_CONSTRAINT = "noConstraintImpl"; + public static final String PROP_GENERIC_EXT_DEFAULT = "genericExtDefaultImpl"; protected IProfileSubsystem mOwner = null; protected IConfigStore mConfig = null; @@ -145,19 +143,19 @@ public abstract class BasicProfile implements IProfile { public IProfileAuthenticator getAuthenticator() throws EProfileException { try { IAuthSubsystem authSub = (IAuthSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); IProfileAuthenticator auth = (IProfileAuthenticator) - authSub.get(mAuthInstanceId); + authSub.get(mAuthInstanceId); - if (mAuthInstanceId != null && mAuthInstanceId.length() > 0 - && auth == null) { - throw new EProfileException("Cannot load " + + if (mAuthInstanceId != null && mAuthInstanceId.length() > 0 + && auth == null) { + throw new EProfileException("Cannot load " + mAuthInstanceId); } return auth; } catch (Exception e) { if (mAuthInstanceId != null) { - throw new EProfileException("Cannot load " + + throw new EProfileException("Cannot load " + mAuthInstanceId); } return null; @@ -167,7 +165,7 @@ public abstract class BasicProfile implements IProfile { public String getRequestorDN(IRequest request) { return null; } - + public String getAuthenticatorId() { return mAuthInstanceId; } @@ -185,7 +183,7 @@ public abstract class BasicProfile implements IProfile { * Initializes this profile. */ public void init(IProfileSubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { CMS.debug("BasicProfile: start init"); mOwner = owner; mConfig = config; @@ -204,17 +202,18 @@ public abstract class BasicProfile implements IProfile { // policy.p1.default.class=com.netscape.cms.profile.defaults.SubjectName // policy.p1.default.params.x1=x1 // policy.p1.default.params.x2=x2 - // policy.p1.constraint.class= ... .cms.profile.constraints.ValidityRange + // policy.p1.constraint.class= ... + // .cms.profile.constraints.ValidityRange // policy.p1.constraint.params.x1=x1 // policy.p1.constraint.params.x2=x2 - // handle profile authentication plugins + // handle profile authentication plugins try { mAuthInstanceId = config.getString("auth." + PROP_INSTANCE_ID, null); mAuthzAcl = config.getString("authz.acl", ""); } catch (EBaseException e) { CMS.debug("BasicProfile: authentication class not found " + - e.toString()); + e.toString()); } // handle profile input plugins @@ -224,7 +223,7 @@ public abstract class BasicProfile implements IProfile { while (input_st.hasMoreTokens()) { String input_id = (String) input_st.nextToken(); - String inputClassId = inputStore.getString(input_id + "." + + String inputClassId = inputStore.getString(input_id + "." + PROP_CLASS_ID); IPluginInfo inputInfo = mRegistry.getPluginInfo("profileInput", inputClassId); @@ -234,12 +233,12 @@ public abstract class BasicProfile implements IProfile { try { input = (IProfileInput) - Class.forName(inputClass).newInstance(); + Class.forName(inputClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: input plugin Class.forName " + - inputClass + " " + e.toString()); - throw new EBaseException( e.toString() ); + CMS.debug("BasicProfile: input plugin Class.forName " + + inputClass + " " + e.toString()); + throw new EBaseException(e.toString()); } IConfigStore inputConfig = inputStore.getSubStore(input_id); input.init(this, inputConfig); @@ -255,7 +254,7 @@ public abstract class BasicProfile implements IProfile { while (output_st.hasMoreTokens()) { String output_id = (String) output_st.nextToken(); - String outputClassId = outputStore.getString(output_id + "." + + String outputClassId = outputStore.getString(output_id + "." + PROP_CLASS_ID); IPluginInfo outputInfo = mRegistry.getPluginInfo("profileOutput", outputClassId); @@ -265,12 +264,12 @@ public abstract class BasicProfile implements IProfile { try { output = (IProfileOutput) - Class.forName(outputClass).newInstance(); + Class.forName(outputClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: output plugin Class.forName " + - outputClass + " " + e.toString()); - throw new EBaseException( e.toString() ); + CMS.debug("BasicProfile: output plugin Class.forName " + + outputClass + " " + e.toString()); + throw new EBaseException(e.toString()); } IConfigStore outputConfig = outputStore.getSubStore(output_id); output.init(this, outputConfig); @@ -286,7 +285,7 @@ public abstract class BasicProfile implements IProfile { while (updater_st.hasMoreTokens()) { String updater_id = (String) updater_st.nextToken(); - String updaterClassId = updaterStore.getString(updater_id + "." + + String updaterClassId = updaterStore.getString(updater_id + "." + PROP_CLASS_ID); IPluginInfo updaterInfo = mRegistry.getPluginInfo("profileUpdater", updaterClassId); @@ -296,12 +295,12 @@ public abstract class BasicProfile implements IProfile { try { updater = (IProfileUpdater) - Class.forName(updaterClass).newInstance(); + Class.forName(updaterClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: updater plugin Class.forName " + - updaterClass + " " + e.toString()); - throw new EBaseException( e.toString() ); + CMS.debug("BasicProfile: updater plugin Class.forName " + + updaterClass + " " + e.toString()); + throw new EBaseException(e.toString()); } IConfigStore updaterConfig = updaterStore.getSubStore(updater_id); updater.init(this, updaterConfig); @@ -325,15 +324,15 @@ public abstract class BasicProfile implements IProfile { String id = (String) st1.nextToken(); String defaultRoot = id + "." + PROP_DEFAULT; - String defaultClassId = policyStore.getString(defaultRoot + "." + + String defaultClassId = policyStore.getString(defaultRoot + "." + PROP_CLASS_ID); String constraintRoot = id + "." + PROP_CONSTRAINT; - String constraintClassId = - policyStore.getString(constraintRoot + "." + PROP_CLASS_ID); + String constraintClassId = + policyStore.getString(constraintRoot + "." + PROP_CLASS_ID); - createProfilePolicy(setId, id, defaultClassId, - constraintClassId, false); + createProfilePolicy(setId, id, defaultClassId, + constraintClassId, false); } } CMS.debug("BasicProfile: done init"); @@ -380,20 +379,20 @@ public abstract class BasicProfile implements IProfile { } public String getInput(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { return null; } public void setInput(String name, Locale locale, IRequest request, - String value) throws EProfileException { + String value) throws EProfileException { } public Enumeration<String> getProfilePolicySetIds() { return mPolicySet.keys(); } - public void deleteProfilePolicy(String setId, String policyId) - throws EProfileException { + public void deleteProfilePolicy(String setId, String policyId) + throws EProfileException { Vector<ProfilePolicy> policies = mPolicySet.get(setId); if (policies == null) { @@ -443,10 +442,10 @@ public abstract class BasicProfile implements IProfile { while (st1.hasMoreTokens()) { String e = st1.nextToken(); - if (!e.equals(setId)) + if (!e.equals(setId)) newlist1 = newlist1 + e + ","; } - if (!newlist1.equals("")) + if (!newlist1.equals("")) newlist1 = newlist1.substring(0, newlist1.length() - 1); policySetSubStore.putString(PROP_POLICY_LIST, newlist1); } @@ -454,8 +453,8 @@ public abstract class BasicProfile implements IProfile { } } - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (Exception e) { } @@ -496,8 +495,8 @@ public abstract class BasicProfile implements IProfile { mInputs.remove(inputId); mConfig.putString("input." + PROP_INPUT_LIST, newlist); - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (Exception e) { } @@ -537,24 +536,23 @@ public abstract class BasicProfile implements IProfile { mOutputs.remove(outputId); mConfig.putString("output." + PROP_OUTPUT_LIST, newlist); - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (Exception e) { } } - public IProfileOutput createProfileOutput(String id, String outputId, - NameValuePairs nvps) - throws EProfileException { - return createProfileOutput(id, outputId, nvps, true); + public IProfileOutput createProfileOutput(String id, String outputId, + NameValuePairs nvps) + throws EProfileException { + return createProfileOutput(id, outputId, nvps, true); } public IProfileOutput createProfileOutput(String id, String outputId, - NameValuePairs nvps, boolean createConfig) + NameValuePairs nvps, boolean createConfig) - - throws EProfileException { + throws EProfileException { IConfigStore outputStore = mConfig.getSubStore("output"); String output_list = null; @@ -618,7 +616,7 @@ public abstract class BasicProfile implements IProfile { String prefix = id + "."; outputStore.putString(prefix + "name", - outputInfo.getName(Locale.getDefault())); + outputInfo.getName(Locale.getDefault())); outputStore.putString(prefix + "class_id", outputId); Enumeration<String> enum1 = nvps.getNames(); @@ -628,17 +626,17 @@ public abstract class BasicProfile implements IProfile { outputStore.putString(prefix + "params." + name, nvps.getValue(name)); try { - if (output != null) { - output.setConfig(name, nvps.getValue(name)); - } + if (output != null) { + output.setConfig(name, nvps.getValue(name)); + } } catch (EBaseException e) { - CMS.debug(e.toString()); + CMS.debug(e.toString()); } } try { - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (EBaseException e) { CMS.debug(e.toString()); @@ -648,15 +646,15 @@ public abstract class BasicProfile implements IProfile { return output; } - public IProfileInput createProfileInput(String id, String inputId, - NameValuePairs nvps) - throws EProfileException { - return createProfileInput(id, inputId, nvps, true); + public IProfileInput createProfileInput(String id, String inputId, + NameValuePairs nvps) + throws EProfileException { + return createProfileInput(id, inputId, nvps, true); } public IProfileInput createProfileInput(String id, String inputId, - NameValuePairs nvps, boolean createConfig) - throws EProfileException { + NameValuePairs nvps, boolean createConfig) + throws EProfileException { IConfigStore inputStore = mConfig.getSubStore("input"); String input_list = null; @@ -720,10 +718,10 @@ public abstract class BasicProfile implements IProfile { } String prefix = id + "."; - inputStore.putString(prefix + "name", - inputInfo.getName(Locale.getDefault())); + inputStore.putString(prefix + "name", + inputInfo.getName(Locale.getDefault())); inputStore.putString(prefix + "class_id", inputId); - + Enumeration<String> enum1 = nvps.getNames(); while (enum1.hasMoreElements()) { @@ -731,17 +729,17 @@ public abstract class BasicProfile implements IProfile { inputStore.putString(prefix + "params." + name, nvps.getValue(name)); try { - if (input != null) { - input.setConfig(name, nvps.getValue(name)); - } + if (input != null) { + input.setConfig(name, nvps.getValue(name)); + } } catch (EBaseException e) { - CMS.debug(e.toString()); + CMS.debug(e.toString()); } } try { - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (EBaseException e) { CMS.debug(e.toString()); @@ -754,33 +752,36 @@ public abstract class BasicProfile implements IProfile { /** * Creates a profile policy */ - public IProfilePolicy createProfilePolicy(String setId, String id, - String defaultClassId, String constraintClassId) - throws EProfileException { - return createProfilePolicy(setId, id, defaultClassId, + public IProfilePolicy createProfilePolicy(String setId, String id, + String defaultClassId, String constraintClassId) + throws EProfileException { + return createProfilePolicy(setId, id, defaultClassId, constraintClassId, true); } - public IProfilePolicy createProfilePolicy(String setId, String id, - String defaultClassId, String constraintClassId, - boolean createConfig) - throws EProfileException { - + public IProfilePolicy createProfilePolicy(String setId, String id, + String defaultClassId, String constraintClassId, + boolean createConfig) + throws EProfileException { + // String setId ex: policyset.set1 - // String id Id of policy : examples: p1,p2,p3 - // String defaultClassId : id of the default plugin ex: validityDefaultImpl - // String constraintClassId : if of the constraint plugin ex: basicConstraintsExtConstraintImpl - // boolean createConfig : true : being called from the console. false: being called from server startup code + // String id Id of policy : examples: p1,p2,p3 + // String defaultClassId : id of the default plugin ex: + // validityDefaultImpl + // String constraintClassId : if of the constraint plugin ex: + // basicConstraintsExtConstraintImpl + // boolean createConfig : true : being called from the console. false: + // being called from server startup code - Vector<ProfilePolicy> policies = mPolicySet.get(setId); + Vector<ProfilePolicy> policies = mPolicySet.get(setId); IConfigStore policyStore = mConfig.getSubStore("policyset." + setId); if (policies == null) { policies = new Vector<ProfilePolicy>(); mPolicySet.put(setId, policies); - if (createConfig) { + if (createConfig) { // re-create policyset.list - StringBuffer setlist =new StringBuffer(); + StringBuffer setlist = new StringBuffer(); Enumeration<String> keys = mPolicySet.keys(); while (keys.hasMoreElements()) { @@ -794,62 +795,62 @@ public abstract class BasicProfile implements IProfile { mConfig.putString("policyset.list", setlist.toString()); } } else { - String ids = null; + String ids = null; - try { - ids = policyStore.getString(PROP_POLICY_LIST, ""); - } catch (Exception ee) { - } + try { + ids = policyStore.getString(PROP_POLICY_LIST, ""); + } catch (Exception ee) { + } - if( ids == null ) { - CMS.debug("BasicProfile::createProfilePolicy() - ids is null!" ); - return null; - } + if (ids == null) { + CMS.debug("BasicProfile::createProfilePolicy() - ids is null!"); + return null; + } - StringTokenizer st1 = new StringTokenizer(ids, ","); - int appearances = 0; - int appearancesTooMany = 0; - if (createConfig) - appearancesTooMany = 1; - else - appearancesTooMany = 2; + StringTokenizer st1 = new StringTokenizer(ids, ","); + int appearances = 0; + int appearancesTooMany = 0; + if (createConfig) + appearancesTooMany = 1; + else + appearancesTooMany = 2; - while (st1.hasMoreTokens()) { - String pid = st1.nextToken(); - if (pid.equals(id)) { - appearances++; - if (appearances >= appearancesTooMany) { - CMS.debug("WARNING detected duplicate policy id: " + id + " Profile: " + mId); - if (createConfig) { - throw new EProfileException("Duplicate policy id: " + id); - } + while (st1.hasMoreTokens()) { + String pid = st1.nextToken(); + if (pid.equals(id)) { + appearances++; + if (appearances >= appearancesTooMany) { + CMS.debug("WARNING detected duplicate policy id: " + id + " Profile: " + mId); + if (createConfig) { + throw new EProfileException("Duplicate policy id: " + id); } } } + } } // Now make sure we aren't trying to add a policy that already exists IConfigStore policySetStore = mConfig.getSubStore("policyset"); - String setlist = null; + String setlist = null; try { setlist = policySetStore.getString("list", ""); } catch (Exception e) { } StringTokenizer st = new StringTokenizer(setlist, ","); - int matches = 0; + int matches = 0; while (st.hasMoreTokens()) { String sId = (String) st.nextToken(); - //Only search the setId set. Ex: encryptionCertSet + // Only search the setId set. Ex: encryptionCertSet if (!sId.equals(setId)) { continue; } IConfigStore pStore = policySetStore.getSubStore(sId); - + String list = null; try { - list = pStore.getString(PROP_POLICY_LIST, ""); + list = pStore.getString(PROP_POLICY_LIST, ""); } catch (Exception e) { CMS.debug("WARNING, can't get policy id list!"); } @@ -862,9 +863,9 @@ public abstract class BasicProfile implements IProfile { String defaultRoot = curId + "." + PROP_DEFAULT; String curDefaultClassId = null; try { - curDefaultClassId = pStore.getString(defaultRoot + "." + - PROP_CLASS_ID); - } catch(Exception e) { + curDefaultClassId = pStore.getString(defaultRoot + "." + + PROP_CLASS_ID); + } catch (Exception e) { CMS.debug("WARNING, can't get default plugin id!"); } @@ -876,24 +877,23 @@ public abstract class BasicProfile implements IProfile { CMS.debug("WARNING, can't get constraint plugin id!"); } - //Disallow duplicate defaults with the following exceptions: + // Disallow duplicate defaults with the following exceptions: // noDefaultImpl, genericExtDefaultImpl - if ((curDefaultClassId.equals(defaultClassId) && - !curDefaultClassId.equals(PROP_NO_DEFAULT) && - !curDefaultClassId.equals(PROP_GENERIC_EXT_DEFAULT)) ) { + if ((curDefaultClassId.equals(defaultClassId) && + !curDefaultClassId.equals(PROP_NO_DEFAULT) && !curDefaultClassId.equals(PROP_GENERIC_EXT_DEFAULT))) { matches++; if (createConfig) { if (matches == 1) { - CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId + - " Contact System Administrator."); - throw new EProfileException("Attempt to add duplicate Policy : " + defaultClassId + ":" + constraintClassId); + CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId + + " Contact System Administrator."); + throw new EProfileException("Attempt to add duplicate Policy : " + defaultClassId + ":" + constraintClassId); } } else { - if( matches > 1) { - CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId + - " Contact System Administrator."); + if (matches > 1) { + CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId + + " Contact System Administrator."); } } } @@ -919,8 +919,8 @@ public abstract class BasicProfile implements IProfile { Class.forName(defaultClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: default policy " + - defaultClass + " " + e.toString()); + CMS.debug("BasicProfile: default policy " + + defaultClass + " " + e.toString()); } if (def == null) { CMS.debug("BasicProfile: failed to create " + defaultClass); @@ -931,7 +931,7 @@ public abstract class BasicProfile implements IProfile { def.init(this, defStore); } - IPluginInfo conInfo = mRegistry.getPluginInfo("constraintPolicy", + IPluginInfo conInfo = mRegistry.getPluginInfo("constraintPolicy", constraintClassId); String constraintClass = conInfo.getClassName(); IPolicyConstraint constraint = null; @@ -941,8 +941,8 @@ public abstract class BasicProfile implements IProfile { Class.forName(constraintClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: constraint policy " + - constraintClass + " " + e.toString()); + CMS.debug("BasicProfile: constraint policy " + + constraintClass + " " + e.toString()); } ProfilePolicy policy = null; if (constraint == null) { @@ -968,21 +968,21 @@ public abstract class BasicProfile implements IProfile { } else { policyStore.putString(PROP_POLICY_LIST, list + "," + id); } - policyStore.putString(id + ".default.name", - defInfo.getName(Locale.getDefault())); - policyStore.putString(id + ".default.class_id", - defaultClassId); - policyStore.putString(id + ".constraint.name", - conInfo.getName(Locale.getDefault())); - policyStore.putString(id + ".constraint.class_id", - constraintClassId); + policyStore.putString(id + ".default.name", + defInfo.getName(Locale.getDefault())); + policyStore.putString(id + ".default.class_id", + defaultClassId); + policyStore.putString(id + ".constraint.name", + conInfo.getName(Locale.getDefault())); + policyStore.putString(id + ".constraint.class_id", + constraintClassId); try { - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); policyStore.commit(false); } catch (EBaseException e) { - CMS.debug("BasicProfile: commiting config store " + - e.toString()); + CMS.debug("BasicProfile: commiting config store " + + e.toString()); } } @@ -990,7 +990,7 @@ public abstract class BasicProfile implements IProfile { } public IProfilePolicy getProfilePolicy(String setId, String id) { - Vector<ProfilePolicy> policies = mPolicySet.get(setId); + Vector<ProfilePolicy> policies = mPolicySet.get(setId); if (policies == null) return null; @@ -1038,7 +1038,7 @@ public abstract class BasicProfile implements IProfile { * Creates request. */ public abstract IRequest[] createRequests(IProfileContext ctx, Locale locale) - throws EProfileException; + throws EProfileException; /** * Returns the profile description. @@ -1056,54 +1056,54 @@ public abstract class BasicProfile implements IProfile { } public void populateInput(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { Enumeration<String> ids = getProfileInputIds(); while (ids.hasMoreElements()) { String id = (String) ids.nextElement(); - IProfileInput input = getProfileInput(id); + IProfileInput input = getProfileInput(id); input.populate(ctx, request); } } public Vector<ProfilePolicy> getPolicies(String setId) { - Vector<ProfilePolicy> policies = mPolicySet.get(setId); + Vector<ProfilePolicy> policies = mPolicySet.get(setId); return policies; } /** - * Passes the request to the set of default policies that - * populate the profile information against the profile. - */ + * Passes the request to the set of default policies that populate the + * profile information against the profile. + */ public void populate(IRequest request) - throws EProfileException { + throws EProfileException { String setId = getPolicySetId(request); Vector<ProfilePolicy> policies = getPolicies(setId); - CMS.debug("BasicProfile: populate() policy setid ="+ setId); + CMS.debug("BasicProfile: populate() policy setid =" + setId); for (int i = 0; i < policies.size(); i++) { ProfilePolicy policy = (ProfilePolicy) - policies.elementAt(i); + policies.elementAt(i); policy.getDefault().populate(request); } } /** - * Passes the request to the set of constraint policies - * that validate the request against the profile. - */ + * Passes the request to the set of constraint policies that validate the + * request against the profile. + */ public void validate(IRequest request) - throws ERejectException { + throws ERejectException { String setId = getPolicySetId(request); - CMS.debug("BasicProfile: validate start on setId="+ setId); + CMS.debug("BasicProfile: validate start on setId=" + setId); Vector<ProfilePolicy> policies = getPolicies(setId); for (int i = 0; i < policies.size(); i++) { ProfilePolicy policy = (ProfilePolicy) - policies.elementAt(i); + policies.elementAt(i); policy.getConstraint().validate(request); } @@ -1130,24 +1130,24 @@ public abstract class BasicProfile implements IProfile { for (int i = 0; i < policies.size(); i++) { ProfilePolicy policy = (ProfilePolicy) - policies.elementAt(i); + policies.elementAt(i); - v.addElement(policy.getId()); + v.addElement(policy.getId()); } return v.elements(); } public void execute(IRequest request) - throws EProfileException { + throws EProfileException { } /** * Signed Audit Log - * - * This method is inherited by all extended "BasicProfile"s, - * and is called to store messages to the signed audit log. + * + * This method is inherited by all extended "BasicProfile"s, and is called + * to store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -1159,20 +1159,19 @@ public abstract class BasicProfile implements IProfile { } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Subject ID - * - * This method is inherited by all extended "BasicProfile"s, - * and is called to obtain the "SubjectID" for - * a signed audit log message. + * + * This method is inherited by all extended "BasicProfile"s, and is called + * to obtain the "SubjectID" for a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -1202,4 +1201,3 @@ public abstract class BasicProfile implements IProfile { return subjectID; } } - diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java index 681f2b4a..72c0aebe 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.NameValuePairs; @@ -28,103 +27,101 @@ import com.netscape.certsrv.profile.IProfileInput; import com.netscape.certsrv.profile.IProfileOutput; import com.netscape.certsrv.profile.IProfilePolicy; - /** - * This class implements a Certificate Manager enrollment - * profile for CA Certificates. - * + * This class implements a Certificate Manager enrollment profile for CA + * Certificates. + * * @version $Revision$, $Date$ */ -public class CACertCAEnrollProfile extends CAEnrollProfile - implements IProfileEx { +public class CACertCAEnrollProfile extends CAEnrollProfile + implements IProfileEx { /** - * Called after initialization. It populates default - * policies, inputs, and outputs. + * Called after initialization. It populates default policies, inputs, and + * outputs. */ - public void populate() throws EBaseException - { + public void populate() throws EBaseException { // create inputs NameValuePairs inputParams1 = new NameValuePairs(); - IProfileInput input1 = - createProfileInput("i1", "certReqInputImpl", inputParams1); + IProfileInput input1 = + createProfileInput("i1", "certReqInputImpl", inputParams1); NameValuePairs inputParams2 = new NameValuePairs(); - IProfileInput input2 = - createProfileInput("i2", "submitterInfoInputImpl", inputParams2); + IProfileInput input2 = + createProfileInput("i2", "submitterInfoInputImpl", inputParams2); - // create outputs + // create outputs NameValuePairs outputParams1 = new NameValuePairs(); - IProfileOutput output1 = - createProfileOutput("o1", "certOutputImpl", outputParams1); + IProfileOutput output1 = + createProfileOutput("o1", "certOutputImpl", outputParams1); // create policies IProfilePolicy policy1 = - createProfilePolicy("set1", "p1", - "userSubjectNameDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p1", + "userSubjectNameDefaultImpl", "noConstraintImpl"); IPolicyDefault def1 = policy1.getDefault(); IConfigStore defConfig1 = def1.getConfigStore(); IPolicyConstraint con1 = policy1.getConstraint(); IConfigStore conConfig1 = con1.getConfigStore(); IProfilePolicy policy2 = - createProfilePolicy("set1", "p2", - "validityDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p2", + "validityDefaultImpl", "noConstraintImpl"); IPolicyDefault def2 = policy2.getDefault(); IConfigStore defConfig2 = def2.getConfigStore(); - defConfig2.putString("params.range","180"); - defConfig2.putString("params.startTime","0"); + defConfig2.putString("params.range", "180"); + defConfig2.putString("params.startTime", "0"); IPolicyConstraint con2 = policy2.getConstraint(); IConfigStore conConfig2 = con2.getConfigStore(); IProfilePolicy policy3 = - createProfilePolicy("set1", "p3", - "userKeyDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p3", + "userKeyDefaultImpl", "noConstraintImpl"); IPolicyDefault def3 = policy3.getDefault(); IConfigStore defConfig3 = def3.getConfigStore(); - defConfig3.putString("params.keyType","RSA"); - defConfig3.putString("params.keyMinLength","512"); - defConfig3.putString("params.keyMaxLength","4096"); + defConfig3.putString("params.keyType", "RSA"); + defConfig3.putString("params.keyMinLength", "512"); + defConfig3.putString("params.keyMaxLength", "4096"); IPolicyConstraint con3 = policy3.getConstraint(); IConfigStore conConfig3 = con3.getConfigStore(); IProfilePolicy policy4 = - createProfilePolicy("set1", "p4", - "signingAlgDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p4", + "signingAlgDefaultImpl", "noConstraintImpl"); IPolicyDefault def4 = policy4.getDefault(); IConfigStore defConfig4 = def4.getConfigStore(); - defConfig4.putString("params.signingAlg","-"); + defConfig4.putString("params.signingAlg", "-"); defConfig4.putString("params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA256withEC,SHA384withEC,SHA512withEC"); + "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA256withEC,SHA384withEC,SHA512withEC"); IPolicyConstraint con4 = policy4.getConstraint(); IConfigStore conConfig4 = con4.getConfigStore(); // extensions IProfilePolicy policy5 = - createProfilePolicy("set1", "p5", - "keyUsageExtDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p5", + "keyUsageExtDefaultImpl", "noConstraintImpl"); IPolicyDefault def5 = policy5.getDefault(); IConfigStore defConfig5 = def5.getConfigStore(); - defConfig5.putString("params.keyUsageCritical","true"); - defConfig5.putString("params.keyUsageCrlSign","true"); - defConfig5.putString("params.keyUsageDataEncipherment","false"); - defConfig5.putString("params.keyUsageDecipherOnly","false"); - defConfig5.putString("params.keyUsageDigitalSignature","true"); - defConfig5.putString("params.keyUsageEncipherOnly","false"); - defConfig5.putString("params.keyUsageKeyAgreement","false"); - defConfig5.putString("params.keyUsageKeyCertSign","true"); - defConfig5.putString("params.keyUsageKeyEncipherment","false"); - defConfig5.putString("params.keyUsageNonRepudiation","true"); + defConfig5.putString("params.keyUsageCritical", "true"); + defConfig5.putString("params.keyUsageCrlSign", "true"); + defConfig5.putString("params.keyUsageDataEncipherment", "false"); + defConfig5.putString("params.keyUsageDecipherOnly", "false"); + defConfig5.putString("params.keyUsageDigitalSignature", "true"); + defConfig5.putString("params.keyUsageEncipherOnly", "false"); + defConfig5.putString("params.keyUsageKeyAgreement", "false"); + defConfig5.putString("params.keyUsageKeyCertSign", "true"); + defConfig5.putString("params.keyUsageKeyEncipherment", "false"); + defConfig5.putString("params.keyUsageNonRepudiation", "true"); IPolicyConstraint con5 = policy5.getConstraint(); IConfigStore conConfig5 = con5.getConfigStore(); IProfilePolicy policy6 = - createProfilePolicy("set1", "p6", - "basicConstraintsExtDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p6", + "basicConstraintsExtDefaultImpl", "noConstraintImpl"); IPolicyDefault def6 = policy6.getDefault(); IConfigStore defConfig6 = def6.getConfigStore(); - defConfig6.putString("params.basicConstraintsPathLen","-1"); - defConfig6.putString("params.basicConstraintsIsCA","true"); - defConfig6.putString("params.basicConstraintsPathLen","-1"); + defConfig6.putString("params.basicConstraintsPathLen", "-1"); + defConfig6.putString("params.basicConstraintsIsCA", "true"); + defConfig6.putString("params.basicConstraintsPathLen", "-1"); IPolicyConstraint con6 = policy6.getConstraint(); IConfigStore conConfig6 = con6.getConfigStore(); } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java index 32cd51b5..df558acb 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import java.util.Enumeration; import netscape.security.x509.X500Name; @@ -41,27 +40,23 @@ import com.netscape.certsrv.profile.IProfileUpdater; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestStatus; - /** - * This class implements a Certificate Manager enrollment - * profile. - * + * This class implements a Certificate Manager enrollment profile. + * * @version $Revision$, $Date$ */ public class CAEnrollProfile extends EnrollProfile { - private final static String - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4"; - + private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4"; public CAEnrollProfile() { super(); } public IAuthority getAuthority() { - IAuthority authority = (IAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + IAuthority authority = (IAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); if (authority == null) return null; @@ -70,17 +65,17 @@ public class CAEnrollProfile extends EnrollProfile { public X500Name getIssuerName() { ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); X500Name issuerName = ca.getX500Name(); return issuerName; } public void execute(IRequest request) - throws EProfileException { + throws EProfileException { long startTime = CMS.getCurrentDate().getTime(); - + if (!isEnable()) { CMS.debug("CAEnrollProfile: Profile Not Enabled"); throw new EProfileException("Profile Not Enabled"); @@ -91,14 +86,13 @@ public class CAEnrollProfile extends EnrollProfile { String auditRequesterID = auditRequesterID(request); String auditArchiveID = ILogger.UNIDENTIFIED; - String id = request.getRequestId().toString(); if (id != null) { auditArchiveID = id.trim(); } - CMS.debug("CAEnrollProfile: execute reqId=" + - request.getRequestId().toString()); + CMS.debug("CAEnrollProfile: execute reqId=" + + request.getRequestId().toString()); ICertificateAuthority ca = (ICertificateAuthority) getAuthority(); ICAService caService = (ICAService) ca.getCAService(); @@ -113,41 +107,39 @@ public class CAEnrollProfile extends EnrollProfile { // do not archive keys for renewal requests if ((optionsData != null) && (!request.getRequestType().equals(IRequest.RENEWAL_REQUEST))) { PKIArchiveOptions options = (PKIArchiveOptions) - toPKIArchiveOptions(optionsData); + toPKIArchiveOptions(optionsData); if (options != null) { CMS.debug("CAEnrollProfile: execute found " + - "PKIArchiveOptions"); + "PKIArchiveOptions"); try { IConnector kraConnector = caService.getKRAConnector(); if (kraConnector == null) { CMS.debug("CAEnrollProfile: KRA connector " + - "not configured"); + "not configured"); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditArchiveID); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditArchiveID); audit(auditMessage); - + } else { CMS.debug("CAEnrollProfile: execute send request"); kraConnector.send(request); - - // check response if (!request.isSuccess()) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditArchiveID); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditArchiveID); audit(auditMessage); throw new ERejectException( @@ -155,17 +147,16 @@ public class CAEnrollProfile extends EnrollProfile { } auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditArchiveID); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditArchiveID); audit(auditMessage); } } catch (Exception e) { - if (e instanceof ERejectException) { throw (ERejectException) e; } @@ -189,17 +180,17 @@ public class CAEnrollProfile extends EnrollProfile { X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO); X509CertImpl theCert = null; - // #615460 - added audit log (transaction) + // #615460 - added audit log (transaction) SessionContext sc = SessionContext.getExistingContext(); sc.put("profileId", getId()); String setId = request.getExtDataInString("profileSetId"); if (setId != null) { - sc.put("profileSetId", setId); + sc.put("profileSetId", setId); } try { theCert = caService.issueX509Cert(info, getId() /* profileId */, - id /* requestId */); + id /* requestId */); } catch (EBaseException e) { CMS.debug(e.toString()); @@ -211,24 +202,24 @@ public class CAEnrollProfile extends EnrollProfile { String initiative = AuditFormat.FROMAGENT + " userID: " - + (String)sc.get(SessionContext.USER_ID); - String authMgr = (String)sc.get(SessionContext.AUTH_MANAGER_ID); + + (String) sc.get(SessionContext.USER_ID); + String authMgr = (String) sc.get(SessionContext.AUTH_MANAGER_ID); ILogger logger = CMS.getLogger(); - if( logger != null ) { - logger.log( ILogger.EV_AUDIT, - ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.FORMAT, - new Object[] { - request.getRequestType(), - request.getRequestId(), - initiative, - authMgr, - "completed", - theCert.getSubjectDN(), - "cert issued serial number: 0x" + - theCert.getSerialNumber().toString(16) + - " time: " + (endTime - startTime) } - ); + if (logger != null) { + logger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.FORMAT, + new Object[] { + request.getRequestType(), + request.getRequestId(), + initiative, + authMgr, + "completed", + theCert.getSubjectDN(), + "cert issued serial number: 0x" + + theCert.getSerialNumber().toString(16) + + " time: " + (endTime - startTime) } + ); } request.setRequestStatus(RequestStatus.COMPLETE); @@ -236,9 +227,9 @@ public class CAEnrollProfile extends EnrollProfile { // notifies updater plugins Enumeration updaterIds = getProfileUpdaterIds(); while (updaterIds.hasMoreElements()) { - String updaterId = (String)updaterIds.nextElement(); - IProfileUpdater updater = getProfileUpdater(updaterId); - updater.update(request, RequestStatus.COMPLETE); + String updaterId = (String) updaterIds.nextElement(); + IProfileUpdater updater = getProfileUpdater(updaterId); + updater.update(request, RequestStatus.COMPLETE); } // set value for predicate value - checking in getRule @@ -248,4 +239,3 @@ public class CAEnrollProfile extends EnrollProfile { request.setExtData("isEncryptionCert", "false"); } } - diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java index 8bc6f190..f56481d2 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -99,21 +98,21 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.cmsutil.util.HMACDigest; - /** * This class implements a generic enrollment profile. - * + * * @version $Revision$, $Date$ */ -public abstract class EnrollProfile extends BasicProfile - implements IEnrollProfile { +public abstract class EnrollProfile extends BasicProfile + implements IEnrollProfile { private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST = - "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; + "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = - "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; + "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; private PKIData mCMCData; + public EnrollProfile() { super(); } @@ -134,11 +133,11 @@ public abstract class EnrollProfile extends BasicProfile * Creates request. */ public IRequest[] createRequests(IProfileContext context, Locale locale) - throws EProfileException { + throws EProfileException { EnrollProfileContext ctx = (EnrollProfileContext) context; // determine how many requests should be created - String cert_request_type = ctx.get(CTX_CERT_REQUEST_TYPE); + String cert_request_type = ctx.get(CTX_CERT_REQUEST_TYPE); String cert_request = ctx.get(CTX_CERT_REQUEST); String is_renewal = ctx.get(CTX_RENEWAL); Integer renewal_seq_num = 0; @@ -168,17 +167,16 @@ public abstract class EnrollProfile extends BasicProfile num_requests = msgs.length; } - // only 1 request for renewal + // only 1 request for renewal if ((is_renewal != null) && (is_renewal.equals("true"))) { num_requests = 1; String renewal_seq_num_str = ctx.get(CTX_RENEWAL_SEQ_NUM); if (renewal_seq_num_str != null) { renewal_seq_num = Integer.parseInt(renewal_seq_num_str); } else { - renewal_seq_num =0; + renewal_seq_num = 0; } } - // populate requests with appropriate content IRequest result[] = new IRequest[num_requests]; @@ -186,7 +184,7 @@ public abstract class EnrollProfile extends BasicProfile for (int i = 0; i < num_requests; i++) { result[i] = createEnrollmentRequest(); if ((is_renewal != null) && (is_renewal.equals("true"))) { - result[i].setExtData(REQUEST_SEQ_NUM,renewal_seq_num); + result[i].setExtData(REQUEST_SEQ_NUM, renewal_seq_num); } else { result[i].setExtData(REQUEST_SEQ_NUM, Integer.valueOf(i)); } @@ -211,32 +209,32 @@ public abstract class EnrollProfile extends BasicProfile 48, 92, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5, 0, 3, 75, 0, 48, 72, 2, 65, 0, -65, 121, -119, -59, 105, 66, -122, -78, -30, -64, 63, -47, 44, -48, -104, 103, -47, -108, - 42, -38, 46, -8, 32, 49, -29, -26, -112, -29, -86,71, 24, + 42, -38, 46, -8, 32, 49, -29, -26, -112, -29, -86, 71, 24, -104, 78, -31, -75, -128, 90, -92, -34, -51, -125, -13, 80, 101, -78, 39, -119, -38, 117, 28, 67, -19, -71, -124, -85, 105, -53, - -103, -59, -67, -38, -83, 118, 65, 2, 3, 1, 0, 1}; + -103, -59, -67, -38, -83, 118, 65, 2, 3, 1, 0, 1 }; // default values into x509 certinfo. This thing is // not serializable by default try { - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); - info.set(X509CertInfo.SERIAL_NUMBER, - new CertificateSerialNumber(new BigInteger("0"))); - info.set(X509CertInfo.ISSUER, - new CertificateIssuerName(issuerName)); + info.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); + info.set(X509CertInfo.SERIAL_NUMBER, + new CertificateSerialNumber(new BigInteger("0"))); + info.set(X509CertInfo.ISSUER, + new CertificateIssuerName(issuerName)); info.set(X509CertInfo.KEY, - new CertificateX509Key(X509Key.parse(new DerValue(dummykey)))); - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(issuerName)); - info.set(X509CertInfo.VALIDITY, - new CertificateValidity(new Date(), new Date())); - info.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId( - AlgorithmId.getAlgorithmId("MD5withRSA"))); + new CertificateX509Key(X509Key.parse(new DerValue(dummykey)))); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(issuerName)); + info.set(X509CertInfo.VALIDITY, + new CertificateValidity(new Date(), new Date())); + info.set(X509CertInfo.ALGORITHM_ID, + new CertificateAlgorithmId( + AlgorithmId.getAlgorithmId("MD5withRSA"))); // add default extension container - info.set(X509CertInfo.EXTENSIONS, - new CertificateExtensions()); + info.set(X509CertInfo.EXTENSIONS, + new CertificateExtensions()); } catch (Exception e) { // throw exception - add key to template CMS.debug("EnrollProfile: Building X509CertInfo - " + e.toString()); @@ -246,7 +244,7 @@ public abstract class EnrollProfile extends BasicProfile } public IRequest createEnrollmentRequest() - throws EProfileException { + throws EProfileException { IRequest req = null; try { @@ -270,7 +268,7 @@ public abstract class EnrollProfile extends BasicProfile } public abstract void execute(IRequest request) - throws EProfileException; + throws EProfileException; /** * Perform simple policy set assignment. @@ -298,7 +296,7 @@ public abstract class EnrollProfile extends BasicProfile try { CertificateSubjectName sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); + info.get(X509CertInfo.SUBJECT); return sn.toString(); } catch (Exception e) { @@ -308,35 +306,35 @@ public abstract class EnrollProfile extends BasicProfile } /** - * This method is called after the user submits the - * request from the end-entity page. + * This method is called after the user submits the request from the + * end-entity page. */ public void submit(IAuthToken token, IRequest request) - throws EDeferException, EProfileException { + throws EDeferException, EProfileException { // Request Submission Logic: // // if (Authentication Failed) { - // return Error + // return Error + // } else { + // if (No Auth Token) { + // queue request // } else { - // if (No Auth Token) { - // queue request - // } else { - // process request - // } + // process request + // } // } - IAuthority authority = (IAuthority) - getAuthority(); + IAuthority authority = (IAuthority) + getAuthority(); IRequestQueue queue = authority.getRequestQueue(); - // this profile queues request that is authenticated - // by NoAuth - try { - queue.updateRequest(request); - } catch (EBaseException e) { - // save request to disk - CMS.debug("EnrollProfile: Update request " + e.toString()); - } + // this profile queues request that is authenticated + // by NoAuth + try { + queue.updateRequest(request); + } catch (EBaseException e) { + // save request to disk + CMS.debug("EnrollProfile: Update request " + e.toString()); + } if (token == null) { CMS.debug("EnrollProfile: auth token is null"); @@ -359,7 +357,7 @@ public abstract class EnrollProfile extends BasicProfile } public TaggedRequest[] parseCMC(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { /* cert request must not be null */ if (certreq == null) { CMS.debug("EnrollProfile: parseCMC() certreq null"); @@ -374,21 +372,21 @@ public abstract class EnrollProfile extends BasicProfile try { byte data[] = CMS.AtoB(creq); ByteArrayInputStream cmcBlobIn = - new ByteArrayInputStream(data); - + new ByteArrayInputStream(data); + org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) - org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); - org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData)cmcReq.getInterpretedContent(); - org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); + org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); + org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData) cmcReq.getInterpretedContent(); + org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); OBJECT_IDENTIFIER id = ci.getContentType(); OCTET_STRING content = ci.getContent(); - + ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray()); PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s); mCMCData = pkiData; - //PKIData pkiData = (PKIData) - // (new PKIData.Template()).decode(cmcBlobIn); + // PKIData pkiData = (PKIData) + // (new PKIData.Template()).decode(cmcBlobIn); SEQUENCE controlSeq = pkiData.getControlSequence(); int numcontrols = controlSeq.size(); SEQUENCE reqSeq = pkiData.getReqSequence(); @@ -398,22 +396,22 @@ public abstract class EnrollProfile extends BasicProfile if (numcontrols > 0) { context.put("numOfControls", Integer.valueOf(numcontrols)); TaggedAttribute[] attributes = new TaggedAttribute[numcontrols]; - for (int i=0; i<numcontrols; i++) { - attributes[i] = (TaggedAttribute)controlSeq.elementAt(i); + for (int i = 0; i < numcontrols; i++) { + attributes[i] = (TaggedAttribute) controlSeq.elementAt(i); OBJECT_IDENTIFIER oid = attributes[i].getType(); if (oid.equals(OBJECT_IDENTIFIER.id_cmc_identityProof)) { - boolean valid = verifyIdentityProof(attributes[i], - reqSeq); + boolean valid = verifyIdentityProof(attributes[i], + reqSeq); if (!valid) { - SEQUENCE bpids = getRequestBpids(reqSeq); + SEQUENCE bpids = getRequestBpids(reqSeq); context.put("identityProof", bpids); return null; } } else if (oid.equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkRandom)) { SET vals = attributes[i].getValues(); - OCTET_STRING ostr = - (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + OCTET_STRING ostr = + (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); randomSeed = ostr.toByteArray(); } else { context.put(attributes[i].getType(), attributes[i]); @@ -421,18 +419,18 @@ public abstract class EnrollProfile extends BasicProfile } } } - + SEQUENCE otherMsgSeq = pkiData.getOtherMsgSequence(); int numOtherMsgs = otherMsgSeq.size(); if (!context.containsKey("numOfOtherMsgs")) { context.put("numOfOtherMsgs", Integer.valueOf(numOtherMsgs)); - for (int i=0; i<numOtherMsgs; i++) { - OtherMsg omsg =(OtherMsg)(ASN1Util.decode(OtherMsg.getTemplate(), - ASN1Util.encode(otherMsgSeq.elementAt(i)))); - context.put("otherMsg"+i, omsg); + for (int i = 0; i < numOtherMsgs; i++) { + OtherMsg omsg = (OtherMsg) (ASN1Util.decode(OtherMsg.getTemplate(), + ASN1Util.encode(otherMsgSeq.elementAt(i)))); + context.put("otherMsg" + i, omsg); } } - + int nummsgs = reqSeq.size(); if (nummsgs > 0) { msgs = new TaggedRequest[reqSeq.size()]; @@ -445,7 +443,7 @@ public abstract class EnrollProfile extends BasicProfile valid = verifyPOPLinkWitness(randomSeed, msgs[i], bpids); if (!valid || bpids.size() > 0) { context.put("POPLinkWitness", bpids); - return null; + return null; } } } @@ -462,7 +460,7 @@ public abstract class EnrollProfile extends BasicProfile } private boolean verifyPOPLinkWitness(byte[] randomSeed, TaggedRequest req, - SEQUENCE bpids) { + SEQUENCE bpids) { ISharedToken tokenClass = null; boolean sharedSecretFound = true; String name = null; @@ -477,15 +475,15 @@ public abstract class EnrollProfile extends BasicProfile } try { - tokenClass = (ISharedToken)Class.forName(name).newInstance(); + tokenClass = (ISharedToken) Class.forName(name).newInstance(); } catch (ClassNotFoundException e) { - CMS.debug("EnrollProfile: Failed to find class name: "+name); + CMS.debug("EnrollProfile: Failed to find class name: " + name); sharedSecretFound = false; } catch (InstantiationException e) { - CMS.debug("EnrollProfile: Failed to instantiate class: "+name); + CMS.debug("EnrollProfile: Failed to instantiate class: " + name); sharedSecretFound = false; } catch (IllegalAccessException e) { - CMS.debug("EnrollProfile: Illegal access: "+name); + CMS.debug("EnrollProfile: Illegal access: " + name); sharedSecretFound = false; } @@ -494,7 +492,7 @@ public abstract class EnrollProfile extends BasicProfile String sharedSecret = null; if (tokenClass != null) sharedSecret = tokenClass.getSharedToken(mCMCData); - if (req.getType().equals(TaggedRequest.PKCS10)) { + if (req.getType().equals(TaggedRequest.PKCS10)) { TaggedCertificationRequest tcr = req.getTcr(); if (!sharedSecretFound) { bpids.addElement(tcr.getBodyPartID()); @@ -503,25 +501,25 @@ public abstract class EnrollProfile extends BasicProfile CertificationRequest creq = tcr.getCertificationRequest(); CertificationRequestInfo cinfo = creq.getInfo(); SET attrs = cinfo.getAttributes(); - for (int j=0; j<attrs.size(); j++) { - Attribute pkcs10Attr = (Attribute)attrs.elementAt(j); + for (int j = 0; j < attrs.size(); j++) { + Attribute pkcs10Attr = (Attribute) attrs.elementAt(j); if (pkcs10Attr.getType().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { SET witnessVal = pkcs10Attr.getValues(); if (witnessVal.size() > 0) { try { OCTET_STRING str = - (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(witnessVal.elementAt(0)))); + (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(witnessVal.elementAt(0)))); bv = str.toByteArray(); return verifyDigest(sharedSecret.getBytes(), - randomSeed, bv); + randomSeed, bv); } catch (InvalidBERException ex) { return false; } } - } + } } - + return false; } } else if (req.getType().equals(TaggedRequest.CRMF)) { @@ -535,14 +533,14 @@ public abstract class EnrollProfile extends BasicProfile for (int i = 0; i < certReq.numControls(); i++) { AVA ava = certReq.controlAt(i); - if (ava.getOID().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { + if (ava.getOID().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { ASN1Value value = ava.getValue(); ByteArrayInputStream bis = new ByteArrayInputStream( - ASN1Util.encode(value)); + ASN1Util.encode(value)); OCTET_STRING ostr = null; try { ostr = (OCTET_STRING) - (new OCTET_STRING.Template()).decode(bis); + (new OCTET_STRING.Template()).decode(bis); bv = ostr.toByteArray(); } catch (Exception e) { bpids.addElement(reqId); @@ -550,7 +548,7 @@ public abstract class EnrollProfile extends BasicProfile } boolean valid = verifyDigest(sharedSecret.getBytes(), - randomSeed, bv); + randomSeed, bv); if (!valid) { bpids.addElement(reqId); return valid; @@ -569,7 +567,7 @@ public abstract class EnrollProfile extends BasicProfile MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); key = SHA1Digest.digest(sharedSecret); } catch (NoSuchAlgorithmException ex) { - CMS.debug("EnrollProfile: No such algorithm for this message digest."); + CMS.debug("EnrollProfile: No such algorithm for this message digest."); return false; } @@ -580,7 +578,7 @@ public abstract class EnrollProfile extends BasicProfile hmacDigest.update(text); finalDigest = hmacDigest.digest(); } catch (NoSuchAlgorithmException ex) { - CMS.debug("EnrollProfile: No such algorithm for this message digest."); + CMS.debug("EnrollProfile: No such algorithm for this message digest."); return false; } @@ -589,9 +587,9 @@ public abstract class EnrollProfile extends BasicProfile return false; } - for (int j=0; j<bv.length; j++) { + for (int j = 0; j < bv.length; j++) { if (bv[j] != finalDigest[j]) { - CMS.debug("EnrollProfile: The content of two HMAC digest are not the same."); + CMS.debug("EnrollProfile: The content of two HMAC digest are not the same."); return false; } } @@ -633,23 +631,23 @@ public abstract class EnrollProfile extends BasicProfile else { ISharedToken tokenClass = null; try { - tokenClass = (ISharedToken)Class.forName(name).newInstance(); + tokenClass = (ISharedToken) Class.forName(name).newInstance(); } catch (ClassNotFoundException e) { - CMS.debug("EnrollProfile: Failed to find class name: "+name); + CMS.debug("EnrollProfile: Failed to find class name: " + name); return false; } catch (InstantiationException e) { - CMS.debug("EnrollProfile: Failed to instantiate class: "+name); + CMS.debug("EnrollProfile: Failed to instantiate class: " + name); return false; } catch (IllegalAccessException e) { - CMS.debug("EnrollProfile: Illegal access: "+name); + CMS.debug("EnrollProfile: Illegal access: " + name); return false; } - + String token = tokenClass.getSharedToken(mCMCData); OCTET_STRING ostr = null; try { - ostr = (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + ostr = (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); } catch (InvalidBERException e) { CMS.debug("EnrollProfile: Failed to decode the byte value."); return false; @@ -662,34 +660,34 @@ public abstract class EnrollProfile extends BasicProfile } public void fillTaggedRequest(Locale locale, TaggedRequest tagreq, X509CertInfo info, - IRequest req) - throws EProfileException { + IRequest req) + throws EProfileException { TaggedRequest.Type type = tagreq.getType(); - if (type.equals(TaggedRequest.PKCS10)) { + if (type.equals(TaggedRequest.PKCS10)) { try { - TaggedCertificationRequest tcr = tagreq.getTcr(); - CertificationRequest p10 = tcr.getCertificationRequest(); - ByteArrayOutputStream ostream = new ByteArrayOutputStream(); + TaggedCertificationRequest tcr = tagreq.getTcr(); + CertificationRequest p10 = tcr.getCertificationRequest(); + ByteArrayOutputStream ostream = new ByteArrayOutputStream(); - p10.encode(ostream); + p10.encode(ostream); PKCS10 pkcs10 = new PKCS10(ostream.toByteArray()); req.setExtData("bodyPartId", tcr.getBodyPartID()); fillPKCS10(locale, pkcs10, info, req); } catch (Exception e) { - CMS.debug("EnrollProfile: fillTaggedRequest " + - e.toString()); + CMS.debug("EnrollProfile: fillTaggedRequest " + + e.toString()); } - } else if (type.equals(TaggedRequest.CRMF)) { - CertReqMsg crm = tagreq.getCrm(); + } else if (type.equals(TaggedRequest.CRMF)) { + CertReqMsg crm = tagreq.getCrm(); SessionContext context = SessionContext.getContext(); - Integer nums = (Integer)(context.get("numOfControls")); + Integer nums = (Integer) (context.get("numOfControls")); // check if the LRA POP Witness Control attribute exists if (nums != null && nums.intValue() > 0) { - TaggedAttribute attr = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); + TaggedAttribute attr = + (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); if (attr != null) { parseLRAPopWitness(locale, crm, attr); } else { @@ -708,42 +706,42 @@ public abstract class EnrollProfile extends BasicProfile } } - private void parseLRAPopWitness(Locale locale, CertReqMsg crm, - TaggedAttribute attr) throws EProfileException { + private void parseLRAPopWitness(Locale locale, CertReqMsg crm, + TaggedAttribute attr) throws EProfileException { SET vals = attr.getValues(); boolean donePOP = false; INTEGER reqId = null; if (vals.size() > 0) { LraPopWitness lraPop = null; try { - lraPop = (LraPopWitness)(ASN1Util.decode(LraPopWitness.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + lraPop = (LraPopWitness) (ASN1Util.decode(LraPopWitness.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); } catch (InvalidBERException e) { throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR")); + CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR")); } SEQUENCE bodyIds = lraPop.getBodyIds(); reqId = crm.getCertReq().getCertReqId(); - for (int i=0; i<bodyIds.size(); i++) { - INTEGER num = (INTEGER)(bodyIds.elementAt(i)); + for (int i = 0; i < bodyIds.size(); i++) { + INTEGER num = (INTEGER) (bodyIds.elementAt(i)); if (num.toString().equals(reqId.toString())) { donePOP = true; - CMS.debug("EnrollProfile: skip POP for request: "+reqId.toString()+ " because LRA POP Witness control is found."); + CMS.debug("EnrollProfile: skip POP for request: " + reqId.toString() + " because LRA POP Witness control is found."); break; } } } if (!donePOP) { - CMS.debug("EnrollProfile: not skip POP for request: "+reqId.toString()+" because this request id is not part of the body list in LRA Pop witness control."); + CMS.debug("EnrollProfile: not skip POP for request: " + reqId.toString() + " because this request id is not part of the body list in LRA Pop witness control."); verifyPOP(locale, crm); } } public CertReqMsg[] parseCRMF(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { /* cert request must not be null */ if (certreq == null) { @@ -758,10 +756,10 @@ public abstract class EnrollProfile extends BasicProfile try { byte data[] = CMS.AtoB(creq); ByteArrayInputStream crmfBlobIn = - new ByteArrayInputStream(data); + new ByteArrayInputStream(data); SEQUENCE crmfMsgs = (SEQUENCE) - new SEQUENCE.OF_Template(new - CertReqMsg.Template()).decode(crmfBlobIn); + new SEQUENCE.OF_Template(new + CertReqMsg.Template()).decode(crmfBlobIn); int nummsgs = crmfMsgs.size(); if (nummsgs <= 0) @@ -779,17 +777,17 @@ public abstract class EnrollProfile extends BasicProfile } private static final OBJECT_IDENTIFIER PKIARCHIVEOPTIONS_OID = - new OBJECT_IDENTIFIER(new long[] {1, 3, 6, 1, 5, 5, 7, 5, 1, 4} - ); + new OBJECT_IDENTIFIER(new long[] { 1, 3, 6, 1, 5, 5, 7, 5, 1, 4 } + ); - protected PKIArchiveOptions getPKIArchiveOptions(AVA ava) { - ASN1Value archVal = ava.getValue(); + protected PKIArchiveOptions getPKIArchiveOptions(AVA ava) { + ASN1Value archVal = ava.getValue(); ByteArrayInputStream bis = new ByteArrayInputStream( - ASN1Util.encode(archVal)); + ASN1Util.encode(archVal)); PKIArchiveOptions archOpts = null; - try { - archOpts = (PKIArchiveOptions) + try { + archOpts = (PKIArchiveOptions) (new PKIArchiveOptions.Template()).decode(bis); } catch (Exception e) { CMS.debug("EnrollProfile: getPKIArchiveOptions " + e.toString()); @@ -801,8 +799,8 @@ public abstract class EnrollProfile extends BasicProfile ByteArrayInputStream bis = new ByteArrayInputStream(options); PKIArchiveOptions archOpts = null; - try { - archOpts = (PKIArchiveOptions) + try { + archOpts = (PKIArchiveOptions) (new PKIArchiveOptions.Template()).decode(bis); } catch (Exception e) { CMS.debug("EnrollProfile: toPKIArchiveOptions " + e.toString()); @@ -810,13 +808,13 @@ public abstract class EnrollProfile extends BasicProfile return archOpts; } - public byte[] toByteArray(PKIArchiveOptions options) { + public byte[] toByteArray(PKIArchiveOptions options) { return ASN1Util.encode(options); } public void fillCertReqMsg(Locale locale, CertReqMsg certReqMsg, X509CertInfo info, - IRequest req) - throws EProfileException { + IRequest req) + throws EProfileException { try { CMS.debug("Start parseCertReqMsg "); CertRequest certReq = certReqMsg.getCertReq(); @@ -825,12 +823,12 @@ public abstract class EnrollProfile extends BasicProfile for (int i = 0; i < certReq.numControls(); i++) { AVA ava = certReq.controlAt(i); - if (ava.getOID().equals(PKIARCHIVEOPTIONS_OID)) { + if (ava.getOID().equals(PKIARCHIVEOPTIONS_OID)) { PKIArchiveOptions opt = getPKIArchiveOptions(ava); - //req.set(REQUEST_ARCHIVE_OPTIONS, opt); - req.setExtData(REQUEST_ARCHIVE_OPTIONS, - toByteArray(opt)); + // req.set(REQUEST_ARCHIVE_OPTIONS, opt); + req.setExtData(REQUEST_ARCHIVE_OPTIONS, + toByteArray(opt)); } } @@ -847,8 +845,8 @@ public abstract class EnrollProfile extends BasicProfile key.decode(keybytes); // XXX - kmccarth - this may simply undo the decoding above - // but for now it's unclear whether X509Key - // changest the format when decoding. + // but for now it's unclear whether X509Key + // changest the format when decoding. CertificateX509Key certKey = new CertificateX509Key(key); ByteArrayOutputStream certKeyOut = new ByteArrayOutputStream(); certKey.encode(certKeyOut); @@ -856,7 +854,7 @@ public abstract class EnrollProfile extends BasicProfile // parse validity if (certTemplate.getNotBefore() != null || - certTemplate.getNotAfter() != null) { + certTemplate.getNotAfter() != null) { CMS.debug("EnrollProfile: requested notBefore: " + certTemplate.getNotBefore()); CMS.debug("EnrollProfile: requested notAfter: " + certTemplate.getNotAfter()); CMS.debug("EnrollProfile: current CA time: " + new Date()); @@ -874,30 +872,32 @@ public abstract class EnrollProfile extends BasicProfile if (certTemplate.hasSubject()) { Name subjectdn = certTemplate.getSubject(); ByteArrayOutputStream subjectEncStream = - new ByteArrayOutputStream(); + new ByteArrayOutputStream(); subjectdn.encode(subjectEncStream); byte[] subjectEnc = subjectEncStream.toByteArray(); X500Name subject = new X500Name(subjectEnc); - //info.set(X509CertInfo.SUBJECT, - // new CertificateSubjectName(subject)); + // info.set(X509CertInfo.SUBJECT, + // new CertificateSubjectName(subject)); req.setExtData(REQUEST_SUBJECT_NAME, new CertificateSubjectName(subject)); try { - String subjectCN = subject.getCommonName(); - if (subjectCN == null) subjectCN = ""; - req.setExtData(REQUEST_SUBJECT_NAME+".cn", subjectCN); + String subjectCN = subject.getCommonName(); + if (subjectCN == null) + subjectCN = ""; + req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME+".cn", ""); + req.setExtData(REQUEST_SUBJECT_NAME + ".cn", ""); } try { String subjectUID = subject.getUserID(); - if (subjectUID == null) subjectUID = ""; - req.setExtData(REQUEST_SUBJECT_NAME+".uid", subjectUID); + if (subjectUID == null) + subjectUID = ""; + req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME+".uid", ""); + req.setExtData(REQUEST_SUBJECT_NAME + ".uid", ""); } } @@ -906,11 +906,11 @@ public abstract class EnrollProfile extends BasicProfile // try { extensions = req.getExtDataInCertExts(REQUEST_EXTENSIONS); - // } catch (CertificateException e) { - // extensions = null; + // } catch (CertificateException e) { + // extensions = null; // } catch (IOException e) { - // extensions = null; - // } + // extensions = null; + // } if (certTemplate.hasExtensions()) { // put each extension from CRMF into CertInfo. // index by extension name, consistent with @@ -921,10 +921,10 @@ public abstract class EnrollProfile extends BasicProfile for (int j = 0; j < numexts; j++) { org.mozilla.jss.pkix.cert.Extension jssext = - certTemplate.extensionAt(j); + certTemplate.extensionAt(j); boolean isCritical = jssext.getCritical(); org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = - jssext.getExtnId(); + jssext.getExtnId(); long[] numbers = jssoid.getNumbers(); int[] oidNumbers = new int[numbers.length]; @@ -932,21 +932,21 @@ public abstract class EnrollProfile extends BasicProfile oidNumbers[k] = (int) numbers[k]; } ObjectIdentifier oid = - new ObjectIdentifier(oidNumbers); + new ObjectIdentifier(oidNumbers); org.mozilla.jss.asn1.OCTET_STRING jssvalue = - jssext.getExtnValue(); + jssext.getExtnValue(); ByteArrayOutputStream jssvalueout = - new ByteArrayOutputStream(); + new ByteArrayOutputStream(); jssvalue.encode(jssvalueout); byte[] extValue = jssvalueout.toByteArray(); Extension ext = - new Extension(oid, isCritical, extValue); + new Extension(oid, isCritical, extValue); extensions.parseExtension(ext); } - // info.set(X509CertInfo.EXTENSIONS, extensions); + // info.set(X509CertInfo.EXTENSIONS, extensions); req.setExtData(REQUEST_EXTENSIONS, extensions); } @@ -958,14 +958,14 @@ public abstract class EnrollProfile extends BasicProfile CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString()); throw new EProfileException( CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - // } catch (CertificateException e) { - // CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString()); - // throw new EProfileException(e.toString()); + // } catch (CertificateException e) { + // CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString()); + // throw new EProfileException(e.toString()); } } public PKCS10 parsePKCS10(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { /* cert request must not be null */ if (certreq == null) { CMS.debug("EnrollProfile:parsePKCS10() certreq null"); @@ -996,7 +996,7 @@ public abstract class EnrollProfile extends BasicProfile CMS.debug("EnrollProfile: parsePKCS10: use internal token"); signToken = cm.getInternalCryptoToken(); } else { - CMS.debug("EnrollProfile: parsePKCS10: tokenName="+ tokenName); + CMS.debug("EnrollProfile: parsePKCS10: tokenName=" + tokenName); signToken = cm.getTokenByName(tokenName); } CMS.debug("EnrollProfile: parsePKCS10 setting thread token"); @@ -1021,7 +1021,7 @@ public abstract class EnrollProfile extends BasicProfile } public void fillPKCS10(Locale locale, PKCS10 pkcs10, X509CertInfo info, IRequest req) - throws EProfileException { + throws EProfileException { X509Key key = pkcs10.getSubjectPublicKeyInfo(); try { @@ -1033,18 +1033,20 @@ public abstract class EnrollProfile extends BasicProfile req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME, new CertificateSubjectName(pkcs10.getSubjectName())); try { - String subjectCN = pkcs10.getSubjectName().getCommonName(); - if (subjectCN == null) subjectCN = ""; - req.setExtData(REQUEST_SUBJECT_NAME+".cn", subjectCN); + String subjectCN = pkcs10.getSubjectName().getCommonName(); + if (subjectCN == null) + subjectCN = ""; + req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME+".cn", ""); + req.setExtData(REQUEST_SUBJECT_NAME + ".cn", ""); } try { String subjectUID = pkcs10.getSubjectName().getUserID(); - if (subjectUID == null) subjectUID = ""; - req.setExtData(REQUEST_SUBJECT_NAME+".uid", subjectUID); + if (subjectUID == null) + subjectUID = ""; + req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME+".uid", ""); + req.setExtData(REQUEST_SUBJECT_NAME + ".uid", ""); } info.set(X509CertInfo.KEY, certKey); @@ -1052,11 +1054,12 @@ public abstract class EnrollProfile extends BasicProfile PKCS10Attributes p10Attrs = pkcs10.getAttributes(); if (p10Attrs != null) { PKCS10Attribute p10Attr = (PKCS10Attribute) - (p10Attrs.getAttribute(CertificateExtensions.NAME)); + (p10Attrs.getAttribute(CertificateExtensions.NAME)); if (p10Attr != null && p10Attr.getAttributeId().equals( - PKCS9Attribute.EXTENSION_REQUEST_OID)) { CMS.debug("Found PKCS10 extension"); + PKCS9Attribute.EXTENSION_REQUEST_OID)) { + CMS.debug("Found PKCS10 extension"); Extensions exts0 = (Extensions) - (p10Attr.getAttributeValue()); + (p10Attr.getAttributeValue()); DerOutputStream extOut = new DerOutputStream(); exts0.encode(extOut); @@ -1070,8 +1073,8 @@ public abstract class EnrollProfile extends BasicProfile } } else { CMS.debug("PKCS10 extension Not Found"); - } - } + } + } CMS.debug("Finish parsePKCS10 - " + pkcs10.getSubjectName()); } catch (IOException e) { @@ -1085,60 +1088,58 @@ public abstract class EnrollProfile extends BasicProfile } } + // for netkey + public void fillNSNKEY(Locale locale, String sn, String skey, X509CertInfo info, IRequest req) + throws EProfileException { - // for netkey - public void fillNSNKEY(Locale locale, String sn, String skey, X509CertInfo info, IRequest req) - throws EProfileException { + try { + // cfu - is the algorithm going to be replaced by the policy? + X509Key key = new X509Key(); + key.decode(CMS.AtoB(skey)); + + info.set(X509CertInfo.KEY, new CertificateX509Key(key)); + // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, + // new CertificateSubjectName(new + // X500Name("CN="+sn))); + req.setExtData("screenname", sn); + // keeping "aoluid" to be backward compatible + req.setExtData("aoluid", sn); + req.setExtData("uid", sn); + CMS.debug("EnrollPrifile: fillNSNKEY(): uid=" + sn); - try { - //cfu - is the algorithm going to be replaced by the policy? - X509Key key = new X509Key(); - key.decode(CMS.AtoB(skey)); - - info.set(X509CertInfo.KEY, new CertificateX509Key(key)); - // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, - // new CertificateSubjectName(new - // X500Name("CN="+sn))); - req.setExtData("screenname", sn); - // keeping "aoluid" to be backward compatible - req.setExtData("aoluid", sn); - req.setExtData("uid", sn); - CMS.debug("EnrollPrifile: fillNSNKEY(): uid="+sn); - - } catch (Exception e) { - CMS.debug("EnrollProfile: fillNSNKEY(): "+e.toString()); + } catch (Exception e) { + CMS.debug("EnrollProfile: fillNSNKEY(): " + e.toString()); throw new EProfileException( CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - } } + } - // for house key - public void fillNSHKEY(Locale locale, String tcuid, String skey, X509CertInfo info, IRequest req) - throws EProfileException { + // for house key + public void fillNSHKEY(Locale locale, String tcuid, String skey, X509CertInfo info, IRequest req) + throws EProfileException { - try { - //cfu - is the algorithm going to be replaced by the policy? - X509Key key = new X509Key(); - key.decode(CMS.AtoB(skey)); + try { + // cfu - is the algorithm going to be replaced by the policy? + X509Key key = new X509Key(); + key.decode(CMS.AtoB(skey)); - info.set(X509CertInfo.KEY, new CertificateX509Key(key)); - // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, - // new CertificateSubjectName(new - // X500Name("CN="+sn))); - req.setExtData("tokencuid", tcuid); + info.set(X509CertInfo.KEY, new CertificateX509Key(key)); + // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, + // new CertificateSubjectName(new + // X500Name("CN="+sn))); + req.setExtData("tokencuid", tcuid); - CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid="+tcuid); + CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid=" + tcuid); - } catch (Exception e) { - CMS.debug("EnrollProfile: fillNSHKEY(): "+e.toString()); + } catch (Exception e) { + CMS.debug("EnrollProfile: fillNSHKEY(): " + e.toString()); throw new EProfileException( CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - } } - + } public DerInputStream parseKeyGen(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { byte data[] = CMS.AtoB(certreq); DerInputStream derIn = new DerInputStream(data); @@ -1147,8 +1148,8 @@ public abstract class EnrollProfile extends BasicProfile } public void fillKeyGen(Locale locale, DerInputStream derIn, X509CertInfo info, IRequest req - ) - throws EProfileException { + ) + throws EProfileException { try { /* get SPKAC Algorithm & Signature */ @@ -1229,37 +1230,38 @@ public abstract class EnrollProfile extends BasicProfile /** * Populate input * <P> - * + * * (either all "agent" profile cert requests NOT made through a connector, - * or all "EE" profile cert requests NOT made through a connector) + * or all "EE" profile cert requests NOT made through a connector) * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a * profile cert request is made (before approval process) * </ul> + * * @param ctx profile context * @param request the certificate request * @exception EProfileException an error related to this profile has - * occurred + * occurred */ public void populateInput(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { super.populateInput(ctx, request); } public void populate(IRequest request) - throws EProfileException { + throws EProfileException { super.populate(request); } /** - * Passes the request to the set of constraint policies - * that validate the request against the profile. + * Passes the request to the set of constraint policies that validate the + * request against the profile. */ public void validate(IRequest request) - throws ERejectException { + throws ERejectException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(request); @@ -1272,15 +1274,15 @@ public abstract class EnrollProfile extends BasicProfile try { CertificateSubjectName sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); + info.get(X509CertInfo.SUBJECT); // if the cert subject name is NOT MISSING, retrieve the // actual "auditCertificateSubjectName" and "normalize" it if (sn != null) { subject = sn.toString(); if (subject != null) { - // NOTE: This is ok even if the cert subject name - // is "" (empty)! + // NOTE: This is ok even if the cert subject name + // is "" (empty)! auditCertificateSubjectName = subject.trim(); } } @@ -1348,12 +1350,11 @@ public abstract class EnrollProfile extends BasicProfile /** * Signed Audit Log Requester ID - * - * This method is inherited by all extended "EnrollProfile"s, - * and is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is inherited by all extended "EnrollProfile"s, and is called + * to obtain the "RequesterID" for a signed audit log message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -1379,12 +1380,11 @@ public abstract class EnrollProfile extends BasicProfile /** * Signed Audit Log Profile ID - * - * This method is inherited by all extended "EnrollProfile"s, - * and is called to obtain the "ProfileID" for - * a signed audit log message. + * + * This method is inherited by all extended "EnrollProfile"s, and is called + * to obtain the "ProfileID" for a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message ProfileID */ protected String auditProfileID() { @@ -1405,7 +1405,7 @@ public abstract class EnrollProfile extends BasicProfile } public void verifyPOP(Locale locale, CertReqMsg certReqMsg) - throws EProfileException { + throws EProfileException { CMS.debug("EnrollProfile ::in verifyPOP"); String auditMessage = null; @@ -1429,32 +1429,31 @@ public abstract class EnrollProfile extends BasicProfile CMS.debug("POP verification using internal token"); certReqMsg.verify(); } else { - CMS.debug("POP verification using token:"+ tokenName); + CMS.debug("POP verification using token:" + tokenName); verifyToken = cm.getTokenByName(tokenName); certReqMsg.verify(verifyToken); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.SUCCESS ); - audit( auditMessage ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.SUCCESS); + audit(auditMessage); } catch (Exception e) { - CMS.debug("Failed POP verify! "+e.toString()); + CMS.debug("Failed POP verify! " + e.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); throw new EProfileException(CMS.getUserMessage(locale, "CMS_POP_VERIFICATION_ERROR")); } } } - diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java index 199aa794..06b05a44 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java @@ -17,17 +17,15 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import com.netscape.certsrv.profile.IProfileContext; - /** - * This class implements an enrollment profile context - * that carries information for request creation. - * + * This class implements an enrollment profile context that carries information + * for request creation. + * * @version $Revision$, $Date$ */ -public class EnrollProfileContext extends ProfileContext - implements IProfileContext { +public class EnrollProfileContext extends ProfileContext + implements IProfileContext { } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java b/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java index 147d9c82..7a275b1e 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java @@ -17,15 +17,13 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import java.util.Hashtable; import com.netscape.certsrv.profile.IProfileContext; - /** * This class implements the profile context. - * + * * @version $Revision$, $Date$ */ public class ProfileContext implements IProfileContext { diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java b/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java index a0f0ed25..7021925a 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java @@ -17,17 +17,14 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import com.netscape.certsrv.profile.IPolicyConstraint; import com.netscape.certsrv.profile.IPolicyDefault; import com.netscape.certsrv.profile.IProfilePolicy; - /** - * This class implements a profile policy that - * contains a default policy and a constraint - * policy. - * + * This class implements a profile policy that contains a default policy and a + * constraint policy. + * * @version $Revision$, $Date$ */ public class ProfilePolicy implements IProfilePolicy { diff --git a/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java index f82e7313..ed6e6e48 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import java.util.Enumeration; import netscape.security.x509.X500Name; @@ -35,11 +34,9 @@ import com.netscape.certsrv.request.IRequestListener; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestStatus; - /** - * This class implements a Registration Manager - * enrollment profile. - * + * This class implements a Registration Manager enrollment profile. + * * @version $Revision$, $Date$ */ public class RAEnrollProfile extends EnrollProfile { @@ -49,8 +46,8 @@ public class RAEnrollProfile extends EnrollProfile { } public IAuthority getAuthority() { - IAuthority authority = (IAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + IAuthority authority = (IAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_RA); if (authority == null) return null; @@ -59,15 +56,14 @@ public class RAEnrollProfile extends EnrollProfile { public X500Name getIssuerName() { IRegistrationAuthority ra = (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + CMS.getSubsystem(CMS.SUBSYSTEM_RA); X500Name issuerName = ra.getX500Name(); return issuerName; } public void execute(IRequest request) - throws EProfileException { - + throws EProfileException { if (!isEnable()) { CMS.debug("CAEnrollProfile: Profile Not Enabled"); @@ -75,14 +71,13 @@ public class RAEnrollProfile extends EnrollProfile { } IRegistrationAuthority ra = - (IRegistrationAuthority) getAuthority(); + (IRegistrationAuthority) getAuthority(); IRAService raService = (IRAService) ra.getRAService(); if (raService == null) { throw new EProfileException("No RA Service"); } - IRequestQueue queue = ra.getRequestQueue(); // send request to CA @@ -94,13 +89,13 @@ public class RAEnrollProfile extends EnrollProfile { } else { caConnector.send(request); // check response - if (!request.isSuccess()) { + if (!request.isSuccess()) { CMS.debug("RAEnrollProfile error talking to CA setting req status to SVC_PENDING"); request.setRequestStatus(RequestStatus.SVC_PENDING); try { - queue.updateRequest(request); + queue.updateRequest(request); } catch (EBaseException e) { CMS.debug("RAEnrollProfile: Update request " + e.toString()); } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java index 4a18ff14..4cb5644b 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.NameValuePairs; @@ -28,91 +27,89 @@ import com.netscape.certsrv.profile.IProfileInput; import com.netscape.certsrv.profile.IProfileOutput; import com.netscape.certsrv.profile.IProfilePolicy; - /** - * This class implements a Certificate Manager enrollment - * profile for Server Certificates. - * + * This class implements a Certificate Manager enrollment profile for Server + * Certificates. + * * @version $Revision$, $Date$ */ -public class ServerCertCAEnrollProfile extends CAEnrollProfile - implements IProfileEx { +public class ServerCertCAEnrollProfile extends CAEnrollProfile + implements IProfileEx { /** - * Called after initialization. It populates default - * policies, inputs, and outputs. + * Called after initialization. It populates default policies, inputs, and + * outputs. */ - public void populate() throws EBaseException - { + public void populate() throws EBaseException { // create inputs NameValuePairs inputParams1 = new NameValuePairs(); IProfileInput input1 = - createProfileInput("i1", "certReqInputImpl", inputParams1); + createProfileInput("i1", "certReqInputImpl", inputParams1); NameValuePairs inputParams2 = new NameValuePairs(); IProfileInput input2 = - createProfileInput("i2", "submitterInfoInputImpl", inputParams2); + createProfileInput("i2", "submitterInfoInputImpl", inputParams2); // create outputs NameValuePairs outputParams1 = new NameValuePairs(); IProfileOutput output1 = - createProfileOutput("o1", "certOutputImpl", outputParams1); + createProfileOutput("o1", "certOutputImpl", outputParams1); IProfilePolicy policy1 = - createProfilePolicy("set1", "p1", - "userSubjectNameDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p1", + "userSubjectNameDefaultImpl", "noConstraintImpl"); IPolicyDefault def1 = policy1.getDefault(); IConfigStore defConfig1 = def1.getConfigStore(); IPolicyConstraint con1 = policy1.getConstraint(); IConfigStore conConfig1 = con1.getConfigStore(); IProfilePolicy policy2 = - createProfilePolicy("set1", "p2", - "validityDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p2", + "validityDefaultImpl", "noConstraintImpl"); IPolicyDefault def2 = policy2.getDefault(); IConfigStore defConfig2 = def2.getConfigStore(); - defConfig2.putString("params.range","180"); - defConfig2.putString("params.startTime","0"); + defConfig2.putString("params.range", "180"); + defConfig2.putString("params.startTime", "0"); IPolicyConstraint con2 = policy2.getConstraint(); IConfigStore conConfig2 = con2.getConfigStore(); IProfilePolicy policy3 = - createProfilePolicy("set1", "p3", - "userKeyDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p3", + "userKeyDefaultImpl", "noConstraintImpl"); IPolicyDefault def3 = policy3.getDefault(); IConfigStore defConfig3 = def3.getConfigStore(); - defConfig3.putString("params.keyType","RSA"); - defConfig3.putString("params.keyMinLength","512"); - defConfig3.putString("params.keyMaxLength","4096"); + defConfig3.putString("params.keyType", "RSA"); + defConfig3.putString("params.keyMinLength", "512"); + defConfig3.putString("params.keyMaxLength", "4096"); IPolicyConstraint con3 = policy3.getConstraint(); IConfigStore conConfig3 = con3.getConfigStore(); IProfilePolicy policy4 = - createProfilePolicy("set1", "p4", - "signingAlgDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p4", + "signingAlgDefaultImpl", "noConstraintImpl"); IPolicyDefault def4 = policy4.getDefault(); IConfigStore defConfig4 = def4.getConfigStore(); - defConfig4.putString("params.signingAlg","-"); + defConfig4.putString("params.signingAlg", "-"); defConfig4.putString("params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); + "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); IPolicyConstraint con4 = policy4.getConstraint(); IConfigStore conConfig4 = con4.getConfigStore(); - IProfilePolicy policy5 = - createProfilePolicy("set1", "p5", - "keyUsageExtDefaultImpl", "noConstraintImpl"); - IPolicyDefault def5 = policy5.getDefault(); - IConfigStore defConfig5 = def5.getConfigStore(); - defConfig5.putString("params.keyUsageCritical","true"); - defConfig5.putString("params.keyUsageCrlSign","false"); - defConfig5.putString("params.keyUsageDataEncipherment","true"); - defConfig5.putString("params.keyUsageDecipherOnly","false"); - defConfig5.putString("params.keyUsageDigitalSignature","true"); - defConfig5.putString("params.keyUsageEncipherOnly","false"); - defConfig5.putString("params.keyUsageKeyAgreement","false"); - defConfig5.putString("params.keyUsageKeyCertSign","false"); - defConfig5.putString("params.keyUsageKeyEncipherment","true"); - defConfig5.putString("params.keyUsageNonRepudiation","true"); - IPolicyConstraint con5 = policy5.getConstraint(); + IProfilePolicy policy5 = + createProfilePolicy("set1", "p5", + "keyUsageExtDefaultImpl", "noConstraintImpl"); + IPolicyDefault def5 = policy5.getDefault(); + IConfigStore defConfig5 = def5.getConfigStore(); + defConfig5.putString("params.keyUsageCritical", "true"); + defConfig5.putString("params.keyUsageCrlSign", "false"); + defConfig5.putString("params.keyUsageDataEncipherment", "true"); + defConfig5.putString("params.keyUsageDecipherOnly", "false"); + defConfig5.putString("params.keyUsageDigitalSignature", "true"); + defConfig5.putString("params.keyUsageEncipherOnly", "false"); + defConfig5.putString("params.keyUsageKeyAgreement", "false"); + defConfig5.putString("params.keyUsageKeyCertSign", "false"); + defConfig5.putString("params.keyUsageKeyEncipherment", "true"); + defConfig5.putString("params.keyUsageNonRepudiation", "true"); + IPolicyConstraint con5 = policy5.getConstraint(); IConfigStore conConfig5 = con5.getConfigStore(); } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java index 7d4254bf..24e92cfa 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.NameValuePairs; @@ -28,94 +27,92 @@ import com.netscape.certsrv.profile.IProfileInput; import com.netscape.certsrv.profile.IProfileOutput; import com.netscape.certsrv.profile.IProfilePolicy; - /** - * This class implements a Certificate Manager enrollment - * profile for User Certificates. - * + * This class implements a Certificate Manager enrollment profile for User + * Certificates. + * * @version $Revision$, $Date$ */ -public class UserCertCAEnrollProfile extends CAEnrollProfile - implements IProfileEx { +public class UserCertCAEnrollProfile extends CAEnrollProfile + implements IProfileEx { /** - * Called after initialization. It populates default - * policies, inputs, and outputs. + * Called after initialization. It populates default policies, inputs, and + * outputs. */ - public void populate() throws EBaseException - { + public void populate() throws EBaseException { // create inputs NameValuePairs inputParams1 = new NameValuePairs(); IProfileInput input1 = - createProfileInput("i1", "keyGenInputImpl", inputParams1); + createProfileInput("i1", "keyGenInputImpl", inputParams1); NameValuePairs inputParams2 = new NameValuePairs(); IProfileInput input2 = - createProfileInput("i2", "subjectNameInputImpl", inputParams2); + createProfileInput("i2", "subjectNameInputImpl", inputParams2); NameValuePairs inputParams3 = new NameValuePairs(); IProfileInput input3 = - createProfileInput("i3", "submitterInfoInputImpl", inputParams2); + createProfileInput("i3", "submitterInfoInputImpl", inputParams2); // create outputs NameValuePairs outputParams1 = new NameValuePairs(); IProfileOutput output1 = - createProfileOutput("o1", "certOutputImpl", outputParams1); + createProfileOutput("o1", "certOutputImpl", outputParams1); // create policies IProfilePolicy policy1 = - createProfilePolicy("set1", "p1", - "userSubjectNameDefaultImpl", "noConstraintImpl"); - IPolicyDefault def1 = policy1.getDefault(); - IConfigStore defConfig1 = def1.getConfigStore(); - IPolicyConstraint con1 = policy1.getConstraint(); + createProfilePolicy("set1", "p1", + "userSubjectNameDefaultImpl", "noConstraintImpl"); + IPolicyDefault def1 = policy1.getDefault(); + IConfigStore defConfig1 = def1.getConfigStore(); + IPolicyConstraint con1 = policy1.getConstraint(); IConfigStore conConfig1 = con1.getConfigStore(); IProfilePolicy policy2 = - createProfilePolicy("set1", "p2", - "validityDefaultImpl", "noConstraintImpl"); - IPolicyDefault def2 = policy2.getDefault(); - IConfigStore defConfig2 = def2.getConfigStore(); - defConfig2.putString("params.range","180"); - defConfig2.putString("params.startTime","0"); - IPolicyConstraint con2 = policy2.getConstraint(); + createProfilePolicy("set1", "p2", + "validityDefaultImpl", "noConstraintImpl"); + IPolicyDefault def2 = policy2.getDefault(); + IConfigStore defConfig2 = def2.getConfigStore(); + defConfig2.putString("params.range", "180"); + defConfig2.putString("params.startTime", "0"); + IPolicyConstraint con2 = policy2.getConstraint(); IConfigStore conConfig2 = con2.getConfigStore(); IProfilePolicy policy3 = - createProfilePolicy("set1", "p3", - "userKeyDefaultImpl", "noConstraintImpl"); - IPolicyDefault def3 = policy3.getDefault(); - IConfigStore defConfig3 = def3.getConfigStore(); - defConfig3.putString("params.keyType","RSA"); - defConfig3.putString("params.keyMinLength","512"); - defConfig3.putString("params.keyMaxLength","4096"); - IPolicyConstraint con3 = policy3.getConstraint(); + createProfilePolicy("set1", "p3", + "userKeyDefaultImpl", "noConstraintImpl"); + IPolicyDefault def3 = policy3.getDefault(); + IConfigStore defConfig3 = def3.getConfigStore(); + defConfig3.putString("params.keyType", "RSA"); + defConfig3.putString("params.keyMinLength", "512"); + defConfig3.putString("params.keyMaxLength", "4096"); + IPolicyConstraint con3 = policy3.getConstraint(); IConfigStore conConfig3 = con3.getConfigStore(); IProfilePolicy policy4 = - createProfilePolicy("set1", "p4", - "signingAlgDefaultImpl", "noConstraintImpl"); - IPolicyDefault def4 = policy4.getDefault(); - IConfigStore defConfig4 = def4.getConfigStore(); - defConfig4.putString("params.signingAlg","-"); + createProfilePolicy("set1", "p4", + "signingAlgDefaultImpl", "noConstraintImpl"); + IPolicyDefault def4 = policy4.getDefault(); + IConfigStore defConfig4 = def4.getConfigStore(); + defConfig4.putString("params.signingAlg", "-"); defConfig4.putString("params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); - IPolicyConstraint con4 = policy4.getConstraint(); + "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); + IPolicyConstraint con4 = policy4.getConstraint(); IConfigStore conConfig4 = con4.getConfigStore(); IProfilePolicy policy5 = - createProfilePolicy("set1", "p5", - "keyUsageExtDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p5", + "keyUsageExtDefaultImpl", "noConstraintImpl"); IPolicyDefault def5 = policy5.getDefault(); IConfigStore defConfig5 = def5.getConfigStore(); - defConfig5.putString("params.keyUsageCritical","true"); - defConfig5.putString("params.keyUsageCrlSign","false"); - defConfig5.putString("params.keyUsageDataEncipherment","false"); - defConfig5.putString("params.keyUsageDecipherOnly","false"); - defConfig5.putString("params.keyUsageDigitalSignature","true"); - defConfig5.putString("params.keyUsageEncipherOnly","false"); - defConfig5.putString("params.keyUsageKeyAgreement","false"); - defConfig5.putString("params.keyUsageKeyCertSign","false"); - defConfig5.putString("params.keyUsageKeyEncipherment","true"); - defConfig5.putString("params.keyUsageNonRepudiation","true"); + defConfig5.putString("params.keyUsageCritical", "true"); + defConfig5.putString("params.keyUsageCrlSign", "false"); + defConfig5.putString("params.keyUsageDataEncipherment", "false"); + defConfig5.putString("params.keyUsageDecipherOnly", "false"); + defConfig5.putString("params.keyUsageDigitalSignature", "true"); + defConfig5.putString("params.keyUsageEncipherOnly", "false"); + defConfig5.putString("params.keyUsageKeyAgreement", "false"); + defConfig5.putString("params.keyUsageKeyCertSign", "false"); + defConfig5.putString("params.keyUsageKeyEncipherment", "true"); + defConfig5.putString("params.keyUsageNonRepudiation", "true"); IPolicyConstraint con5 = policy5.getConstraint(); IConfigStore conConfig5 = con5.getConfigStore(); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java index 4e4c2f60..a196d330 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.io.IOException; import java.util.Locale; @@ -40,24 +39,22 @@ import com.netscape.cms.profile.def.BasicConstraintsExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; - /** - * This class implements the basic constraints extension constraint. - * It checks if the basic constraint in the certificate - * template satisfies the criteria. - * + * This class implements the basic constraints extension constraint. It checks + * if the basic constraint in the certificate template satisfies the criteria. + * * @version $Revision$, $Date$ */ public class BasicConstraintsExtConstraint extends EnrollConstraint { - public static final String CONFIG_CRITICAL = - "basicConstraintsCritical"; - public static final String CONFIG_IS_CA = - "basicConstraintsIsCA"; - public static final String CONFIG_MIN_PATH_LEN = - "basicConstraintsMinPathLen"; - public static final String CONFIG_MAX_PATH_LEN = - "basicConstraintsMaxPathLen"; + public static final String CONFIG_CRITICAL = + "basicConstraintsCritical"; + public static final String CONFIG_IS_CA = + "basicConstraintsIsCA"; + public static final String CONFIG_MIN_PATH_LEN = + "basicConstraintsMinPathLen"; + public static final String CONFIG_MAX_PATH_LEN = + "basicConstraintsMaxPathLen"; public BasicConstraintsExtConstraint() { super(); @@ -71,25 +68,25 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { * Initializes this constraint plugin. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_IS_CA)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA")); } else if (name.equals(CONFIG_MIN_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, + return new Descriptor(IDescriptor.INTEGER, null, "-1", CMS.getUserMessage(locale, "CMS_PROFILE_MIN_PATH_LEN")); } else if (name.equals(CONFIG_MAX_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, + return new Descriptor(IDescriptor.INTEGER, null, "100", CMS.getUserMessage(locale, "CMS_PROFILE_MAX_PATH_LEN")); } @@ -97,24 +94,23 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { } /** - * Validates the request. The request is not modified - * during the validation. + * Validates the request. The request is not modified during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CertificateExtensions exts = null; try { BasicConstraintsExtension ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), - info); + getExtension(PKIXExtensions.BasicConstraints_Id.toString(), + info); if (ext == null) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - PKIXExtensions.BasicConstraints_Id.toString())); + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + PKIXExtensions.BasicConstraints_Id.toString())); } // check criticality @@ -125,10 +121,10 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { if (critical != ext.isCritical()) { throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } - } + } value = getConfig(CONFIG_IS_CA); if (!isOptional(value)) { boolean isCA = getBoolean(value); @@ -136,10 +132,10 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { if (isCA != extIsCA.booleanValue()) { throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_IS_CA")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_IS_CA")); } - } + } value = getConfig(CONFIG_MIN_PATH_LEN); if (!isOptional(value)) { int pathLen = getInt(value); @@ -148,8 +144,8 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { if (pathLen > extPathLen.intValue()) { CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" + pathLen + " > extPathLen=" + extPathLen); throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MIN_PATH")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MIN_PATH")); } } value = getConfig(CONFIG_MAX_PATH_LEN); @@ -160,17 +156,17 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { if (pathLen < extPathLen.intValue()) { CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" + pathLen + " < extPathLen=" + extPathLen); throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MAX_PATH")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MAX_PATH")); } } } catch (IOException e) { CMS.debug("BasicConstraintsExt: validate " + e.toString()); throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - PKIXExtensions.BasicConstraints_Id.toString())); + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + PKIXExtensions.BasicConstraints_Id.toString())); } } @@ -182,8 +178,8 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { getConfig(CONFIG_MAX_PATH_LEN) }; - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_TEXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_TEXT", params); } @@ -198,8 +194,7 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { } public void setConfig(String name, String value) - throws EPropertyException { - + throws EPropertyException { if (mConfig.getSubStore("params") == null) { CMS.debug("BasicConstraintsExt: mConfig.getSubStore is null"); @@ -208,8 +203,7 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { CMS.debug("BasicConstraintsExt: setConfig name " + name + " value " + value); - if(name.equals(CONFIG_MAX_PATH_LEN)) - { + if (name.equals(CONFIG_MAX_PATH_LEN)) { String minPathLen = getConfig(CONFIG_MIN_PATH_LEN); @@ -217,13 +211,12 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { int maxLen = getInt(value); - if(minLen >= maxLen) { + if (minLen >= maxLen) { CMS.debug("BasicConstraintExt: minPathLen >= maxPathLen!"); throw new EPropertyException("bad value"); } - } mConfig.getSubStore("params").putString(name, value); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java index 9759af73..94098024 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java @@ -17,16 +17,13 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import netscape.security.x509.X509CertImpl; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.ca.ICertificateAuthority; - /** - * This class represents an abstract class for CA enrollment - * constraint. + * This class represents an abstract class for CA enrollment constraint. */ public abstract class CAEnrollConstraint extends EnrollConstraint { @@ -42,7 +39,7 @@ public abstract class CAEnrollConstraint extends EnrollConstraint { */ public X509CertImpl getCACert() { ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); X509CertImpl caCert = ca.getCACert(); return caCert; diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java index 4d89e739..12150a87 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.io.IOException; import java.util.Date; import java.util.Locale; @@ -38,12 +37,10 @@ import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserValidityDefault; import com.netscape.cms.profile.def.ValidityDefault; - /** - * This class implements the validity constraint. - * It checks if the validity in the certificate - * template is within the CA's validity. - * + * This class implements the validity constraint. It checks if the validity in + * the certificate template is within the CA's validity. + * * @version $Revision$, $Date$ */ public class CAValidityConstraint extends CAEnrollConstraint { @@ -56,7 +53,7 @@ public class CAValidityConstraint extends CAEnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); X509CertImpl caCert = getCACert(); @@ -65,11 +62,10 @@ public class CAValidityConstraint extends CAEnrollConstraint { } /** - * Validates the request. The request is not modified - * during the validation. + * Validates the request. The request is not modified during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CMS.debug("CAValidityConstraint: validate start"); CertificateValidity v = null; @@ -99,15 +95,15 @@ public class CAValidityConstraint extends CAEnrollConstraint { } if (mDefNotBefore != null) { - CMS.debug("ValidtyConstraint: notBefore=" + notBefore + - " defNotBefore=" + mDefNotBefore); + CMS.debug("ValidtyConstraint: notBefore=" + notBefore + + " defNotBefore=" + mDefNotBefore); if (notBefore.before(mDefNotBefore)) { throw new ERejectException(CMS.getUserMessage( getLocale(request), "CMS_PROFILE_INVALID_NOT_BEFORE")); } } - CMS.debug("ValidtyConstraint: notAfter=" + notAfter + - " defNotAfter=" + mDefNotAfter); + CMS.debug("ValidtyConstraint: notAfter=" + notAfter + + " defNotAfter=" + mDefNotAfter); if (notAfter.after(mDefNotAfter)) { throw new ERejectException(CMS.getUserMessage( getLocale(request), "CMS_PROFILE_INVALID_NOT_AFTER")); @@ -122,8 +118,8 @@ public class CAValidityConstraint extends CAEnrollConstraint { mDefNotAfter.toString() }; - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_CA_VALIDITY_CONSTRAINT_TEXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_CA_VALIDITY_CONSTRAINT_TEXT", params); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java index a03eadcd..0343c35f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -39,10 +38,9 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the generic enrollment constraint. - * + * * @version $Revision$, $Date$ */ public abstract class EnrollConstraint implements IPolicyConstraint { @@ -81,7 +79,7 @@ public abstract class EnrollConstraint implements IPolicyConstraint { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (mConfig.getSubStore("params") == null) { // } else { @@ -105,46 +103,43 @@ public abstract class EnrollConstraint implements IPolicyConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } public IConfigStore getConfigStore() { return mConfig; - } + } /** - * Validates the request. The request is not modified - * during the validation. - * + * Validates the request. The request is not modified during the validation. + * * @param request enrollment request * @param info certificate template - * @exception ERejectException request is rejected due - * to violation of constraint + * @exception ERejectException request is rejected due to violation of + * constraint */ public abstract void validate(IRequest request, X509CertInfo info) - throws ERejectException; + throws ERejectException; /** - * Validates the request. The request is not modified - * during the validation. - * - * The current implementation of this method calls - * into the subclass's validate(request, info) - * method for validation checking. - * + * Validates the request. The request is not modified during the validation. + * + * The current implementation of this method calls into the subclass's + * validate(request, info) method for validation checking. + * * @param request request - * @exception ERejectException request is rejected due - * to violation of constraint + * @exception ERejectException request is rejected due to violation of + * constraint */ public void validate(IRequest request) - throws ERejectException { + throws ERejectException { String name = getClass().getName(); name = name.substring(name.lastIndexOf('.') + 1); CMS.debug(name + ": validate start"); X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); validate(request, info); diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java index 539f4890..47e967c7 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Enumeration; import java.util.Locale; import java.util.StringTokenizer; @@ -40,19 +39,18 @@ import com.netscape.cms.profile.def.ExtendedKeyUsageExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; - /** - * This class implements the extended key usage extension constraint. - * It checks if the extended key usage extension in the certificate - * template satisfies the criteria. - * + * This class implements the extended key usage extension constraint. It checks + * if the extended key usage extension in the certificate template satisfies the + * criteria. + * * @version $Revision$, $Date$ */ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { public static final String CONFIG_CRITICAL = "exKeyUsageCritical"; public static final String CONFIG_OIDS = - "exKeyUsageOIDs"; + "exKeyUsageOIDs"; public ExtendedKeyUsageExtConstraint() { super(); @@ -61,38 +59,37 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_OIDS)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_OIDS")); - } + } return null; } /** - * Validates the request. The request is not modified - * during the validation. + * Validates the request. The request is not modified during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); + getExtension(ExtendedKeyUsageExtension.OID, info); if (ext == null) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - ExtendedKeyUsageExtension.OID)); + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + ExtendedKeyUsageExtension.OID)); } // check criticality @@ -104,10 +101,10 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { if (critical != ext.isCritical()) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + getLocale(request), + "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } - } + } // Build local cache of configured OIDs Vector mCache = new Vector(); @@ -122,15 +119,15 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { // check OIDs Enumeration e = ext.getOIDs(); - while (e.hasMoreElements()) { + while (e.hasMoreElements()) { ObjectIdentifier oid = (ObjectIdentifier) e.nextElement(); if (!mCache.contains(oid.toString())) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_OID_NOT_MATCHED", - oid.toString())); + getLocale(request), + "CMS_PROFILE_OID_NOT_MATCHED", + oid.toString())); } } } @@ -141,7 +138,7 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { getConfig(CONFIG_OIDS) }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_EXTENDED_KEY_EXT_TEXT", params); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java index cda51a07..9413ce9b 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Locale; import netscape.security.x509.Extension; @@ -37,12 +36,10 @@ import com.netscape.cms.profile.def.EnrollExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; - /** - * This class implements the general extension constraint. - * It checks if the extension in the certificate - * template satisfies the criteria. - * + * This class implements the general extension constraint. It checks if the + * extension in the certificate template satisfies the criteria. + * * @version $Revision$, $Date$ */ public class ExtensionConstraint extends EnrollConstraint { @@ -57,33 +54,32 @@ public class ExtensionConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (mConfig.getSubStore("params") == null) { CMS.debug("ExtensionConstraint: mConfig.getSubStore is null"); } else { CMS.debug("ExtensionConstraint: setConfig name=" + name + - " value=" + value); - - if(name.equals(CONFIG_OID)) - { - try { - CMS.checkOID("", value); - } catch (Exception e) { - throw new EPropertyException( - CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", value)); - } + " value=" + value); + + if (name.equals(CONFIG_OID)) { + try { + CMS.checkOID("", value); + } catch (Exception e) { + throw new EPropertyException( + CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", value)); + } } mConfig.getSubStore("params").putString(name, value); } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", @@ -97,34 +93,33 @@ public class ExtensionConstraint extends EnrollConstraint { } /** - * Validates the request. The request is not modified - * during the validation. + * Validates the request. The request is not modified during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { - Extension ext = getExtension(getConfig(CONFIG_OID), info); + Extension ext = getExtension(getConfig(CONFIG_OID), info); if (ext == null) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - getConfig(CONFIG_OID))); + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + getConfig(CONFIG_OID))); } - // check criticality + // check criticality String value = getConfig(CONFIG_CRITICAL); if (!isOptional(value)) { boolean critical = getBoolean(value); - if (critical != ext.isCritical()) { + if (critical != ext.isCritical()) { throw new ERejectException( CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } - } + } } public String getText(Locale locale) { @@ -133,7 +128,7 @@ public class ExtensionConstraint extends EnrollConstraint { getConfig(CONFIG_OID) }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_EXTENSION_TEXT", params); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java index 56ec0adf..5bdcbd51 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.math.BigInteger; import java.security.interfaces.DSAParams; import java.util.HashMap; @@ -44,11 +43,9 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserKeyDefault; - /** - * This constraint is to check the key type and - * key length. - * + * This constraint is to check the key type and key length. + * * @version $Revision$, $Date$ */ @SuppressWarnings("serial") @@ -57,72 +54,299 @@ public class KeyConstraint extends EnrollConstraint { public static final String CONFIG_KEY_TYPE = "keyType"; // (EC, RSA) public static final String CONFIG_KEY_PARAMETERS = "keyParameters"; - private static final String[] ecCurves = {"nistp256","nistp384","nistp521","sect163k1","nistk163","sect163r1","sect163r2", - "nistb163","sect193r1","sect193r2","sect233k1","nistk233","sect233r1","nistb233","sect239k1","sect283k1","nistk283", - "sect283r1","nistb283","sect409k1","nistk409","sect409r1","nistb409","sect571k1","nistk571","sect571r1","nistb571", - "secp160k1","secp160r1","secp160r2","secp192k1","secp192r1","nistp192","secp224k1","secp224r1","nistp224","secp256k1", - "secp256r1","secp384r1","secp521r1","prime192v1","prime192v2","prime192v3","prime239v1","prime239v2","prime239v3","c2pnb163v1", - "c2pnb163v2","c2pnb163v3","c2pnb176v1","c2tnb191v1","c2tnb191v2","c2tnb191v3","c2pnb208w1","c2tnb239v1","c2tnb239v2","c2tnb239v3", - "c2pnb272w1","c2pnb304w1","c2tnb359w1","c2pnb368w1","c2tnb431r1","secp112r1","secp112r2","secp128r1","secp128r2","sect113r1","sect113r2", - "sect131r1","sect131r2" + private static final String[] ecCurves = { "nistp256", "nistp384", "nistp521", "sect163k1", "nistk163", "sect163r1", "sect163r2", + "nistb163", "sect193r1", "sect193r2", "sect233k1", "nistk233", "sect233r1", "nistb233", "sect239k1", "sect283k1", "nistk283", + "sect283r1", "nistb283", "sect409k1", "nistk409", "sect409r1", "nistb409", "sect571k1", "nistk571", "sect571r1", "nistb571", + "secp160k1", "secp160r1", "secp160r2", "secp192k1", "secp192r1", "nistp192", "secp224k1", "secp224r1", "nistp224", "secp256k1", + "secp256r1", "secp384r1", "secp521r1", "prime192v1", "prime192v2", "prime192v3", "prime239v1", "prime239v2", "prime239v3", "c2pnb163v1", + "c2pnb163v2", "c2pnb163v3", "c2pnb176v1", "c2tnb191v1", "c2tnb191v2", "c2tnb191v3", "c2pnb208w1", "c2tnb239v1", "c2tnb239v2", "c2tnb239v3", + "c2pnb272w1", "c2pnb304w1", "c2tnb359w1", "c2pnb368w1", "c2tnb431r1", "secp112r1", "secp112r2", "secp128r1", "secp128r2", "sect113r1", "sect113r2", + "sect131r1", "sect131r2" }; - private final static HashMap<String,Vector> ecOIDs = new HashMap<String,Vector>(); - static - { - ecOIDs.put( "1.2.840.10045.3.1.7", new Vector() {{add("nistp256");add("secp256r1");}}); - ecOIDs.put( "1.3.132.0.34", new Vector() {{add("nistp384");add("secp384r1");}}); - ecOIDs.put( "1.3.132.0.35", new Vector() {{add("nistp521");add("secp521r1");}}); - ecOIDs.put( "1.3.132.0.1", new Vector() {{add("sect163k1");add("nistk163");}}); - ecOIDs.put( "1.3.132.0.2", new Vector() {{add("sect163r1");}}); - ecOIDs.put( "1.3.132.0.15", new Vector() {{add("sect163r2");add("nistb163");}}); - ecOIDs.put( "1.3.132.0.24", new Vector() {{add("sect193r1");}}); - ecOIDs.put( "1.3.132.0.25", new Vector() {{add("sect193r2");}}); - ecOIDs.put( "1.3.132.0.26", new Vector() {{add("sect233k1");add("nistk233");}}); - ecOIDs.put( "1.3.132.0.27", new Vector() {{add("sect233r1");add("nistb233");}}); - ecOIDs.put( "1.3.132.0.3", new Vector() {{add("sect239k1");}}); - ecOIDs.put( "1.3.132.0.16", new Vector() {{add("sect283k1");add("nistk283");}}); - ecOIDs.put( "1.3.132.0.17", new Vector() {{add("sect283r1");add("nistb283");}}); - ecOIDs.put( "1.3.132.0.36", new Vector() {{add("sect409k1");add("nistk409");}}); - ecOIDs.put( "1.3.132.0.37", new Vector() {{add("sect409r1");add("nistb409");}}); - ecOIDs.put( "1.3.132.0.38", new Vector() {{add("sect571k1"); add("nistk571");}}); - ecOIDs.put( "1.3.132.0.39", new Vector() {{add("sect571r1");add("nistb571");}}); - ecOIDs.put( "1.3.132.0.9", new Vector() {{add("secp160k1");}}); - ecOIDs.put( "1.3.132.0.8", new Vector() {{add("secp160r1");}}); - ecOIDs.put( "1.3.132.0.30", new Vector() {{add("secp160r2");}}); - ecOIDs.put( "1.3.132.0.31", new Vector() {{add("secp192k1");}}); - ecOIDs.put( "1.2.840.10045.3.1.1", new Vector() {{add("secp192r1");add("nistp192");add("prime192v1");}}); - ecOIDs.put( "1.3.132.0.32", new Vector() {{add("secp224k1");}}); - ecOIDs.put( "1.3.132.0.33", new Vector() {{add("secp224r1");add("nistp224");}}); - ecOIDs.put( "1.3.132.0.10", new Vector() {{add("secp256k1");}}); - ecOIDs.put( "1.2.840.10045.3.1.2",new Vector() {{add("prime192v2");}}); - ecOIDs.put( "1.2.840.10045.3.1.3",new Vector() {{add("prime192v3");}}); - ecOIDs.put( "1.2.840.10045.3.1.4",new Vector() {{add("prime239v1");}}); - ecOIDs.put( "1.2.840.10045.3.1.5",new Vector() {{add("prime239v2");}}); - ecOIDs.put( "1.2.840.10045.3.1.6",new Vector() {{add("prime239v3");}}); - ecOIDs.put( "1.2.840.10045.3.0.1", new Vector() {{add("c2pnb163v1");}}); - ecOIDs.put( "1.2.840.10045.3.0.2", new Vector() {{add("c2pnb163v2");}}); - ecOIDs.put( "1.2.840.10045.3.0.3", new Vector() {{add("c2pnb163v3");}}); - ecOIDs.put( "1.2.840.10045.3.0.4", new Vector() {{add("c2pnb176v1");}}); - ecOIDs.put( "1.2.840.10045.3.0.5", new Vector() {{add("c2tnb191v1");}}); - ecOIDs.put( "1.2.840.10045.3.0.6", new Vector() {{add("c2tnb191v2");}}); - ecOIDs.put( "1.2.840.10045.3.0.7", new Vector() {{add("c2tnb191v3");}}); - ecOIDs.put( "1.2.840.10045.3.0.10", new Vector() {{add("c2pnb208w1");}}); - ecOIDs.put( "1.2.840.10045.3.0.11", new Vector() {{add("c2tnb239v1");}}); - ecOIDs.put( "1.2.840.10045.3.0.12", new Vector() {{add("c2tnb239v2");}}); - ecOIDs.put( "1.2.840.10045.3.0.13", new Vector() {{add("c2tnb239v3");}}); - ecOIDs.put( "1.2.840.10045.3.0.16", new Vector() {{add("c2pnb272w1");}}); - ecOIDs.put( "1.2.840.10045.3.0.17", new Vector() {{add("c2pnb304w1");}}); - ecOIDs.put( "1.2.840.10045.3.0.19", new Vector() {{add("c2pnb368w1");}}); - ecOIDs.put( "1.2.840.10045.3.0.20", new Vector() {{add("c2tnb431r1");}}); - ecOIDs.put( "1.3.132.0.6", new Vector() {{add("secp112r1");}}); - ecOIDs.put( "1.3.132.0.7", new Vector() {{add("secp112r2");}}); - ecOIDs.put( "1.3.132.0.28", new Vector() {{add("secp128r1");}}); - ecOIDs.put( "1.3.132.0.29", new Vector() {{add("secp128r2");}}); - ecOIDs.put( "1.3.132.0.4", new Vector() {{add("sect113r1");}}); - ecOIDs.put( "1.3.132.0.5", new Vector() {{add("sect113r2");}}); - ecOIDs.put( "1.3.132.0.22", new Vector() {{add("sect131r1");}}); - ecOIDs.put( "1.3.132.0.23", new Vector() {{add("sect131r2");}}); + private final static HashMap<String, Vector> ecOIDs = new HashMap<String, Vector>(); + static { + ecOIDs.put("1.2.840.10045.3.1.7", new Vector() { + { + add("nistp256"); + add("secp256r1"); + } + }); + ecOIDs.put("1.3.132.0.34", new Vector() { + { + add("nistp384"); + add("secp384r1"); + } + }); + ecOIDs.put("1.3.132.0.35", new Vector() { + { + add("nistp521"); + add("secp521r1"); + } + }); + ecOIDs.put("1.3.132.0.1", new Vector() { + { + add("sect163k1"); + add("nistk163"); + } + }); + ecOIDs.put("1.3.132.0.2", new Vector() { + { + add("sect163r1"); + } + }); + ecOIDs.put("1.3.132.0.15", new Vector() { + { + add("sect163r2"); + add("nistb163"); + } + }); + ecOIDs.put("1.3.132.0.24", new Vector() { + { + add("sect193r1"); + } + }); + ecOIDs.put("1.3.132.0.25", new Vector() { + { + add("sect193r2"); + } + }); + ecOIDs.put("1.3.132.0.26", new Vector() { + { + add("sect233k1"); + add("nistk233"); + } + }); + ecOIDs.put("1.3.132.0.27", new Vector() { + { + add("sect233r1"); + add("nistb233"); + } + }); + ecOIDs.put("1.3.132.0.3", new Vector() { + { + add("sect239k1"); + } + }); + ecOIDs.put("1.3.132.0.16", new Vector() { + { + add("sect283k1"); + add("nistk283"); + } + }); + ecOIDs.put("1.3.132.0.17", new Vector() { + { + add("sect283r1"); + add("nistb283"); + } + }); + ecOIDs.put("1.3.132.0.36", new Vector() { + { + add("sect409k1"); + add("nistk409"); + } + }); + ecOIDs.put("1.3.132.0.37", new Vector() { + { + add("sect409r1"); + add("nistb409"); + } + }); + ecOIDs.put("1.3.132.0.38", new Vector() { + { + add("sect571k1"); + add("nistk571"); + } + }); + ecOIDs.put("1.3.132.0.39", new Vector() { + { + add("sect571r1"); + add("nistb571"); + } + }); + ecOIDs.put("1.3.132.0.9", new Vector() { + { + add("secp160k1"); + } + }); + ecOIDs.put("1.3.132.0.8", new Vector() { + { + add("secp160r1"); + } + }); + ecOIDs.put("1.3.132.0.30", new Vector() { + { + add("secp160r2"); + } + }); + ecOIDs.put("1.3.132.0.31", new Vector() { + { + add("secp192k1"); + } + }); + ecOIDs.put("1.2.840.10045.3.1.1", new Vector() { + { + add("secp192r1"); + add("nistp192"); + add("prime192v1"); + } + }); + ecOIDs.put("1.3.132.0.32", new Vector() { + { + add("secp224k1"); + } + }); + ecOIDs.put("1.3.132.0.33", new Vector() { + { + add("secp224r1"); + add("nistp224"); + } + }); + ecOIDs.put("1.3.132.0.10", new Vector() { + { + add("secp256k1"); + } + }); + ecOIDs.put("1.2.840.10045.3.1.2", new Vector() { + { + add("prime192v2"); + } + }); + ecOIDs.put("1.2.840.10045.3.1.3", new Vector() { + { + add("prime192v3"); + } + }); + ecOIDs.put("1.2.840.10045.3.1.4", new Vector() { + { + add("prime239v1"); + } + }); + ecOIDs.put("1.2.840.10045.3.1.5", new Vector() { + { + add("prime239v2"); + } + }); + ecOIDs.put("1.2.840.10045.3.1.6", new Vector() { + { + add("prime239v3"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.1", new Vector() { + { + add("c2pnb163v1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.2", new Vector() { + { + add("c2pnb163v2"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.3", new Vector() { + { + add("c2pnb163v3"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.4", new Vector() { + { + add("c2pnb176v1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.5", new Vector() { + { + add("c2tnb191v1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.6", new Vector() { + { + add("c2tnb191v2"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.7", new Vector() { + { + add("c2tnb191v3"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.10", new Vector() { + { + add("c2pnb208w1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.11", new Vector() { + { + add("c2tnb239v1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.12", new Vector() { + { + add("c2tnb239v2"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.13", new Vector() { + { + add("c2tnb239v3"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.16", new Vector() { + { + add("c2pnb272w1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.17", new Vector() { + { + add("c2pnb304w1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.19", new Vector() { + { + add("c2pnb368w1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.20", new Vector() { + { + add("c2tnb431r1"); + } + }); + ecOIDs.put("1.3.132.0.6", new Vector() { + { + add("secp112r1"); + } + }); + ecOIDs.put("1.3.132.0.7", new Vector() { + { + add("secp112r2"); + } + }); + ecOIDs.put("1.3.132.0.28", new Vector() { + { + add("secp128r1"); + } + }); + ecOIDs.put("1.3.132.0.29", new Vector() { + { + add("secp128r2"); + } + }); + ecOIDs.put("1.3.132.0.4", new Vector() { + { + add("sect113r1"); + } + }); + ecOIDs.put("1.3.132.0.5", new Vector() { + { + add("sect113r2"); + } + }); + ecOIDs.put("1.3.132.0.22", new Vector() { + { + add("sect131r1"); + } + }); + ecOIDs.put("1.3.132.0.23", new Vector() { + { + add("sect131r2"); + } + }); } private static String[] cfgECCurves = null; @@ -136,7 +360,7 @@ public class KeyConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); String ecNames = ""; @@ -148,32 +372,31 @@ public class KeyConstraint extends EnrollConstraint { CMS.debug("KeyConstraint.init ecNames: " + ecNames); if (ecNames != null && ecNames.length() != 0) { cfgECCurves = ecNames.split(","); - } + } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_KEY_TYPE)) { return new Descriptor(IDescriptor.CHOICE, "-,RSA,EC", "RSA", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE")); - } else if (name.equals(CONFIG_KEY_PARAMETERS)) { - return new Descriptor(IDescriptor.STRING,null,"", - CMS.getUserMessage(locale,"CMS_PROFILE_KEY_PARAMETERS")); + } else if (name.equals(CONFIG_KEY_PARAMETERS)) { + return new Descriptor(IDescriptor.STRING, null, "", + CMS.getUserMessage(locale, "CMS_PROFILE_KEY_PARAMETERS")); } return null; } /** - * Validates the request. The request is not modified - * during the validation. + * Validates the request. The request is not modified during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { try { CertificateX509Key infokey = (CertificateX509Key) - info.get(X509CertInfo.KEY); - X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY); + info.get(X509CertInfo.KEY); + X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY); String alg = key.getAlgorithmId().getName().toUpperCase(); String value = getConfig(CONFIG_KEY_TYPE); @@ -183,27 +406,27 @@ public class KeyConstraint extends EnrollConstraint { if (!alg.equals(value)) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_TYPE_NOT_MATCHED", - value)); + getLocale(request), + "CMS_PROFILE_KEY_TYPE_NOT_MATCHED", + value)); } } int keySize = 0; String ecCurve = ""; - if (alg.equals("RSA")) { + if (alg.equals("RSA")) { keySize = getRSAKeyLen(key); - } else if (alg.equals("DSA")) { + } else if (alg.equals("DSA")) { keySize = getDSAKeyLen(key); - } else if (alg.equals("EC")) { - //EC key case. + } else if (alg.equals("EC")) { + // EC key case. } else { - throw new ERejectException( + throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_INVALID_KEY_TYPE", - alg)); + getLocale(request), + "CMS_PROFILE_INVALID_KEY_TYPE", + alg)); } value = getConfig(CONFIG_KEY_PARAMETERS); @@ -214,26 +437,26 @@ public class KeyConstraint extends EnrollConstraint { if (!alg.equals(keyType) && !isOptional(keyType)) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", - value)); + getLocale(request), + "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", + value)); } AlgorithmId algid = key.getAlgorithmId(); CMS.debug("algId: " + algid); - //Get raw string representation of alg parameters, will give - //us the curve OID. + // Get raw string representation of alg parameters, will give + // us the curve OID. - String params = null; + String params = null; if (algid != null) { params = algid.getParametersString(); } if (params.startsWith("OID.")) { params = params.substring(4); - } + } CMS.debug("EC key OID: " + params); Vector vect = ecOIDs.get(params); @@ -244,9 +467,10 @@ public class KeyConstraint extends EnrollConstraint { CMS.debug("vect: " + vect.toString()); if (!isOptional(keyType)) { - //Check the curve parameters only if explicit ECC or not optional - for (int i = 0 ; i < keyParams.length ; i ++) { - String ecParam = keyParams[i]; + // Check the curve parameters only if explicit ECC or + // not optional + for (int i = 0; i < keyParams.length; i++) { + String ecParam = keyParams[i]; CMS.debug("keyParams[i]: " + i + " param: " + ecParam); if (vect.contains(ecParam)) { curveFound = true; @@ -260,21 +484,21 @@ public class KeyConstraint extends EnrollConstraint { } if (!curveFound) { - CMS.debug("KeyConstraint.validate: EC key constrainst failed."); + CMS.debug("KeyConstraint.validate: EC key constrainst failed."); throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", - value)); + getLocale(request), + "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", + value)); } - } else { - if ( !arrayContainsString(keyParams,Integer.toString(keySize))) { - throw new ERejectException( + } else { + if (!arrayContainsString(keyParams, Integer.toString(keySize))) { + throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", - value)); + getLocale(request), + "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", + value)); } CMS.debug("KeyConstraint.validate: RSA key contraints passed."); } @@ -320,7 +544,7 @@ public class KeyConstraint extends EnrollConstraint { getConfig(CONFIG_KEY_PARAMETERS) }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_KEY_TEXT", params); } @@ -333,27 +557,27 @@ public class KeyConstraint extends EnrollConstraint { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { CMS.debug("KeyConstraint.setConfig name: " + name + " value: " + value); - //establish keyType, we don't know which order these params will arrive + // establish keyType, we don't know which order these params will arrive if (name.equals(CONFIG_KEY_TYPE)) { keyType = value; - if(keyParams.equals("")) - return; + if (keyParams.equals("")) + return; } - - //establish keyParams + + // establish keyParams if (name.equals(CONFIG_KEY_PARAMETERS)) { CMS.debug("establish keyParams: " + value); keyParams = value; - if(keyType.equals("")) + if (keyType.equals("")) return; } - // All the params we need for validation have been collected, + // All the params we need for validation have been collected, // we don't know which order they will show up - if (keyType.length() > 0 && keyParams.length() > 0) { + if (keyType.length() > 0 && keyParams.length() > 0) { String[] params = keyParams.split(","); boolean isECCurve = false; int keySize = 0; @@ -361,48 +585,50 @@ public class KeyConstraint extends EnrollConstraint { for (int i = 0; i < params.length; i++) { if (keyType.equals("EC")) { if (cfgECCurves == null) { - //Use the static array as a backup if the config values are not present. - isECCurve = arrayContainsString(ecCurves,params[i]); + // Use the static array as a backup if the config values + // are not present. + isECCurve = arrayContainsString(ecCurves, params[i]); } else { - isECCurve = arrayContainsString(cfgECCurves,params[i]); + isECCurve = arrayContainsString(cfgECCurves, params[i]); } - if (isECCurve == false) { //Not a valid EC curve throw exception. + if (isECCurve == false) { // Not a valid EC curve throw + // exception. keyType = ""; keyParams = ""; throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", name)); + "CMS_INVALID_PROPERTY", name)); } - } else { + } else { try { keySize = Integer.parseInt(params[i]); } catch (Exception e) { keySize = 0; } - if (keySize <= 0) { + if (keySize <= 0) { keyType = ""; keyParams = ""; throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", name)); + "CMS_INVALID_PROPERTY", name)); } } } - } - //Actually set the configuration in the profile - super.setConfig(CONFIG_KEY_TYPE, keyType); - super.setConfig(CONFIG_KEY_PARAMETERS, keyParams); + } + // Actually set the configuration in the profile + super.setConfig(CONFIG_KEY_TYPE, keyType); + super.setConfig(CONFIG_KEY_PARAMETERS, keyParams); - //Reset the vars for next round. - keyType = ""; - keyParams = ""; + // Reset the vars for next round. + keyType = ""; + keyParams = ""; } private boolean arrayContainsString(String[] array, String value) { if (array == null || value == null) { - return false; - } + return false; + } - for (int i = 0 ; i < array.length; i++) { + for (int i = 0; i < array.length; i++) { if (array[i].equals(value)) { return true; } @@ -411,4 +637,3 @@ public class KeyConstraint extends EnrollConstraint { return false; } } - diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java index 4a483b43..fac28bf9 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Locale; import netscape.security.x509.KeyUsageExtension; @@ -37,25 +36,23 @@ import com.netscape.cms.profile.def.KeyUsageExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; - /** - * This class implements the key usage extension constraint. - * It checks if the key usage constraint in the certificate - * template satisfies the criteria. - * + * This class implements the key usage extension constraint. It checks if the + * key usage constraint in the certificate template satisfies the criteria. + * * @version $Revision$, $Date$ */ public class KeyUsageExtConstraint extends EnrollConstraint { public static final String CONFIG_CRITICAL = "keyUsageCritical"; public static final String CONFIG_DIGITAL_SIGNATURE = - "keyUsageDigitalSignature"; + "keyUsageDigitalSignature"; public static final String CONFIG_NON_REPUDIATION = - "keyUsageNonRepudiation"; + "keyUsageNonRepudiation"; public static final String CONFIG_KEY_ENCIPHERMENT = - "keyUsageKeyEncipherment"; + "keyUsageKeyEncipherment"; public static final String CONFIG_DATA_ENCIPHERMENT = - "keyUsageDataEncipherment"; + "keyUsageDataEncipherment"; public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement"; public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign"; public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign"; @@ -77,12 +74,12 @@ public class KeyUsageExtConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", @@ -134,20 +131,19 @@ public class KeyUsageExtConstraint extends EnrollConstraint { } /** - * Validates the request. The request is not modified - * during the validation. + * Validates the request. The request is not modified during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - KeyUsageExtension ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + throws ERejectException { + KeyUsageExtension ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - PKIXExtensions.KeyUsage_Id.toString())); + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + PKIXExtensions.KeyUsage_Id.toString())); } boolean[] bits = ext.getBits(); @@ -156,10 +152,10 @@ public class KeyUsageExtConstraint extends EnrollConstraint { if (!isOptional(value)) { boolean critical = getBoolean(value); - if (critical != ext.isCritical()) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + if (critical != ext.isCritical()) { + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } } value = getConfig(CONFIG_DIGITAL_SIGNATURE); @@ -167,99 +163,99 @@ public class KeyUsageExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != isSet(bits, 0)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_DIGITAL_SIGNATURE_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_DIGITAL_SIGNATURE_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_NON_REPUDIATION); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 1)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_NON_REPUDIATION_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_NON_REPUDIATION_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_KEY_ENCIPHERMENT); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 2)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_KEY_ENCIPHERMENT_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_KEY_ENCIPHERMENT_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_DATA_ENCIPHERMENT); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 3)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_DATA_ENCIPHERMENT_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_DATA_ENCIPHERMENT_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_KEY_AGREEMENT); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 4)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_KEY_AGREEMENT_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_KEY_AGREEMENT_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_KEY_CERTSIGN); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 5)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_KEY_CERTSIGN_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_KEY_CERTSIGN_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_CRL_SIGN); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 6)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRL_SIGN_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CRL_SIGN_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_ENCIPHER_ONLY); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 7)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_ENCIPHER_ONLY_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_ENCIPHER_ONLY_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_DECIPHER_ONLY); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 8)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_DECIPHER_ONLY_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_DECIPHER_ONLY_NOT_MATCHED", + value)); + } } } @@ -277,7 +273,7 @@ public class KeyUsageExtConstraint extends EnrollConstraint { getConfig(CONFIG_DECIPHER_ONLY) }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_KEY_USAGE_EXT_TEXT", params); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java index fe20b766..a49152df 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Locale; import netscape.security.extensions.NSCertTypeExtension; @@ -36,12 +35,11 @@ import com.netscape.cms.profile.def.NSCertTypeExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; - /** - * This class implements the Netscape certificate type extension constraint. - * It checks if the Netscape certificate type extension in the certificate - * template satisfies the criteria. - * + * This class implements the Netscape certificate type extension constraint. It + * checks if the Netscape certificate type extension in the certificate template + * satisfies the criteria. + * * @version $Revision$, $Date$ */ public class NSCertTypeExtConstraint extends EnrollConstraint { @@ -68,11 +66,11 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", @@ -104,27 +102,26 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { } else if (name.equals(CONFIG_OBJECT_SIGNING_CA)) { return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", - CMS.getUserMessage(locale, - "CMS_PROFILE_OBJECT_SIGNING_CA")); + CMS.getUserMessage(locale, + "CMS_PROFILE_OBJECT_SIGNING_CA")); } return null; } /** - * Validates the request. The request is not modified - * during the validation. + * Validates the request. The request is not modified during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { NSCertTypeExtension ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - NSCertTypeExtension.CertType_Id.toString())); + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + NSCertTypeExtension.CertType_Id.toString())); } String value = getConfig(CONFIG_CRITICAL); @@ -132,10 +129,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { if (!isOptional(value)) { boolean critical = getBoolean(value); - if (critical != ext.isCritical()) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + if (critical != ext.isCritical()) { + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } } value = getConfig(CONFIG_SSL_CLIENT); @@ -143,10 +140,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(0)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SSL_CLIENT_NOT_MATCHED", - value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SSL_CLIENT_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_SSL_SERVER); @@ -154,10 +151,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(1)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SSL_SERVER_NOT_MATCHED", - value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SSL_SERVER_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_EMAIL); @@ -165,10 +162,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(2)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_EMAIL_NOT_MATCHED", - value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_EMAIL_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_OBJECT_SIGNING); @@ -176,10 +173,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(3)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_OBJECT_SIGNING_NOT_MATCHED", - value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_OBJECT_SIGNING_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_SSL_CA); @@ -187,10 +184,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(4)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SSL_CA_NOT_MATCHED", - value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SSL_CA_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_EMAIL_CA); @@ -198,10 +195,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(5)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_EMAIL_CA_NOT_MATCHED", - value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_EMAIL_CA_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_OBJECT_SIGNING_CA); @@ -209,10 +206,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(6)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_OBJECT_SIGNING_CA_NOT_MATCHED", - value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_OBJECT_SIGNING_CA_NOT_MATCHED", + value)); } } } @@ -229,7 +226,7 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { getConfig(CONFIG_OBJECT_SIGNING_CA) }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_NS_CERT_EXT_TEXT", params); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java index 108c32b1..01eeefca 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -34,17 +33,16 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements no constraint. - * + * * @version $Revision$, $Date$ */ public class NoConstraint implements IPolicyConstraint { public static final String CONFIG_NAME = "name"; - private IConfigStore mConfig = null; + private IConfigStore mConfig = null; private Vector mNames = new Vector(); public Enumeration getConfigNames() { @@ -56,7 +54,7 @@ public class NoConstraint implements IPolicyConstraint { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { } public String getConfig(String name) { @@ -68,7 +66,7 @@ public class NoConstraint implements IPolicyConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } @@ -77,15 +75,14 @@ public class NoConstraint implements IPolicyConstraint { } /** - * Validates the request. The request is not modified - * during the validation. + * Validates the request. The request is not modified during the validation. */ public void validate(IRequest request) - throws ERejectException { + throws ERejectException { } public String getText(Locale locale) { - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_NO_CONSTRAINT_TEXT"); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java index 91d5a46a..b41e1b2e 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.math.BigInteger; import java.util.Date; import java.util.Locale; @@ -36,17 +35,16 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.def.NoDefault; - /** - * This class supports renewal grace period, which has two - * parameters: graceBefore and graceAfter - * + * This class supports renewal grace period, which has two parameters: + * graceBefore and graceAfter + * * @author Christina Fu * @version $Revision$, $Date$ */ public class RenewGracePeriodConstraint extends EnrollConstraint { - // for renewal: # of days before the orig cert expiration date + // for renewal: # of days before the orig cert expiration date public static final String CONFIG_RENEW_GRACE_BEFORE = "renewal.graceBefore"; // for renewal: # of days after the orig cert expiration date public static final String CONFIG_RENEW_GRACE_AFTER = "renewal.graceAfter"; @@ -58,20 +56,20 @@ public class RenewGracePeriodConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public void setConfig(String name, String value) - throws EPropertyException { - if ( name.equals(CONFIG_RENEW_GRACE_BEFORE) || - name.equals(CONFIG_RENEW_GRACE_AFTER)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + throws EPropertyException { + if (name.equals(CONFIG_RENEW_GRACE_BEFORE) || + name.equals(CONFIG_RENEW_GRACE_AFTER)) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_RENEW_GRACE_BEFORE +" or "+ CONFIG_RENEW_GRACE_AFTER)); - } + "CMS_INVALID_PROPERTY", CONFIG_RENEW_GRACE_BEFORE + " or " + CONFIG_RENEW_GRACE_AFTER)); + } } super.setConfig(name, value); } @@ -88,75 +86,73 @@ public class RenewGracePeriodConstraint extends EnrollConstraint { } public void validate(IRequest req, X509CertInfo info) - throws ERejectException { - String origExpDate_s = req.getExtDataInString("origNotAfter"); - // probably not for renewal - if (origExpDate_s == null) { - return; - } else { - CMS.debug("validate RenewGracePeriod: original cert expiration date found... renewing"); - } - CMS.debug("ValidilityConstraint: validateRenewGraceperiod begins"); - BigInteger origExpDate_BI = new BigInteger(origExpDate_s); - Date origExpDate = new Date(origExpDate_BI.longValue()); - String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE); - String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER); - int renew_grace_before = 0; - int renew_grace_after = 0; - BigInteger renew_grace_before_BI = new BigInteger(renew_grace_before_s); - BigInteger renew_grace_after_BI= new BigInteger(renew_grace_after_s); - - // -1 means no limit - if (renew_grace_before_s == "") - renew_grace_before = -1; - else - renew_grace_before = Integer.parseInt(renew_grace_before_s); - - if (renew_grace_after_s == "") - renew_grace_after = -1; - else - renew_grace_after = Integer.parseInt(renew_grace_after_s); - - if (renew_grace_before > 0) - renew_grace_before_BI = renew_grace_before_BI.multiply(BigInteger.valueOf(1000 * 86400)); - if (renew_grace_after > 0) - renew_grace_after_BI = renew_grace_after_BI.multiply(BigInteger.valueOf(1000 * 86400)); - - Date current = CMS.getCurrentDate(); - long millisDiff = origExpDate.getTime() - current.getTime(); - CMS.debug("validateRenewGracePeriod: millisDiff=" + millisDiff + " origExpDate=" + origExpDate.getTime() + " current=" + current.getTime()); - - /* - * "days", if positive, has to be less than renew_grace_before - * "days", if negative, means already past expiration date, - * (abs value) has to be less than renew_grace_after - * if renew_grace_before or renew_grace_after are negative - * the one with negative value is ignored - */ - if (millisDiff >= 0) { - if ((renew_grace_before>0) && (millisDiff > renew_grace_before_BI.longValue())) { - throw new ERejectException(CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", - renew_grace_before+" days before and "+ - renew_grace_after+" days after original cert expiration date")); - } - } else { - if ((renew_grace_after > 0) && ((0-millisDiff) > renew_grace_after_BI.longValue())) { - throw new ERejectException(CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", - renew_grace_before+" days before and "+ - renew_grace_after+" days after original cert expiration date")); - } - } + throws ERejectException { + String origExpDate_s = req.getExtDataInString("origNotAfter"); + // probably not for renewal + if (origExpDate_s == null) { + return; + } else { + CMS.debug("validate RenewGracePeriod: original cert expiration date found... renewing"); + } + CMS.debug("ValidilityConstraint: validateRenewGraceperiod begins"); + BigInteger origExpDate_BI = new BigInteger(origExpDate_s); + Date origExpDate = new Date(origExpDate_BI.longValue()); + String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE); + String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER); + int renew_grace_before = 0; + int renew_grace_after = 0; + BigInteger renew_grace_before_BI = new BigInteger(renew_grace_before_s); + BigInteger renew_grace_after_BI = new BigInteger(renew_grace_after_s); + + // -1 means no limit + if (renew_grace_before_s == "") + renew_grace_before = -1; + else + renew_grace_before = Integer.parseInt(renew_grace_before_s); + + if (renew_grace_after_s == "") + renew_grace_after = -1; + else + renew_grace_after = Integer.parseInt(renew_grace_after_s); + + if (renew_grace_before > 0) + renew_grace_before_BI = renew_grace_before_BI.multiply(BigInteger.valueOf(1000 * 86400)); + if (renew_grace_after > 0) + renew_grace_after_BI = renew_grace_after_BI.multiply(BigInteger.valueOf(1000 * 86400)); + + Date current = CMS.getCurrentDate(); + long millisDiff = origExpDate.getTime() - current.getTime(); + CMS.debug("validateRenewGracePeriod: millisDiff=" + millisDiff + " origExpDate=" + origExpDate.getTime() + " current=" + current.getTime()); + + /* + * "days", if positive, has to be less than renew_grace_before "days", + * if negative, means already past expiration date, (abs value) has to + * be less than renew_grace_after if renew_grace_before or + * renew_grace_after are negative the one with negative value is ignored + */ + if (millisDiff >= 0) { + if ((renew_grace_before > 0) && (millisDiff > renew_grace_before_BI.longValue())) { + throw new ERejectException(CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", + renew_grace_before + " days before and " + + renew_grace_after + " days after original cert expiration date")); + } + } else { + if ((renew_grace_after > 0) && ((0 - millisDiff) > renew_grace_after_BI.longValue())) { + throw new ERejectException(CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", + renew_grace_before + " days before and " + + renew_grace_after + " days after original cert expiration date")); + } + } } - public String getText(Locale locale) { String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE); - String renew_grace_after_s= getConfig(CONFIG_RENEW_GRACE_AFTER); - return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT", - renew_grace_before_s+" days before and "+ - renew_grace_after_s+" days after original cert expiration date"); + String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER); + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT", + renew_grace_before_s + " days before and " + + renew_grace_after_s + " days after original cert expiration date"); } public boolean isApplicable(IPolicyDefault def) { diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java index f570c26e..12261862 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Locale; import java.util.StringTokenizer; import java.util.Vector; @@ -40,12 +39,10 @@ import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.SigningAlgDefault; import com.netscape.cms.profile.def.UserSigningAlgDefault; - /** - * This class implements the signing algorithm constraint. - * It checks if the signing algorithm in the certificate - * template satisfies the criteria. - * + * This class implements the signing algorithm constraint. It checks if the + * signing algorithm in the certificate template satisfies the criteria. + * * @version $Revision$, $Date$ */ public class SigningAlgConstraint extends EnrollConstraint { @@ -69,29 +66,28 @@ public class SigningAlgConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (mConfig.getSubStore("params") == null) { CMS.debug("SigningAlgConstraint: mConfig.getSubStore is null"); } else { - CMS.debug("SigningAlgConstraint: setConfig name=" + name + - " value=" + value); - - if(name.equals(CONFIG_ALGORITHMS_ALLOWED)) - { - StringTokenizer st = new StringTokenizer(value, ","); - while (st.hasMoreTokens()) { - String v = st.nextToken(); - if (DEF_CONFIG_ALGORITHMS.indexOf(v) == -1) { - throw new EPropertyException( - CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", v)); - } - } + CMS.debug("SigningAlgConstraint: setConfig name=" + name + + " value=" + value); + + if (name.equals(CONFIG_ALGORITHMS_ALLOWED)) { + StringTokenizer st = new StringTokenizer(value, ","); + while (st.hasMoreTokens()) { + String v = st.nextToken(); + if (DEF_CONFIG_ALGORITHMS.indexOf(v) == -1) { + throw new EPropertyException( + CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", v)); + } + } } mConfig.getSubStore("params").putString(name, value); } @@ -101,24 +97,23 @@ public class SigningAlgConstraint extends EnrollConstraint { if (name.equals(CONFIG_ALGORITHMS_ALLOWED)) { return new Descriptor(IDescriptor.STRING, null, DEF_CONFIG_ALGORITHMS, - CMS.getUserMessage(locale, - "CMS_PROFILE_SIGNING_ALGORITHMS_ALLOWED")); + CMS.getUserMessage(locale, + "CMS_PROFILE_SIGNING_ALGORITHMS_ALLOWED")); } return null; } /** - * Validates the request. The request is not modified - * during the validation. + * Validates the request. The request is not modified during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CertificateAlgorithmId algId = null; try { algId = (CertificateAlgorithmId) info.get(X509CertInfo.ALGORITHM_ID); AlgorithmId id = (AlgorithmId) - algId.get(CertificateAlgorithmId.ALGORITHM); + algId.get(CertificateAlgorithmId.ALGORITHM); Vector mCache = new Vector(); StringTokenizer st = new StringTokenizer( @@ -132,7 +127,7 @@ public class SigningAlgConstraint extends EnrollConstraint { if (!mCache.contains(id.toString())) { throw new ERejectException(CMS.getUserMessage( - getLocale(request), + getLocale(request), "CMS_PROFILE_SIGNING_ALGORITHM_NOT_MATCHED", id.toString())); } } catch (Exception e) { diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java index 7ce32f00..9ca8d452 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.io.IOException; import java.util.Locale; @@ -38,12 +37,10 @@ import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.SubjectNameDefault; import com.netscape.cms.profile.def.UserSubjectNameDefault; - /** - * This class implements the subject name constraint. - * It checks if the subject name in the certificate - * template satisfies the criteria. - * + * This class implements the subject name constraint. It checks if the subject + * name in the certificate template satisfies the criteria. + * * @version $Revision$, $Date$ */ public class SubjectNameConstraint extends EnrollConstraint { @@ -56,13 +53,13 @@ public class SubjectNameConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_PATTERN)) { + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME_PATTERN")); } else { @@ -75,22 +72,21 @@ public class SubjectNameConstraint extends EnrollConstraint { } /** - * Validates the request. The request is not modified - * during the validation. + * Validates the request. The request is not modified during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CMS.debug("SubjectNameConstraint: validate start"); CertificateSubjectName sn = null; try { sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); - CMS.debug("SubjectNameConstraint: validate cert subject ="+ + CMS.debug("SubjectNameConstraint: validate cert subject =" + sn.toString()); } catch (Exception e) { throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } X500Name sn500 = null; @@ -98,31 +94,31 @@ public class SubjectNameConstraint extends EnrollConstraint { sn500 = (X500Name) sn.get(CertificateSubjectName.DN_NAME); } catch (IOException e) { throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } if (sn500 == null) { CMS.debug("SubjectNameConstraint: validate() - sn500 is null"); throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } else { - CMS.debug("SubjectNameConstraint: validate() - sn500 "+ - CertificateSubjectName.DN_NAME + " = "+ - sn500.toString()); + CMS.debug("SubjectNameConstraint: validate() - sn500 " + + CertificateSubjectName.DN_NAME + " = " + + sn500.toString()); } if (!sn500.toString().matches(getConfig(CONFIG_PATTERN))) { - CMS.debug("SubjectNameConstraint: validate() - sn500 not matching pattern "+ getConfig(CONFIG_PATTERN)); + CMS.debug("SubjectNameConstraint: validate() - sn500 not matching pattern " + getConfig(CONFIG_PATTERN)); throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_MATCHED", - sn500.toString())); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_MATCHED", + sn500.toString())); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_SUBJECT_NAME_TEXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_SUBJECT_NAME_TEXT", getConfig(CONFIG_PATTERN)); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java index b47e2230..c242ffce 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Enumeration; import java.util.Locale; @@ -43,57 +42,53 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.def.NoDefault; /** - * This constraint is to check for publickey uniqueness. - * The config param "allowSameKeyRenewal" enables the - * situation where if the publickey is not unique, and if - * the subject DN is the same, that is a "renewal". - * - * Another "feature" that is quoted out of this code is the - * "revokeDupKeyCert" option, which enables the revocation - * of certs that bear the same publickey as the enrolling - * request. Since this can potentially be abused, it is taken - * out and preserved in comments to allow future refinement. - * + * This constraint is to check for publickey uniqueness. The config param + * "allowSameKeyRenewal" enables the situation where if the publickey is not + * unique, and if the subject DN is the same, that is a "renewal". + * + * Another "feature" that is quoted out of this code is the "revokeDupKeyCert" + * option, which enables the revocation of certs that bear the same publickey as + * the enrolling request. Since this can potentially be abused, it is taken out + * and preserved in comments to allow future refinement. + * * @version $Revision$, $Date$ */ public class UniqueKeyConstraint extends EnrollConstraint { - /* - public static final String CONFIG_REVOKE_DUPKEY_CERT = - "revokeDupKeyCert"; - boolean mRevokeDupKeyCert = false; - */ - public static final String CONFIG_ALLOW_SAME_KEY_RENEWAL = - "allowSameKeyRenewal"; - boolean mAllowSameKeyRenewal = false; + /* + * public static final String CONFIG_REVOKE_DUPKEY_CERT = + * "revokeDupKeyCert"; boolean mRevokeDupKeyCert = false; + */ + public static final String CONFIG_ALLOW_SAME_KEY_RENEWAL = + "allowSameKeyRenewal"; + boolean mAllowSameKeyRenewal = false; public ICertificateAuthority mCA = null; - public UniqueKeyConstraint() { - super(); - /* - addConfigName(CONFIG_REVOKE_DUPKEY_CERT); - */ - addConfigName(CONFIG_ALLOW_SAME_KEY_RENEWAL); - } + public UniqueKeyConstraint() { + super(); + /* + * addConfigName(CONFIG_REVOKE_DUPKEY_CERT); + */ + addConfigName(CONFIG_ALLOW_SAME_KEY_RENEWAL); + } - public void init(IProfile profile, IConfigStore config) - throws EProfileException { + public void init(IProfile profile, IConfigStore config) + throws EProfileException { super.init(profile, config); mCA = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); } - public IDescriptor getConfigDescriptor(Locale locale, String name) - { - /* - if (name.equals(CONFIG_REVOKE_DUPKEY_CERT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_REVOKE_DUPKEY_CERT")); - } - */ - if (name.equals(CONFIG_ALLOW_SAME_KEY_RENEWAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_ALLOW_SAME_KEY_RENEWAL")); - } + public IDescriptor getConfigDescriptor(Locale locale, String name) { + /* + * if (name.equals(CONFIG_REVOKE_DUPKEY_CERT)) { return new + * Descriptor(IDescriptor.BOOLEAN, null, "false", + * CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_REVOKE_DUPKEY_CERT")); + * } + */ + if (name.equals(CONFIG_ALLOW_SAME_KEY_RENEWAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", + CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_ALLOW_SAME_KEY_RENEWAL")); + } return null; } @@ -102,173 +97,159 @@ public class UniqueKeyConstraint extends EnrollConstraint { } /** - * Validates the request. The request is not modified - * during the validation. + * Validates the request. The request is not modified during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - boolean rejected = false; - int size = 0; - ICertRecordList list; + throws ERejectException { + boolean rejected = false; + int size = 0; + ICertRecordList list; - /* - mRevokeDupKeyCert = - getConfigBoolean(CONFIG_REVOKE_DUPKEY_CERT); - */ - mAllowSameKeyRenewal = getConfigBoolean(CONFIG_ALLOW_SAME_KEY_RENEWAL); + /* + * mRevokeDupKeyCert = getConfigBoolean(CONFIG_REVOKE_DUPKEY_CERT); + */ + mAllowSameKeyRenewal = getConfigBoolean(CONFIG_ALLOW_SAME_KEY_RENEWAL); try { CertificateX509Key infokey = (CertificateX509Key) - info.get(X509CertInfo.KEY); + info.get(X509CertInfo.KEY); X509Key key = (X509Key) - infokey.get(CertificateX509Key.KEY); + infokey.get(CertificateX509Key.KEY); - // check for key uniqueness - byte pub[] = key.getEncoded(); - String pub_s = escapeBinaryData(pub); - String filter = "(" + ICertRecord.ATTR_X509CERT_PUBLIC_KEY_DATA +"=" + pub_s + ")"; - list = - (ICertRecordList) - mCA.getCertificateRepository().findCertRecordsInList(filter, null, 10); - size = list.getSize(); + // check for key uniqueness + byte pub[] = key.getEncoded(); + String pub_s = escapeBinaryData(pub); + String filter = "(" + ICertRecord.ATTR_X509CERT_PUBLIC_KEY_DATA + "=" + pub_s + ")"; + list = + (ICertRecordList) + mCA.getCertificateRepository().findCertRecordsInList(filter, null, 10); + size = list.getSize(); } catch (Exception e) { - throw new ERejectException( + throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_INTERNAL_ERROR",e.toString())); - } - - /* - * It does not matter if the corresponding cert's status - * is valid or not, we don't want a key that was once - * generated before - */ - if (size > 0) { - CMS.debug("UniqueKeyConstraint: found existing cert with duplicate key."); - - /* - The following code revokes the existing certs that have - the same public key as the one submitted for enrollment - request. However, it is not a good idea due to possible - abuse. It is therefore commented out. It is still - however still maintained for possible utilization at later - time - - // if configured to revoke duplicated key - // revoke cert - if (mRevokeDupKeyCert) { - try { - Enumeration e = list.getCertRecords(0, size-1); - while (e != null && e.hasMoreElements()) { - ICertRecord rec = (ICertRecord) e.nextElement(); - X509CertImpl cert = rec.getCertificate(); - - // revoke the cert - BigInteger serialNum = cert.getSerialNumber(); - ICAService service = (ICAService) mCA.getCAService(); - - RevokedCertImpl crlEntry = - formCRLEntry(serialNum, RevocationReason.KEY_COMPROMISE); - service.revokeCert(crlEntry); - CMS.debug("UniqueKeyConstraint: certificate with duplicate publickey revoked successfully"); - } - } catch (Exception ex) { - CMS.debug("UniqueKeyConstraint: error in revoke dupkey cert"); - } - } // revoke dupkey cert turned on - */ - - if (mAllowSameKeyRenewal == true) { - X500Name sjname_in_db = null; - X500Name sjname_in_req = null; - - try { - // get subject of request - CertificateSubjectName subName = - (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); - - if (subName != null) { - - sjname_in_req = - (X500Name) subName.get(CertificateSubjectName.DN_NAME); - CMS.debug("UniqueKeyConstraint: cert request subject DN ="+ sjname_in_req.toString()); - Enumeration e = list.getCertRecords(0, size-1); - while (e != null && e.hasMoreElements()) { - ICertRecord rec = (ICertRecord) e.nextElement(); - X509CertImpl cert = rec.getCertificate(); - String certDN = - cert.getSubjectDN().toString(); - CMS.debug("UniqueKeyConstraint: cert retrieved from ldap has subject DN ="+ certDN); - - sjname_in_db = new X500Name(certDN); - - if (sjname_in_db.equals(sjname_in_req) == false) { - rejected = true; - break; - } else { - rejected = false; - } - } // while - } else { //subName is null - rejected = true; - } - } catch (Exception ex1) { - CMS.debug("UniqueKeyConstraint: error in allowSameKeyRenewal: "+ex1.toString()); - rejected = true; - } // try - - } else { - rejected = true; - }// allowSameKeyRenewal - } // (size > 0) + getLocale(request), + "CMS_PROFILE_INTERNAL_ERROR", e.toString())); + } - if (rejected == true) { - CMS.debug("UniqueKeyConstraint: rejected"); - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_DUPLICATE_KEY")); - } else { - CMS.debug("UniqueKeyConstraint: approved"); - } + /* + * It does not matter if the corresponding cert's status is valid or + * not, we don't want a key that was once generated before + */ + if (size > 0) { + CMS.debug("UniqueKeyConstraint: found existing cert with duplicate key."); + + /* + * The following code revokes the existing certs that have the same + * public key as the one submitted for enrollment request. However, + * it is not a good idea due to possible abuse. It is therefore + * commented out. It is still however still maintained for possible + * utilization at later time + * + * // if configured to revoke duplicated key // revoke cert if + * (mRevokeDupKeyCert) { try { Enumeration e = + * list.getCertRecords(0, size-1); while (e != null && + * e.hasMoreElements()) { ICertRecord rec = (ICertRecord) + * e.nextElement(); X509CertImpl cert = rec.getCertificate(); + * + * // revoke the cert BigInteger serialNum = cert.getSerialNumber(); + * ICAService service = (ICAService) mCA.getCAService(); + * + * RevokedCertImpl crlEntry = formCRLEntry(serialNum, + * RevocationReason.KEY_COMPROMISE); service.revokeCert(crlEntry); + * CMS.debug( + * "UniqueKeyConstraint: certificate with duplicate publickey revoked successfully" + * ); } } catch (Exception ex) { + * CMS.debug("UniqueKeyConstraint: error in revoke dupkey cert"); } + * } // revoke dupkey cert turned on + */ + + if (mAllowSameKeyRenewal == true) { + X500Name sjname_in_db = null; + X500Name sjname_in_req = null; + + try { + // get subject of request + CertificateSubjectName subName = + (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); + + if (subName != null) { + + sjname_in_req = + (X500Name) subName.get(CertificateSubjectName.DN_NAME); + CMS.debug("UniqueKeyConstraint: cert request subject DN =" + sjname_in_req.toString()); + Enumeration e = list.getCertRecords(0, size - 1); + while (e != null && e.hasMoreElements()) { + ICertRecord rec = (ICertRecord) e.nextElement(); + X509CertImpl cert = rec.getCertificate(); + String certDN = + cert.getSubjectDN().toString(); + CMS.debug("UniqueKeyConstraint: cert retrieved from ldap has subject DN =" + certDN); + + sjname_in_db = new X500Name(certDN); + + if (sjname_in_db.equals(sjname_in_req) == false) { + rejected = true; + break; + } else { + rejected = false; + } + } // while + } else { // subName is null + rejected = true; + } + } catch (Exception ex1) { + CMS.debug("UniqueKeyConstraint: error in allowSameKeyRenewal: " + ex1.toString()); + rejected = true; + } // try + + } else { + rejected = true; + }// allowSameKeyRenewal + } // (size > 0) + + if (rejected == true) { + CMS.debug("UniqueKeyConstraint: rejected"); + throw new ERejectException( + CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_DUPLICATE_KEY")); + } else { + CMS.debug("UniqueKeyConstraint: approved"); + } } - /** + /** * make a CRL entry from a serial number and revocation reason. + * * @return a RevokedCertImpl that can be entered in a CRL. - - protected RevokedCertImpl formCRLEntry( - BigInteger serialNo, RevocationReason reason) - throws EBaseException { - CRLReasonExtension reasonExt = new CRLReasonExtension(reason); - CRLExtensions crlentryexts = new CRLExtensions(); - - try { - crlentryexts.set(CRLReasonExtension.NAME, reasonExt); - } catch (IOException e) { - CMS.debug("CMSGW_ERR_CRL_REASON "+e.toString()); - - // throw new ECMSGWException( - // CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON")); - - } - RevokedCertImpl crlentry = - new RevokedCertImpl(serialNo, CMS.getCurrentDate(), - crlentryexts); - - return crlentry; - } - */ + * + * protected RevokedCertImpl formCRLEntry( BigInteger serialNo, + * RevocationReason reason) throws EBaseException { + * CRLReasonExtension reasonExt = new CRLReasonExtension(reason); + * CRLExtensions crlentryexts = new CRLExtensions(); + * + * try { crlentryexts.set(CRLReasonExtension.NAME, reasonExt); } + * catch (IOException e) { + * CMS.debug("CMSGW_ERR_CRL_REASON "+e.toString()); + * + * // throw new ECMSGWException( // + * CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON")); + * + * } RevokedCertImpl crlentry = new RevokedCertImpl(serialNo, + * CMS.getCurrentDate(), crlentryexts); + * + * return crlentry; } + */ public String getText(Locale locale) { String params[] = { -/* - getConfig(CONFIG_REVOKE_DUPKEY_CERT), -*/ - }; + /* + * getConfig(CONFIG_REVOKE_DUPKEY_CERT), + */ + }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_ALLOW_SAME_KEY_RENEWAL_TEXT", params); } @@ -285,12 +266,12 @@ public class UniqueKeyConstraint extends EnrollConstraint { } public boolean isApplicable(IPolicyDefault def) { - if (def instanceof NoDefault) - return true; + if (def instanceof NoDefault) + return true; if (def instanceof UniqueKeyConstraint) return true; - return false; + return false; } } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java index 72498d39..b59e6e30 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java @@ -51,17 +51,16 @@ import com.netscape.cms.profile.def.SubjectNameDefault; import com.netscape.cms.profile.def.UserSubjectNameDefault; /** - * This class implements the unique subject name constraint. - * It checks if the subject name in the certificate is - * unique in the internal database, ie, no two certificates - * have the same subject name. - * + * This class implements the unique subject name constraint. It checks if the + * subject name in the certificate is unique in the internal database, ie, no + * two certificates have the same subject name. + * * @version $Revision$, $Date$ */ public class UniqueSubjectNameConstraint extends EnrollConstraint { public static final String CONFIG_KEY_USAGE_EXTENSION_CHECKING = - "enableKeyUsageExtensionChecking"; + "enableKeyUsageExtensionChecking"; private boolean mKeyUsageExtensionChecking = true; public UniqueSubjectNameConstraint() { @@ -69,14 +68,14 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_KEY_USAGE_EXTENSION_CHECKING)) { return new Descriptor(IDescriptor.BOOLEAN, null, "true", - CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_KEY_USAGE_EXTENSION_CHECKING")); + CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_KEY_USAGE_EXTENSION_CHECKING")); } return null; } @@ -85,12 +84,12 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { return null; } - /** - * Checks if the key extension in the issued certificate - * is the same as the one in the certificate template. - */ + /** + * Checks if the key extension in the issued certificate is the same as the + * one in the certificate template. + */ private boolean sameKeyUsageExtension(ICertRecord rec, - X509CertInfo certInfo) { + X509CertInfo certInfo) { X509CertImpl impl = rec.getCertificate(); boolean bits[] = impl.getKeyUsage(); @@ -98,7 +97,7 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { try { extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); } catch (IOException e) { } catch (java.security.cert.CertificateException e) { } @@ -110,9 +109,9 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { } else { try { ext = (KeyUsageExtension) extensions.get( - KeyUsageExtension.class.getSimpleName()); + KeyUsageExtension.class.getSimpleName()); } catch (IOException e) { - // extension isn't there. + // extension isn't there. } if (ext == null) { @@ -135,48 +134,46 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { return false; } } - } + } } - return true; + return true; } - /** - * Validates the request. The request is not modified - * during the validation. - * - * Rules are as follows: - * If the subject name is not unique, then the request will be rejected unless: - * 1. the certificate is expired or expired_revoked + * Validates the request. The request is not modified during the validation. + * + * Rules are as follows: If the subject name is not unique, then the request + * will be rejected unless: 1. the certificate is expired or expired_revoked * 2. the certificate is revoked and the revocation reason is not "on hold" - * 3. the keyUsageExtension bits are different and enableKeyUsageExtensionChecking=true (default) + * 3. the keyUsageExtension bits are different and + * enableKeyUsageExtensionChecking=true (default) */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CMS.debug("UniqueSubjectNameConstraint: validate start"); CertificateSubjectName sn = null; - IAuthority authority = (IAuthority)CMS.getSubsystem("ca"); - + IAuthority authority = (IAuthority) CMS.getSubsystem("ca"); + mKeyUsageExtensionChecking = getConfigBoolean(CONFIG_KEY_USAGE_EXTENSION_CHECKING); ICertificateRepository certdb = null; if (authority != null && authority instanceof ICertificateAuthority) { - ICertificateAuthority ca = (ICertificateAuthority)authority; + ICertificateAuthority ca = (ICertificateAuthority) authority; certdb = ca.getCertificateRepository(); } - + try { sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); } catch (Exception e) { throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } String certsubjectname = null; if (sn == null) throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); else { certsubjectname = sn.toString(); String filter = "x509Cert.subject=" + certsubjectname; @@ -184,10 +181,10 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { try { sameSubjRecords = certdb.findCertRecords(filter); } catch (EBaseException e) { - CMS.debug("UniqueSubjectNameConstraint exception: "+e.toString()); + CMS.debug("UniqueSubjectNameConstraint exception: " + e.toString()); } while (sameSubjRecords != null && sameSubjRecords.hasMoreElements()) { - ICertRecord rec = sameSubjRecords.nextElement(); + ICertRecord rec = sameSubjRecords.nextElement(); String status = rec.getStatus(); IRevocationInfo revocationInfo = rec.getRevocationInfo(); @@ -200,7 +197,7 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { Enumeration<Extension> enumx = crlExts.getElements(); while (enumx.hasMoreElements()) { - Extension ext = enumx.nextElement(); + Extension ext = enumx.nextElement(); if (ext instanceof CRLReasonExtension) { reason = ((CRLReasonExtension) ext).getReason(); @@ -213,8 +210,8 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { continue; } - if (status.equals(ICertRecord.STATUS_REVOKED) && reason != null && - (! reason.equals(RevocationReason.CERTIFICATE_HOLD))) { + if (status.equals(ICertRecord.STATUS_REVOKED) && reason != null && + (!reason.equals(RevocationReason.CERTIFICATE_HOLD))) { continue; } @@ -223,20 +220,20 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { } throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_UNIQUE", - certsubjectname)); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_UNIQUE", + certsubjectname)); } } - CMS.debug("UniqueSubjectNameConstraint: validate end"); + CMS.debug("UniqueSubjectNameConstraint: validate end"); } public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_KEY_USAGE_EXTENSION_CHECKING) + getConfig(CONFIG_KEY_USAGE_EXTENSION_CHECKING) }; - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_UNIQUE_SUBJECT_NAME_TEXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_UNIQUE_SUBJECT_NAME_TEXT", params); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java index 95c32221..c839cb5d 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.io.IOException; import java.util.Date; import java.util.Locale; @@ -40,12 +39,10 @@ import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserValidityDefault; import com.netscape.cms.profile.def.ValidityDefault; - /** - * This class implements the validity constraint. - * It checks if the validity in the certificate - * template satisfies the criteria. - * + * This class implements the validity constraint. It checks if the validity in + * the certificate template satisfies the criteria. + * * @version $Revision$, $Date$ */ public class ValidityConstraint extends EnrollConstraint { @@ -68,20 +65,20 @@ public class ValidityConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (name.equals(CONFIG_RANGE) || - name.equals(CONFIG_NOT_BEFORE_GRACE_PERIOD)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + name.equals(CONFIG_NOT_BEFORE_GRACE_PERIOD)) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", name)); - } + } } super.setConfig(name, value); } @@ -104,11 +101,10 @@ public class ValidityConstraint extends EnrollConstraint { } /** - * Validates the request. The request is not modified - * during the validation. + * Validates the request. The request is not modified during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CertificateValidity v = null; try { @@ -144,22 +140,22 @@ public class ValidityConstraint extends EnrollConstraint { long millisDiff = notAfter.getTime() - notBefore.getTime(); CMS.debug("ValidityConstraint: millisDiff=" + millisDiff + " notAfter=" + notAfter.getTime() + " notBefore=" + notBefore.getTime()); - long long_days = (millisDiff / 1000 ) / 86400; - CMS.debug("ValidityConstraint: long_days: "+long_days); - int days = (int)long_days; - CMS.debug("ValidityConstraint: days: "+days); + long long_days = (millisDiff / 1000) / 86400; + CMS.debug("ValidityConstraint: long_days: " + long_days); + int days = (int) long_days; + CMS.debug("ValidityConstraint: days: " + days); if (days > Integer.parseInt(getConfig(CONFIG_RANGE))) { throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_VALIDITY_OUT_OF_RANGE", + "CMS_PROFILE_VALIDITY_OUT_OF_RANGE", Integer.toString(days))); } - // 613828 - // The validity field shall specify a notBefore value - // that does not precede the current time and a notAfter - // value that does not precede the value specified in - // notBefore (test can be automated; try entering violating + // 613828 + // The validity field shall specify a notBefore value + // that does not precede the current time and a notAfter + // value that does not precede the value specified in + // notBefore (test can be automated; try entering violating // time values and check result). String notBeforeCheckStr = getConfig(CONFIG_CHECK_NOT_BEFORE); boolean notBeforeCheck; @@ -167,7 +163,7 @@ public class ValidityConstraint extends EnrollConstraint { if (notBeforeCheckStr == null || notBeforeCheckStr.equals("")) { notBeforeCheckStr = "false"; } - notBeforeCheck = Boolean.valueOf(notBeforeCheckStr).booleanValue(); + notBeforeCheck = Boolean.valueOf(notBeforeCheckStr).booleanValue(); String notAfterCheckStr = getConfig(CONFIG_CHECK_NOT_AFTER); boolean notAfterCheck; @@ -175,7 +171,7 @@ public class ValidityConstraint extends EnrollConstraint { if (notAfterCheckStr == null || notAfterCheckStr.equals("")) { notAfterCheckStr = "false"; } - notAfterCheck = Boolean.valueOf(notAfterCheckStr).booleanValue(); + notAfterCheck = Boolean.valueOf(notAfterCheckStr).booleanValue(); String notBeforeGracePeriodStr = getConfig(CONFIG_NOT_BEFORE_GRACE_PERIOD); if (notBeforeGracePeriodStr == null || notBeforeGracePeriodStr.equals("")) { @@ -186,7 +182,7 @@ public class ValidityConstraint extends EnrollConstraint { Date current = CMS.getCurrentDate(); if (notBeforeCheck) { if (notBefore.getTime() > (current.getTime() + notBeforeGracePeriod)) { - CMS.debug("ValidityConstraint: notBefore (" + notBefore + ") > current + "+ + CMS.debug("ValidityConstraint: notBefore (" + notBefore + ") > current + " + "gracePeriod (" + new Date(current.getTime() + notBeforeGracePeriod) + ")"); throw new ERejectException(CMS.getUserMessage(getLocale(request), "CMS_PROFILE_NOT_BEFORE_AFTER_CURRENT")); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java index 6f73cd52..732d4640 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -40,11 +39,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates Authuority Info Access extension. - * + * This class implements an enrollment default policy that populates Authuority + * Info Access extension. + * * @version $Revision$, $Date$ */ public class AuthInfoAccessExtDefault extends EnrollExtDefault { @@ -89,30 +87,30 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { return num; } - + public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_ADS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_AD || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_AD || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } - - } catch (Exception e) { + } + + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } - } + } + } super.setConfig(name, value); } @@ -122,7 +120,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { } protected void refreshConfigAndValueNames() { - //refesh our config name list + // refesh our config name list super.refreshConfigAndValueNames(); mConfigNames.removeAllElements(); @@ -142,42 +140,42 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_AD_METHOD)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD")); } else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) { - return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", + return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", "URIName", CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE")); } else if (name.startsWith(CONFIG_AD_LOCATION)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATION")); } else if (name.startsWith(CONFIG_AD_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_AD_ENABLE")); } else if (name.startsWith(CONFIG_NUM_ADS)) { return new Descriptor(IDescriptor.INTEGER, null, "1", CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ADS")); - } + } return null; } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); } else { @@ -186,45 +184,42 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { AuthInfoAccessExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } - AuthInfoAccessExtension a = new AuthInfoAccessExtension(false); ObjectIdentifier oid = a.getExtensionId(); ext = (AuthInfoAccessExtension) - getExtension(oid.toString(), info); + getExtension(oid.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } - + if (name.equals(VAL_CRITICAL)) { ext = (AuthInfoAccessExtension) getExtension(oid.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) - { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_GENERAL_NAMES)) { + ext.setCritical(val); + } else if (name.equals(VAL_GENERAL_NAMES)) { ext = (AuthInfoAccessExtension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { return; } boolean critical = ext.isCritical(); @@ -263,17 +258,17 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { GeneralNameInterface interface1 = parseGeneralName(locationType + ":" + location); if (interface1 == null) throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", locationType)); + locale, "CMS_INVALID_PROPERTY", locationType)); gn = new GeneralName(interface1); } - + if (method != null) { try { - ext.addAccessDescription(new ObjectIdentifier(method), gn); + ext.addAccessDescription(new ObjectIdentifier(method), gn); } catch (NumberFormatException ee) { - CMS.debug("AuthInfoAccessExtDefault: "+ee.toString()); + CMS.debug("AuthInfoAccessExtDefault: " + ee.toString()); throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_DEF_AIA_OID", method)); + locale, "CMS_PROFILE_DEF_AIA_OID", method)); } } } @@ -296,30 +291,29 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { AuthInfoAccessExtension ext = null; - if (name == null) { + if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } AuthInfoAccessExtension a = new AuthInfoAccessExtension(false); - ObjectIdentifier oid = a.getExtensionId(); + ObjectIdentifier oid = a.getExtensionId(); ext = (AuthInfoAccessExtension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { CMS.debug("AuthInfoAccessExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -336,7 +330,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_GENERAL_NAMES)) { + } else if (name.equals(VAL_GENERAL_NAMES)) { ext = (AuthInfoAccessExtension) getExtension(oid.toString(), info); @@ -345,11 +339,11 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { return ""; int num = getNumAds(); - + CMS.debug("AuthInfoAccess num=" + num); Vector recs = new Vector(); - for (int i = 0; i < num; i++) { + for (int i = 0; i < num; i++) { NameValuePairs np = new NameValuePairs(); AccessDescription des = null; @@ -363,7 +357,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { np.add(AD_ENABLE, "false"); } else { ObjectIdentifier methodOid = des.getMethod(); - GeneralName gn = des.getLocation(); + GeneralName gn = des.getLocation(); np.add(AD_METHOD, methodOid.toString()); np.add(AD_LOCATION_TYPE, getGeneralNameType(gn)); @@ -402,7 +396,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { ads.append(getConfig(CONFIG_AD_ENABLE + i)); ads.append("}"); } - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AIA_TEXT", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AIA_TEXT", getConfig(CONFIG_CRITICAL), ads.toString()); } @@ -410,14 +404,14 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { AuthInfoAccessExtension ext = createExtension(); addExtension(ext.getExtensionId().toString(), ext, info); } public AuthInfoAccessExtension createExtension() { - AuthInfoAccessExtension ext = null; + AuthInfoAccessExtension ext = null; int num = getNumAds(); try { @@ -439,22 +433,23 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { String hostname = CMS.getEENonSSLHost(); String port = CMS.getEENonSSLPort(); if (hostname != null && port != null) - // location = "http://"+hostname+":"+port+"/ocsp/ee/ocsp"; - location = "http://"+hostname+":"+port+"/ca/ocsp"; + // location = + // "http://"+hostname+":"+port+"/ocsp/ee/ocsp"; + location = "http://" + hostname + ":" + port + "/ca/ocsp"; } } String s = locationType + ":" + location; GeneralNameInterface gn = parseGeneralName(s); if (gn != null) { - ext.addAccessDescription(new ObjectIdentifier(method), - new GeneralName(gn)); + ext.addAccessDescription(new ObjectIdentifier(method), + new GeneralName(gn)); } } } } catch (Exception e) { - CMS.debug("AuthInfoAccessExtDefault: createExtension " + - e.toString()); + CMS.debug("AuthInfoAccessExtDefault: createExtension " + + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java index a308e2eb..9226bb4c 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -35,11 +34,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy that - * populates subject name based on the attribute values - * in the authentication token (AuthToken) object. + * This class implements an enrollment default policy that populates subject + * name based on the attribute values in the authentication token (AuthToken) + * object. * * @version $Revision$, $Date$ */ @@ -53,7 +51,7 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -67,8 +65,8 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { CMS.debug("AuthTokenSubjectNameDefault: begins"); if (name == null) { throw new EPropertyException(CMS.getUserMessage(locale, @@ -81,18 +79,18 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { x500name = new X500Name(value); CMS.debug("AuthTokenSubjectNameDefault: setValue x500name=" + x500name.toString()); } catch (IOException e) { - CMS.debug("AuthTokenSubjectNameDefault: setValue " + - e.toString()); + CMS.debug("AuthTokenSubjectNameDefault: setValue " + + e.toString()); // failed to build x500 name } CMS.debug("AuthTokenSubjectNameDefault: setValue name=" + x500name.toString()); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name - CMS.debug("AuthTokenSubjectNameDefault: setValue " + - e.toString()); + CMS.debug("AuthTokenSubjectNameDefault: setValue " + + e.toString()); } } else { throw new EPropertyException(CMS.getUserMessage(locale, @@ -101,8 +99,8 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) throw new EPropertyException("Invalid name " + name); if (name.equals(VAL_NAME)) { @@ -114,8 +112,8 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { return sn.toString(); } catch (Exception e) { // nothing - CMS.debug("AuthTokenSubjectNameDefault: getValue " + - e.toString()); + CMS.debug("AuthTokenSubjectNameDefault: getValue " + + e.toString()); } throw new EPropertyException(CMS.getUserMessage(locale, "CMS_INVALID_PROPERTY", name)); @@ -126,7 +124,7 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { } public String getText(Locale locale) { - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AUTHTOKEN_SUBJECT_NAME"); } @@ -134,7 +132,7 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { // authenticate the subject name and populate it // to the certinfo diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java index 869deed2..d6606c2b 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -35,12 +34,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates Authority Key Identifier extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates Authority + * Key Identifier extension into the certificate template. + * * @version $Revision$, $Date$ */ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { @@ -56,29 +53,29 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.STRING, + return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, null, CMS.getUserMessage(locale, - "CMS_PROFILE_CRITICAL")); + "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_KEY_ID)) { - return new Descriptor(IDescriptor.STRING, + return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, null, CMS.getUserMessage(locale, - "CMS_PROFILE_KEY_ID")); + "CMS_PROFILE_KEY_ID")); } else { return null; } } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + X509CertInfo info, String value) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_CRITICAL)) { @@ -86,40 +83,38 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { } else if (name.equals(VAL_KEY_ID)) { // do nothing for read only value } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + X509CertInfo info) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } - AuthorityKeyIdentifierExtension ext = (AuthorityKeyIdentifierExtension) getExtension( - PKIXExtensions.AuthorityKey_Id.toString(), info); + PKIXExtensions.AuthorityKey_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = - (AuthorityKeyIdentifierExtension) getExtension( - PKIXExtensions.AuthorityKey_Id.toString(), info); + ext = + (AuthorityKeyIdentifierExtension) getExtension( + PKIXExtensions.AuthorityKey_Id.toString(), info); if (ext == null) { return null; @@ -131,8 +126,8 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { } } else if (name.equals(VAL_KEY_ID)) { ext = - (AuthorityKeyIdentifierExtension) getExtension( - PKIXExtensions.AuthorityKey_Id.toString(), info); + (AuthorityKeyIdentifierExtension) getExtension( + PKIXExtensions.AuthorityKey_Id.toString(), info); if (ext == null) { // do something here @@ -147,11 +142,11 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { // CMS.debug(e.toString()); } - if (kid == null) + if (kid == null) return ""; return toHexString(kid.getIdentifier()); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -164,7 +159,7 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { AuthorityKeyIdentifierExtension ext = createExtension(info); addExtension(PKIXExtensions.AuthorityKey_Id.toString(), ext, info); @@ -174,9 +169,9 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { KeyIdentifier kid = null; String localKey = getConfig("localKey"); if (localKey != null && localKey.equals("true")) { - kid = getKeyIdentifier(info); + kid = getKeyIdentifier(info); } else { - kid = getCAKeyIdentifier(); + kid = getCAKeyIdentifier(); } if (kid == null) @@ -186,8 +181,8 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { try { ext = new AuthorityKeyIdentifierExtension(false, kid, null, null); } catch (IOException e) { - CMS.debug("AuthorityKeyIdentifierExtDefault: createExtension " + - e.toString()); + CMS.debug("AuthorityKeyIdentifierExtDefault: createExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java index 7ab05d75..ddb9c4a8 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -31,11 +30,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that automatically assign request to agent. - * + * This class implements an enrollment default policy that automatically assign + * request to agent. + * * @version $Revision$, $Date$ */ public class AutoAssignDefault extends EnrollDefault { @@ -48,15 +46,15 @@ public class AutoAssignDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_ASSIGN_TO)) { - return new Descriptor(IDescriptor.STRING, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_ASSIGN_TO)) { + return new Descriptor(IDescriptor.STRING, null, "admin", CMS.getUserMessage(locale, - "CMS_PROFILE_AUTO_ASSIGN")); + "CMS_PROFILE_AUTO_ASSIGN")); } else { return null; } @@ -67,29 +65,29 @@ public class AutoAssignDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { return null; } public String getText(Locale locale) { return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AUTO_ASSIGN", - getConfig(CONFIG_ASSIGN_TO)); + getConfig(CONFIG_ASSIGN_TO)); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { try { - request.setRequestOwner( - mapPattern(request, getConfig(CONFIG_ASSIGN_TO))); + request.setRequestOwner( + mapPattern(request, getConfig(CONFIG_ASSIGN_TO))); } catch (Exception e) { // failed to insert subject name CMS.debug("AutoAssignDefault: populate " + e.toString()); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java index 8c5d8094..2665fa2c 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates Basic Constraint extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates Basic + * Constraint extension into the certificate template. + * * @version $Revision$, $Date$ */ public class BasicConstraintsExtDefault extends EnrollExtDefault { @@ -64,21 +61,21 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_IS_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "true", CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA")); } else if (name.equals(CONFIG_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, + return new Descriptor(IDescriptor.INTEGER, null, "-1", CMS.getUserMessage(locale, "CMS_PROFILE_PATH_LEN")); } @@ -87,15 +84,15 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_IS_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "true", CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA")); } else if (name.equals(VAL_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, + return new Descriptor(IDescriptor.INTEGER, null, "-1", CMS.getUserMessage(locale, "CMS_PROFILE_PATH_LEN")); } else { @@ -104,39 +101,37 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { BasicConstraintsExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (BasicConstraintsExtension) getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - if(ext == null) - { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { ext = (BasicConstraintsExtension) getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); - + boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { + if (ext == null) { return; } ext.setCritical(val); } else if (name.equals(VAL_IS_CA)) { ext = (BasicConstraintsExtension) getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } Boolean isCA = Boolean.valueOf(value); @@ -146,7 +141,7 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { ext = (BasicConstraintsExtension) getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } Integer pathLen = Integer.valueOf(value); @@ -156,8 +151,8 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { throw new EPropertyException("Invalid name " + name); } replaceExtension(PKIXExtensions.BasicConstraints_Id.toString(), - ext, info); - } catch (IOException e) { + ext, info); + } catch (IOException e) { CMS.debug("BasicConstraintsExtDefault: setValue " + e.toString()); throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); @@ -169,35 +164,34 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { try { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } BasicConstraintsExtension ext = (BasicConstraintsExtension) getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - if(ext == null) - { + if (ext == null) { CMS.debug("BasicConstraintsExtDefault: getValue ext is null, populating a new one "); - - try { - populate(null,info); + + try { + populate(null, info); } catch (EProfileException e) { CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); + ext = (BasicConstraintsExtension) + getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); if (ext == null) { return null; @@ -208,8 +202,8 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_IS_CA)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); + ext = (BasicConstraintsExtension) + getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); if (ext == null) { return null; @@ -218,41 +212,41 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { return isCA.toString(); } else if (name.equals(VAL_PATH_LEN)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); + ext = (BasicConstraintsExtension) + getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); if (ext == null) { return null; } Integer pathLen = (Integer) - ext.get(BasicConstraintsExtension.PATH_LEN); - + ext.get(BasicConstraintsExtension.PATH_LEN); String pLen = null; pLen = pathLen.toString(); - if(pLen.equals("-2")) - { - //This is done for bug 621700. Profile constraints actually checks for -1 - //The low level security class for some reason sets this to -2 - //This will allow the request to be approved successfuly by the agent. + if (pLen.equals("-2")) { + // This is done for bug 621700. Profile constraints actually + // checks for -1 + // The low level security class for some reason sets this to + // -2 + // This will allow the request to be approved successfuly by + // the agent. - pLen = "-1"; + pLen = "-1"; } - + CMS.debug("BasicConstriantsExtDefault getValue(pLen) " + pLen); - + return pLen; - - } else { - throw new EPropertyException(CMS.getUserMessage( + } else { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -271,11 +265,11 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { BasicConstraintsExtension ext = createExtension(); addExtension(PKIXExtensions.BasicConstraints_Id.toString(), ext, - info); + info); } public BasicConstraintsExtension createExtension() { @@ -287,8 +281,7 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { int pathLen = -2; - - if(!pathLenStr.equals("") ) { + if (!pathLenStr.equals("")) { pathLen = Integer.valueOf(pathLenStr).intValue(); } @@ -296,8 +289,8 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { try { ext = new BasicConstraintsExtension(isCA, critical, pathLen); } catch (Exception e) { - CMS.debug("BasicConstraintsExtDefault: createExtension " + - e.toString()); + CMS.debug("BasicConstraintsExtDefault: createExtension " + + e.toString()); return null; } ext.setCritical(critical); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java index 4b883f7f..38a74bf0 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -34,12 +33,10 @@ import netscape.security.x509.X509Key; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.ca.ICertificateAuthority; - /** - * This class implements an abstract CA specific - * Enrollment default. This policy can only be - * used with CA subsystem. - * + * This class implements an abstract CA specific Enrollment default. This policy + * can only be used with CA subsystem. + * * @version $Revision$, $Date$ */ public abstract class CAEnrollDefault extends EnrollDefault { @@ -48,8 +45,8 @@ public abstract class CAEnrollDefault extends EnrollDefault { public KeyIdentifier getKeyIdentifier(X509CertInfo info) { try { - CertificateX509Key ckey = (CertificateX509Key) - info.get(X509CertInfo.KEY); + CertificateX509Key ckey = (CertificateX509Key) + info.get(X509CertInfo.KEY); X509Key key = (X509Key) ckey.get(CertificateX509Key.KEY); MessageDigest md = MessageDigest.getInstance("SHA-1"); @@ -59,35 +56,35 @@ public abstract class CAEnrollDefault extends EnrollDefault { return new KeyIdentifier(hash); } catch (IOException e) { CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + - e.toString()); + e.toString()); } catch (CertificateException e) { CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + - e.toString()); + e.toString()); } catch (NoSuchAlgorithmException e) { CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + - e.toString()); + e.toString()); } return null; } public KeyIdentifier getCAKeyIdentifier() { ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); X509CertImpl caCert = ca.getCACert(); if (caCert == null) { - // during configuration, we dont have the CA certificate - return null; + // during configuration, we dont have the CA certificate + return null; } X509Key key = (X509Key) caCert.getPublicKey(); SubjectKeyIdentifierExtension subjKeyIdExt = - (SubjectKeyIdentifierExtension) - caCert.getExtension(PKIXExtensions.SubjectKey_Id.toString()); + (SubjectKeyIdentifierExtension) + caCert.getExtension(PKIXExtensions.SubjectKey_Id.toString()); if (subjKeyIdExt != null) { try { - KeyIdentifier keyId = (KeyIdentifier) subjKeyIdExt.get( - SubjectKeyIdentifierExtension.KEY_ID); - return keyId; + KeyIdentifier keyId = (KeyIdentifier) subjKeyIdExt.get( + SubjectKeyIdentifierExtension.KEY_ID); + return keyId; } catch (IOException e) { } } @@ -101,7 +98,7 @@ public abstract class CAEnrollDefault extends EnrollDefault { return new KeyIdentifier(hash); } catch (NoSuchAlgorithmException e) { CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + - e.toString()); + e.toString()); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java index 8bf4c75f..01f9bd65 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.text.ParsePosition; import java.text.SimpleDateFormat; @@ -39,21 +38,19 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements a CA signing cert enrollment default policy - * that populates a server-side configurable validity - * into the certificate template. + * This class implements a CA signing cert enrollment default policy that + * populates a server-side configurable validity into the certificate template. * It allows an agent to bypass the CA's signing cert's expiration constraint */ public class CAValidityDefault extends EnrollDefault { public static final String CONFIG_RANGE = "range"; public static final String CONFIG_START_TIME = "startTime"; - public static final String CONFIG_BYPASS_CA_NOTAFTER= "bypassCAnotafter"; + public static final String CONFIG_BYPASS_CA_NOTAFTER = "bypassCAnotafter"; public static final String VAL_NOT_BEFORE = "notBefore"; public static final String VAL_NOT_AFTER = "notAfter"; - public static final String VAL_BYPASS_CA_NOTAFTER= "bypassCAnotafter"; + public static final String VAL_BYPASS_CA_NOTAFTER = "bypassCAnotafter"; public static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss"; @@ -72,28 +69,28 @@ public class CAValidityDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mCA = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (name.equals(CONFIG_RANGE)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_RANGE)); - } + } } else if (name.equals(CONFIG_START_TIME)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); - } + } } super.setConfig(name, value); } @@ -101,16 +98,16 @@ public class CAValidityDefault extends EnrollDefault { public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_RANGE)) { return new Descriptor(IDescriptor.STRING, - null, + null, "2922", /* 8 years */ CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_RANGE")); + "CMS_PROFILE_VALIDITY_RANGE")); } else if (name.equals(CONFIG_START_TIME)) { return new Descriptor(IDescriptor.STRING, - null, + null, "60", /* 1 minute */ CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_START_TIME")); + "CMS_PROFILE_VALIDITY_START_TIME")); } else if (name.equals(CONFIG_BYPASS_CA_NOTAFTER)) { return new Descriptor(IDescriptor.BOOLEAN, null, "false", @@ -138,21 +135,21 @@ public class CAValidityDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { + X509CertInfo info, String value) + throws EPropertyException { + if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } - if (value == null || value.equals("")) { + if (value == null || value.equals("")) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } - CMS.debug("CAValidityDefault: setValue name= "+ name); + CMS.debug("CAValidityDefault: setValue name= " + name); if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); CertificateValidity validity = null; @@ -161,15 +158,15 @@ public class CAValidityDefault extends EnrollDefault { validity = (CertificateValidity) info.get(X509CertInfo.VALIDITY); validity.set(CertificateValidity.NOT_BEFORE, - date); + date); } catch (Exception e) { CMS.debug("CAValidityDefault: setValue " + e.toString()); throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); CertificateValidity validity = null; @@ -178,7 +175,7 @@ public class CAValidityDefault extends EnrollDefault { validity = (CertificateValidity) info.get(X509CertInfo.VALIDITY); validity.set(CertificateValidity.NOT_AFTER, - date); + date); } catch (Exception e) { CMS.debug("CAValidityDefault: setValue " + e.toString()); throw new EPropertyException(CMS.getUserMessage( @@ -186,23 +183,23 @@ public class CAValidityDefault extends EnrollDefault { } } else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) { boolean bypassCAvalidity = Boolean.valueOf(value).booleanValue(); - CMS.debug("CAValidityDefault: setValue: bypassCAvalidity="+ bypassCAvalidity); + CMS.debug("CAValidityDefault: setValue: bypassCAvalidity=" + bypassCAvalidity); BasicConstraintsExtension ext = (BasicConstraintsExtension) getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - if(ext == null) { + if (ext == null) { CMS.debug("CAValidityDefault: setValue: this default cannot be applied to non-CA cert."); return; } try { Boolean isCA = (Boolean) ext.get(BasicConstraintsExtension.IS_CA); - if(isCA.booleanValue() != true) { + if (isCA.booleanValue() != true) { CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert."); return; } } catch (Exception e) { - CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert."+ e.toString()); + CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert." + e.toString()); return; } @@ -210,7 +207,7 @@ public class CAValidityDefault extends EnrollDefault { Date notAfter = null; try { validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); + info.get(X509CertInfo.VALIDITY); notAfter = (Date) validity.get(CertificateValidity.NOT_AFTER); } catch (Exception e) { CMS.debug("CAValidityDefault: setValue " + e.toString()); @@ -220,7 +217,7 @@ public class CAValidityDefault extends EnrollDefault { // not to exceed CA's expiration Date caNotAfter = - mCA.getSigningUnit().getCertImpl().getNotAfter(); + mCA.getSigningUnit().getCertImpl().getNotAfter(); if (notAfter.after(caNotAfter)) { if (bypassCAvalidity == false) { @@ -232,7 +229,7 @@ public class CAValidityDefault extends EnrollDefault { } try { validity.set(CertificateValidity.NOT_AFTER, - notAfter); + notAfter); } catch (Exception e) { CMS.debug("CAValidityDefault: setValue " + e.toString()); throw new EPropertyException(CMS.getUserMessage( @@ -243,19 +240,19 @@ public class CAValidityDefault extends EnrollDefault { locale, "CMS_INVALID_PROPERTY", name)); } } - + public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); - CMS.debug("CAValidityDefault: getValue: name= "+ name); + CMS.debug("CAValidityDefault: getValue: name= " + name); if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); CertificateValidity validity = null; try { @@ -269,8 +266,8 @@ public class CAValidityDefault extends EnrollDefault { locale, "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); CertificateValidity validity = null; try { @@ -298,19 +295,19 @@ public class CAValidityDefault extends EnrollDefault { getConfig(CONFIG_BYPASS_CA_NOTAFTER) }; - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", params); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", params); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { // always + 60 seconds String startTimeStr = getConfig(CONFIG_START_TIME); try { - startTimeStr = mapPattern(request, startTimeStr); + startTimeStr = mapPattern(request, startTimeStr); } catch (IOException e) { CMS.debug("CAValidityDefault: populate " + e.toString()); } @@ -325,7 +322,7 @@ public class CAValidityDefault extends EnrollDefault { try { String rangeStr = getConfig(CONFIG_RANGE); rangeStr = mapPattern(request, rangeStr); - notAfterVal = notBefore.getTime() + + notAfterVal = notBefore.getTime() + (mDefault * Integer.parseInt(rangeStr)); } catch (Exception e) { // configured value is not correct @@ -335,8 +332,8 @@ public class CAValidityDefault extends EnrollDefault { } Date notAfter = new Date(notAfterVal); - CertificateValidity validity = - new CertificateValidity(notBefore, notAfter); + CertificateValidity validity = + new CertificateValidity(notBefore, notAfter); try { info.set(X509CertInfo.VALIDITY, validity); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java index 5a551033..5b500c53 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -45,12 +44,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a CRL Distribution points extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a CRL + * Distribution points extension into the certificate template. + * * @version $Revision$, $Date$ */ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { @@ -84,32 +81,31 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_POINTS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_POINTS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_POINTS || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } + } } super.setConfig(name, value); } - public Enumeration<String> getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); @@ -147,39 +143,39 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } } - if (num >= MAX_NUM_POINTS) + if (num >= MAX_NUM_POINTS) num = DEF_NUM_POINTS; return num; } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_POINT_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_POINT_TYPE")); } else if (name.startsWith(CONFIG_POINT_NAME)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_POINT_NAME")); } else if (name.startsWith(CONFIG_REASONS)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_REASONS")); } else if (name.startsWith(CONFIG_ISSUER_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_TYPE")); } else if (name.startsWith(CONFIG_ISSUER_NAME)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_NAME")); } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_POINTS)) { @@ -193,12 +189,12 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + if (name.equals(VAL_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_CRL_DISTRIBUTION_POINTS")); } else { @@ -207,47 +203,45 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { CRLDistributionPointsExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (CRLDistributionPointsExtension) getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); + info); - if(ext == null) { - populate(locale,info); + if (ext == null) { + populate(locale, info); } if (name.equals(VAL_CRITICAL)) { ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); + getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) - { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { + ext.setCritical(val); + } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); + getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), + info); - if(ext == null) - { + if (ext == null) { return; } Vector<NameValuePairs> v = parseRecords(value); int size = v.size(); - + boolean critical = ext.isCritical(); int i = 0; @@ -285,7 +279,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { if (issuerType != null) addIssuer(locale, cdp, issuerType, issuerValue); - // this is the first distribution point + // this is the first distribution point if (i == 0) { ext = new CRLDistributionPointsExtension(cdp); ext.setCritical(critical); @@ -295,51 +289,51 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - ext, info); + ext, info); } catch (EProfileException e) { - CMS.debug("CRLDistributionPointsExtDefault: setValue " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( + CMS.debug("CRLDistributionPointsExtDefault: setValue " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { + String value) throws EPropertyException { try { if (value == null || value.length() == 0) return; - + if (type.equals(RELATIVETOISSUER)) { cdp.setRelativeName(new RDN(value)); } else if (isGeneralNameType(type)) { GeneralNames gen = new GeneralNames(); - gen.addElement(parseGeneralName(type,value)); + gen.addElement(parseGeneralName(type, value)); cdp.setFullName(gen); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } } catch (IOException e) { - CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( + CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } catch (GeneralNamesException e) { - CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( + CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } } private void addIssuer(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { + String value) throws EPropertyException { if (value == null || value.length() == 0) return; try { @@ -349,20 +343,20 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { gen.addElement(parseGeneralName(type, value)); cdp.setCRLIssuer(gen); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } } catch (IOException e) { - CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + - e.toString()); + CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + + e.toString()); } catch (GeneralNamesException e) { - CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + - e.toString()); + CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + + e.toString()); } } - private void addReasons(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { + private void addReasons(Locale locale, CRLDistributionPoint cdp, String type, + String value) throws EPropertyException { if (value == null || value.length() == 0) return; if (type.equals(REASONS)) { @@ -376,7 +370,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { if (r == null) { CMS.debug("CRLDistributeionPointsExtDefault: addReasons Unknown reason: " + s); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", s)); } else { reasonBits |= r.getBitMask(); @@ -384,47 +378,46 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } if (reasonBits != 0) { - BitArray ba = new BitArray(8, new byte[] {reasonBits} - ); + BitArray ba = new BitArray(8, new byte[] { reasonBits } + ); cdp.setReasons(ba); } } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { CRLDistributionPointsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (CRLDistributionPointsExtension) getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); + info); - if(ext == null) - { + if (ext == null) { try { - populate(locale,info); + populate(locale, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); + getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), + info); if (ext == null) { return null; @@ -434,10 +427,10 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { + } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); + getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), + info); if (ext == null) return ""; @@ -451,7 +444,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { NameValuePairs pairs = null; if (i < ext.getNumPoints()) { - CRLDistributionPoint p = ext.getPointAt(i); + CRLDistributionPoint p = ext.getPointAt(i); GeneralNames gns = p.getFullName(); pairs = buildGeneralNames(gns, p); @@ -461,10 +454,10 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { recs.addElement(pairs); } } - + return buildRecords(recs); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -482,7 +475,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } protected NameValuePairs buildGeneralNames(GeneralNames gns, CRLDistributionPoint p) - throws EPropertyException { + throws EPropertyException { NameValuePairs pairs = new NameValuePairs(); @@ -551,14 +544,14 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { if (reasons != null) { byte[] b = reasons.toByteArray(); Reason[] reasonArray = Reason.bitArrayToReasonArray(b); - + for (int i = 0; i < reasonArray.length; i++) { if (sb.length() > 0) sb.append(","); sb.append(reasonArray[i].getName()); } } - + return sb.toString(); } @@ -589,8 +582,8 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_ENABLE + i)); sb.append("}"); } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_CRL_DIST_POINTS_EXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_CRL_DIST_POINTS_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); } @@ -599,29 +592,30 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ private void populate(Locale locale, X509CertInfo info) - throws EProfileException { + throws EProfileException { CRLDistributionPointsExtension ext = createExtension(locale); if (ext == null) return; addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - ext, info); + ext, info); } + /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CRLDistributionPointsExtension ext = createExtension(request); if (ext == null) return; - addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - ext, info); + addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), + ext, info); } public CRLDistributionPointsExtension createExtension(IRequest request) { - CRLDistributionPointsExtension ext = null; + CRLDistributionPointsExtension ext = null; int num = 0; try { @@ -631,8 +625,8 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { for (int i = 0; i < num; i++) { CRLDistributionPoint cdp = new CRLDistributionPoint(); - String enable = getConfig(CONFIG_ENABLE + i); - String pointType = getConfig(CONFIG_POINT_TYPE + i); + String enable = getConfig(CONFIG_ENABLE + i); + String pointType = getConfig(CONFIG_POINT_TYPE + i); String pointName = getConfig(CONFIG_POINT_NAME + i); String reasons = getConfig(CONFIG_REASONS + i); String issuerType = getConfig(CONFIG_ISSUER_TYPE + i); @@ -644,7 +638,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { if (issuerType != null) addIssuer(getLocale(request), cdp, issuerType, issuerName); if (reasons != null) - addReasons(getLocale(request), cdp, REASONS, reasons); + addReasons(getLocale(request), cdp, REASONS, reasons); if (i == 0) { ext = new CRLDistributionPointsExtension(cdp); @@ -656,7 +650,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } } catch (Exception e) { CMS.debug("CRLDistribtionPointsExtDefault: createExtension " + - e.toString()); + e.toString()); CMS.debug(e); } @@ -698,7 +692,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } } catch (Exception e) { CMS.debug("CRLDistribtionPointsExtDefault: createExtension " + - e.toString()); + e.toString()); CMS.debug(e); } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java index 63a4d303..416da61b 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java @@ -1,4 +1,3 @@ - // --- BEGIN COPYRIGHT BLOCK --- // This program is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by @@ -18,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -49,10 +47,9 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; /** - * This class implements an enrollment default policy - * that populates a policy mappings extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a policy + * mappings extension into the certificate template. + * * @version $Revision$, $Date$ */ public class CertificatePoliciesExtDefault extends EnrollExtDefault { @@ -122,33 +119,32 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { int num = 0; if (name.equals(CONFIG_POLICY_NUM)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_POLICIES || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_POLICIES || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM)); - } + } } super.setConfig(name, value); } - public Enumeration<String> getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); @@ -166,22 +162,22 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { int numQualifiers = getNumQualifiers(); addConfigName(CONFIG_POLICY_NUM); - + for (int i = 0; i < num; i++) { - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ID); - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ENABLE); - for (int j=0; j<numQualifiers; j++) { - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_ENABLE); - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ENABLE); - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_VALUE); - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ORG); - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_NUMBERS); - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_TEXT); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE); + for (int j = 0; j < numQualifiers; j++) { + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT); } } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { return new Descriptor(IDescriptor.BOOLEAN, null, @@ -189,16 +185,16 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.indexOf(CONFIG_POLICY_ID) >= 0) { return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_ID")); + null, + CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_ID")); } else if (name.indexOf(CONFIG_CPSURI_ENABLE) >= 0) { return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_CPSURI_ENABLE")); + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_CPSURI_ENABLE")); } else if (name.indexOf(CONFIG_USERNOTICE_ENABLE) >= 0) { return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_USERNOTICE_ENABLE")); + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_USERNOTICE_ENABLE")); } else if (name.indexOf(CONFIG_POLICY_ENABLE) >= 0) { return new Descriptor(IDescriptor.BOOLEAN, null, "false", @@ -225,8 +221,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_CPSURI")); } else if (name.indexOf(CONFIG_POLICY_NUM) >= 0) { return new Descriptor(IDescriptor.INTEGER, null, - "5", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICIES")); + "5", + CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICIES")); } return null; } @@ -234,7 +230,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_POLICY_QUALIFIERS)) { @@ -253,126 +249,126 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { int index = token.indexOf(":"); if (index <= 0) throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", token)); + "CMS_INVALID_PROPERTY", token)); String name = token.substring(0, index); String val = ""; - if ((token.length()-1) > index) { - val = token.substring(index+1); + if ((token.length() - 1) > index) { + val = token.substring(index + 1); } table.put(name, val); - } - + } + return table; } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { CertificatePoliciesExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_CRITICAL)) { ext = (CertificatePoliciesExtension) - getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - info); + getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - ext.setCritical(val); - } else if (name.equals(VAL_POLICY_QUALIFIERS)) { + ext.setCritical(val); + } else if (name.equals(VAL_POLICY_QUALIFIERS)) { ext = (CertificatePoliciesExtension) - getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - info); - + getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), + info); + Hashtable<String, String> h = buildRecords(value); - String numStr = (String)h.get(CONFIG_POLICY_NUM); + String numStr = (String) h.get(CONFIG_POLICY_NUM); int size = Integer.parseInt(numStr); Vector<CertificatePolicyInfo> certificatePolicies = new Vector<CertificatePolicyInfo>(); for (int i = 0; i < size; i++) { - String enable = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ENABLE); + String enable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE); CertificatePolicyInfo cinfo = null; if (enable != null && enable.equals("true")) { - String policyId = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ID); + String policyId = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID); - if (policyId == null || policyId.length() == 0) - throw new EPropertyException(CMS.getUserMessage( + if (policyId == null || policyId.length() == 0) + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID")); CertificatePolicyId cpolicyId = getPolicyId(policyId); - String qualifersNum = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_QUALIFIERS_NUM); + String qualifersNum = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM); PolicyQualifiers policyQualifiers = new PolicyQualifiers(); int num = 0; if (qualifersNum != null && qualifersNum.length() > 0) num = Integer.parseInt(qualifersNum); - for (int j=0; j<num; j++) { - String cpsuriEnable = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_ENABLE); - String usernoticeEnable = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ENABLE); + for (int j = 0; j < num; j++) { + String cpsuriEnable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE); + String usernoticeEnable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE); if (cpsuriEnable != null && cpsuriEnable.equals("true")) { - String cpsuri = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_VALUE); + String cpsuri = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE); netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri); if (qualifierInfo != null) - policyQualifiers.add(qualifierInfo); + policyQualifiers.add(qualifierInfo); } else if (usernoticeEnable != null && enable.equals("true")) { - String org = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ORG); - String noticenumbers = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_NUMBERS); - String explicitText = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_TEXT); + String org = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG); + String noticenumbers = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); + String explicitText = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT); netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(org, - noticenumbers, explicitText); + noticenumbers, explicitText); if (qualifierInfo != null) - policyQualifiers.add(qualifierInfo); + policyQualifiers.add(qualifierInfo); } } if (policyQualifiers.size() <= 0) { cinfo = - new CertificatePolicyInfo(cpolicyId); + new CertificatePolicyInfo(cpolicyId); } else { cinfo = - new CertificatePolicyInfo(cpolicyId, policyQualifiers); + new CertificatePolicyInfo(cpolicyId, policyQualifiers); } if (cinfo != null) - certificatePolicies.addElement(cinfo); + certificatePolicies.addElement(cinfo); } } ext.set(CertificatePoliciesExtension.INFOS, certificatePolicies); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - ext, info); + ext, info); } catch (EProfileException e) { CMS.debug("CertificatePoliciesExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } catch (IOException e) { CMS.debug("CertificatePoliciesExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { CertificatePoliciesExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_CRITICAL)) { ext = (CertificatePoliciesExtension) - getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - info); + getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), + info); if (ext == null) { return null; @@ -382,10 +378,10 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_POLICY_QUALIFIERS)) { + } else if (name.equals(VAL_POLICY_QUALIFIERS)) { ext = (CertificatePoliciesExtension) - getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - info); + getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), + info); if (ext == null) return ""; @@ -396,14 +392,14 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append(":"); sb.append(num_policies); sb.append("\n"); - - Vector<CertificatePolicyInfo> infos ; + + Vector<CertificatePolicyInfo> infos; try { @SuppressWarnings("unchecked") - Vector<CertificatePolicyInfo> certPolicyInfos = (Vector<CertificatePolicyInfo>)ext.get(CertificatePoliciesExtension.INFOS); + Vector<CertificatePolicyInfo> certPolicyInfos = (Vector<CertificatePolicyInfo>) ext.get(CertificatePoliciesExtension.INFOS); infos = certPolicyInfos; } catch (IOException ee) { - infos =null; + infos = null; } for (int i = 0; i < num_policies; i++) { @@ -411,70 +407,70 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { String policyId = ""; String policyEnable = "false"; PolicyQualifiers qualifiers = null; - if (infos.size() > 0) { - CertificatePolicyInfo cinfo = - infos.elementAt(0); - - CertificatePolicyId id1 = cinfo.getPolicyIdentifier(); + if (infos.size() > 0) { + CertificatePolicyInfo cinfo = + infos.elementAt(0); + + CertificatePolicyId id1 = cinfo.getPolicyIdentifier(); policyId = id1.getIdentifier().toString(); policyEnable = "true"; qualifiers = cinfo.getPolicyQualifiers(); if (qualifiers != null) - qSize = qualifiers.size(); + qSize = qualifiers.size(); infos.removeElementAt(0); } - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ENABLE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE); sb.append(":"); sb.append(policyEnable); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ID); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID); sb.append(":"); sb.append(policyId); sb.append("\n"); - + if (qSize == 0) { - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_QUALIFIERS_NUM); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM); sb.append(":"); sb.append(DEF_NUM_QUALIFIERS); sb.append("\n"); } else { - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_QUALIFIERS_NUM); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM); sb.append(":"); sb.append(qSize); sb.append("\n"); } if (qSize == 0) { - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_CPSURI_ENABLE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_CPSURI_ENABLE); sb.append(":"); sb.append("false"); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_CPSURI_VALUE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_CPSURI_VALUE); sb.append(":"); sb.append(""); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_ENABLE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_ENABLE); sb.append(":"); sb.append("false"); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_ORG); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_ORG); sb.append(":"); sb.append(""); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_NUMBERS); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); sb.append(":"); sb.append(""); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_TEXT); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_TEXT); sb.append(":"); sb.append(""); sb.append("\n"); } - for (int j=0; j<qSize; j++) { + for (int j = 0; j < qSize; j++) { netscape.security.x509.PolicyQualifierInfo qinfo = qualifiers.getInfoAt(j); ObjectIdentifier oid = qinfo.getId(); Qualifier qualifier = qinfo.getQualifier(); - + String cpsuriEnable = "false"; String usernoticeEnable = "false"; String cpsuri = ""; @@ -484,16 +480,16 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { if (oid.toString().equals(netscape.security.x509.PolicyQualifierInfo.QT_CPS.toString())) { cpsuriEnable = "true"; - CPSuri content = (CPSuri)qualifier; - cpsuri = content.getURI(); + CPSuri content = (CPSuri) qualifier; + cpsuri = content.getURI(); } else if (oid.toString().equals(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE.toString())) { usernoticeEnable = "true"; - UserNotice content = (UserNotice)qualifier; + UserNotice content = (UserNotice) qualifier; NoticeReference ref = content.getNoticeReference(); if (ref != null) { org = ref.getOrganization().getText(); int[] nums = ref.getNumbers(); - for (int k=0; k<nums.length; k++) { + for (int k = 0; k < nums.length; k++) { if (k != 0) { noticeNum.append(","); noticeNum.append(nums[k]); @@ -506,27 +502,27 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { explicitText = displayText.getText(); } - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_ENABLE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE); sb.append(":"); sb.append(cpsuriEnable); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_VALUE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE); sb.append(":"); sb.append(cpsuri); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ENABLE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE); sb.append(":"); sb.append(usernoticeEnable); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ORG); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG); sb.append(":"); sb.append(org); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_NUMBERS); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); sb.append(":"); sb.append(noticeNum.toString()); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_TEXT); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT); sb.append(":"); sb.append(explicitText); sb.append("\n"); @@ -534,7 +530,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { } // end of for loop return sb.toString(); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -552,7 +548,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append(","); for (int i = 0; i < num; i++) { sb.append("{"); - IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX+i); + IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX + i); String enable = substore.getString(CONFIG_POLICY_ENABLE, ""); sb.append(POLICY_ID_ENABLE + ":"); sb.append(enable); @@ -562,18 +558,18 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append(policyId); sb.append(","); String qualifiersNum = substore.getString(CONFIG_POLICY_QUALIFIERS_NUM, ""); - sb.append(CONFIG_POLICY_QUALIFIERS_NUM+":"); + sb.append(CONFIG_POLICY_QUALIFIERS_NUM + ":"); sb.append(qualifiersNum); sb.append(","); - for (int j=0; j<num1; j++) { - IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1+j); + for (int j = 0; j < num1; j++) { + IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1 + j); sb.append("{"); String cpsuriEnable = substore1.getString(CONFIG_CPSURI_ENABLE, ""); sb.append(POLICY_QUALIFIER_CPSURI_ENABLE + ":"); sb.append(cpsuriEnable); sb.append(","); String usernoticeEnable = substore1.getString(CONFIG_USERNOTICE_ENABLE, ""); - sb.append(POLICY_QUALIFIER_USERNOTICE_ENABLE+ ":"); + sb.append(POLICY_QUALIFIER_USERNOTICE_ENABLE + ":"); sb.append(usernoticeEnable); sb.append(","); String org = substore1.getString(CONFIG_USERNOTICE_ORG, ""); @@ -596,9 +592,9 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append("}"); } sb.append("}"); - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_CERTIFICATE_POLICIES_EXT", - getConfig(CONFIG_CRITICAL), sb.toString()); + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_CERTIFICATE_POLICIES_EXT", + getConfig(CONFIG_CRITICAL), sb.toString()); } catch (Exception e) { return ""; } @@ -608,72 +604,72 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificatePoliciesExtension ext = createExtension(); if (ext == null) return; - addExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - ext, info); + addExtension(PKIXExtensions.CertificatePolicies_Id.toString(), + ext, info); } - public CertificatePoliciesExtension createExtension() - throws EProfileException { - CertificatePoliciesExtension ext = null; + public CertificatePoliciesExtension createExtension() + throws EProfileException { + CertificatePoliciesExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); Vector<CertificatePolicyInfo> certificatePolicies = new Vector<CertificatePolicyInfo>(); int num = getNumPolicies(); - CMS.debug("CertificatePoliciesExtension: createExtension: number of policies="+num); + CMS.debug("CertificatePoliciesExtension: createExtension: number of policies=" + num); IConfigStore config = getConfigStore(); - for (int i = 0; i < num; i++) { + for (int i = 0; i < num; i++) { IConfigStore basesubstore = config.getSubStore("params"); - IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX+i); + IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX + i); String enable = substore.getString(CONFIG_POLICY_ENABLE); - CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy "+i+" enable="+enable); + CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy " + i + " enable=" + enable); if (enable != null && enable.equals("true")) { String policyId = substore.getString(CONFIG_POLICY_ID); CertificatePolicyId cpolicyId = getPolicyId(policyId); - CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy "+i+" policyId="+policyId); + CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy " + i + " policyId=" + policyId); int qualifierNum = getNumQualifiers(); PolicyQualifiers policyQualifiers = new PolicyQualifiers(); - for (int j=0; j<qualifierNum; j++) { - IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1+j); + for (int j = 0; j < qualifierNum; j++) { + IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1 + j); String cpsuriEnable = substore1.getString(CONFIG_CPSURI_ENABLE); String usernoticeEnable = substore1.getString(CONFIG_USERNOTICE_ENABLE); if (cpsuriEnable != null && cpsuriEnable.equals("true")) { String cpsuri = substore1.getString(CONFIG_CPSURI_VALUE, ""); - netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri); + netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri); if (qualifierInfo != null) - policyQualifiers.add(qualifierInfo); - } else if (usernoticeEnable != null && + policyQualifiers.add(qualifierInfo); + } else if (usernoticeEnable != null && usernoticeEnable.equals("true")) { String org = substore1.getString(CONFIG_USERNOTICE_ORG); String noticenumbers = substore1.getString(CONFIG_USERNOTICE_NUMBERS); String explicitText = substore1.getString(CONFIG_USERNOTICE_TEXT); netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(org, - noticenumbers, explicitText); + noticenumbers, explicitText); if (qualifierInfo != null) policyQualifiers.add(qualifierInfo); } } - + CertificatePolicyInfo info = null; if (policyQualifiers.size() <= 0) { - info = - new CertificatePolicyInfo(cpolicyId); + info = + new CertificatePolicyInfo(cpolicyId); } else { - info = - new CertificatePolicyInfo(cpolicyId, policyQualifiers); + info = + new CertificatePolicyInfo(cpolicyId, policyQualifiers); } - + if (info != null) - certificatePolicies.addElement(info); + certificatePolicies.addElement(info); } } @@ -683,51 +679,51 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { } catch (EProfileException e) { throw e; } catch (Exception e) { - CMS.debug("CertificatePoliciesExtDefault: createExtension " + - e.toString()); + CMS.debug("CertificatePoliciesExtDefault: createExtension " + + e.toString()); } return ext; } - private CertificatePolicyId getPolicyId (String policyId) throws EPropertyException { + private CertificatePolicyId getPolicyId(String policyId) throws EPropertyException { if (policyId == null || policyId.length() == 0) throw new EPropertyException(CMS.getUserMessage( - "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID")); + "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID")); CertificatePolicyId cpolicyId = null; try { cpolicyId = new CertificatePolicyId( - ObjectIdentifier.getObjectIdentifier(policyId)); + ObjectIdentifier.getObjectIdentifier(policyId)); return cpolicyId; } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_PROFILE_CERTIFICATE_POLICIES_POLICYID_ERROR", policyId)); + "CMS_PROFILE_CERTIFICATE_POLICIES_POLICYID_ERROR", policyId)); } } private netscape.security.x509.PolicyQualifierInfo createCPSuri(String uri) throws EPropertyException { - if (uri == null || uri.length() == 0) + if (uri == null || uri.length() == 0) throw new EPropertyException(CMS.getUserMessage( - "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_CPSURI")); + "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_CPSURI")); - CPSuri cpsURI = new CPSuri(uri); + CPSuri cpsURI = new CPSuri(uri); netscape.security.x509.PolicyQualifierInfo policyQualifierInfo2 = - new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_CPS, cpsURI); - + new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_CPS, cpsURI); + return policyQualifierInfo2; } - private netscape.security.x509.PolicyQualifierInfo createUserNotice(String organization, - String noticeText, String noticeNums) throws EPropertyException { - - if ((organization == null || organization.length() == 0) && - (noticeNums == null || noticeNums.length() == 0) && - (noticeText == null || noticeText.length() == 0)) + private netscape.security.x509.PolicyQualifierInfo createUserNotice(String organization, + String noticeText, String noticeNums) throws EPropertyException { + + if ((organization == null || organization.length() == 0) && + (noticeNums == null || noticeNums.length() == 0) && + (noticeText == null || noticeText.length() == 0)) return null; DisplayText explicitText = null; - if (noticeText != null && noticeText.length() > 0) + if (noticeText != null && noticeText.length() > 0) explicitText = new DisplayText(DisplayText.tag_VisibleString, noticeText); int nums[] = null; @@ -753,7 +749,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { DisplayText orgName = null; if (organization != null && organization.length() > 0) { orgName = - new DisplayText(DisplayText.tag_VisibleString, organization); + new DisplayText(DisplayText.tag_VisibleString, organization); } NoticeReference noticeReference = null; @@ -763,10 +759,10 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { UserNotice userNotice = null; if (explicitText != null || noticeReference != null) { - userNotice = new UserNotice (noticeReference, explicitText); + userNotice = new UserNotice(noticeReference, explicitText); netscape.security.x509.PolicyQualifierInfo policyQualifierInfo1 = - new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE, userNotice); + new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE, userNotice); return policyQualifierInfo1; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java index f3b68594..f5b00970 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java @@ -34,10 +34,9 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; /** - * This class implements an enrollment default policy - * that populates a Netscape comment extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a Netscape + * comment extension into the certificate template. + * * @version $Revision$, $Date$ */ public class CertificateVersionDefault extends EnrollExtDefault { @@ -54,11 +53,11 @@ public class CertificateVersionDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_VERSION)) { return new Descriptor(IDescriptor.INTEGER, null, "3", @@ -69,14 +68,14 @@ public class CertificateVersionDefault extends EnrollExtDefault { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (name.equals(CONFIG_VERSION)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_VERSION)); - } + } } super.setConfig(name, value); } @@ -92,32 +91,32 @@ public class CertificateVersionDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } - if (name.equals(VAL_VERSION)) { + if (name.equals(VAL_VERSION)) { if (value == null || value.equals("")) - throw new EPropertyException(name+" cannot be empty"); + throw new EPropertyException(name + " cannot be empty"); else { - int version = Integer.valueOf(value).intValue()-1; - + int version = Integer.valueOf(value).intValue() - 1; + if (version == CertificateVersion.V1) info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V1)); + new CertificateVersion(CertificateVersion.V1)); else if (version == CertificateVersion.V2) info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V2)); + new CertificateVersion(CertificateVersion.V2)); else if (version == CertificateVersion.V3) info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { @@ -128,30 +127,30 @@ public class CertificateVersionDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } - if (name.equals(VAL_VERSION)) { + if (name.equals(VAL_VERSION)) { CertificateVersion v = null; - try { - v = (CertificateVersion)info.get( - X509CertInfo.VERSION); + try { + v = (CertificateVersion) info.get( + X509CertInfo.VERSION); } catch (Exception e) { } if (v == null) - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); int version = v.compare(0); - - return ""+(version+1); + + return "" + (version + 1); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -168,26 +167,26 @@ public class CertificateVersionDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { String v = getConfig(CONFIG_VERSION); - int version = Integer.valueOf(v).intValue()-1; - + int version = Integer.valueOf(v).intValue() - 1; + try { if (version == CertificateVersion.V1) info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V1)); + new CertificateVersion(CertificateVersion.V1)); else if (version == CertificateVersion.V2) info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V2)); + new CertificateVersion(CertificateVersion.V2)); else if (version == CertificateVersion.V3) info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); else { throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_VERSION)); + getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_VERSION)); } } catch (IOException e) { } catch (CertificateException e) { - } + } } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java index 239765ab..81efbf90 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java @@ -60,10 +60,9 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements an enrollment default policy. - * + * * @version $Revision$, $Date$ */ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDefault { @@ -99,7 +98,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (mConfig.getSubStore("params") == null) { // } else { @@ -120,19 +119,18 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } /** * Retrieves the localizable description of this policy. - * + * * @param locale locale of the end user * @return localized description of this default policy */ public abstract String getText(Locale locale); - public IConfigStore getConfigStore() { return mConfig; } @@ -147,60 +145,57 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe /** * Populates attributes into the certificate template. - * + * * @param request enrollment request * @param info certificate template - * @exception EProfileException failed to populate attributes - * into request + * @exception EProfileException failed to populate attributes into request */ public abstract void populate(IRequest request, X509CertInfo info) - throws EProfileException; + throws EProfileException; /** * Sets values from the approval page into certificate template. - * + * * @param name name of the attribute * @param locale user locale * @param info certificate template * @param value attribute value - * @exception EProfileException failed to set attributes - * into request + * @exception EProfileException failed to set attributes into request */ - public abstract void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException; + public abstract void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException; /** - * Retrieves certificate template values and returns them to - * the approval page. - * + * Retrieves certificate template values and returns them to the approval + * page. + * * @param name name of the attribute * @param locale user locale * @param info certificate template - * @exception EProfileException failed to get attributes - * from request + * @exception EProfileException failed to get attributes from request */ - public abstract String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException; + public abstract String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException; /** * Populates the request with this policy default. - * - * The current implementation extracts enrollment specific attributes - * and calls the populate() method of the subclass. - * + * + * The current implementation extracts enrollment specific attributes and + * calls the populate() method of the subclass. + * * @param request request to be populated * @exception EProfileException failed to populate */ public void populate(IRequest request) - throws EProfileException { + throws EProfileException { String name = getClass().getName(); name = name.substring(name.lastIndexOf('.') + 1); CMS.debug(name + ": populate start"); X509CertInfo info = - request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); populate(request, info); @@ -222,21 +217,21 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe /** * Sets the value of the given value property by name. - * - * The current implementation extracts enrollment specific attributes - * and calls the setValue() method of the subclass. - * + * + * The current implementation extracts enrollment specific attributes and + * calls the setValue() method of the subclass. + * * @param name name of property * @param locale locale of the end user * @param request request * @param value value to be set in the given request * @exception EPropertyException failed to set property */ - public void setValue(String name, Locale locale, IRequest request, - String value) - throws EPropertyException { + public void setValue(String name, Locale locale, IRequest request, + String value) + throws EPropertyException { X509CertInfo info = - request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); setValue(name, locale, info, value); @@ -244,21 +239,20 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } /** - * Retrieves the value of the given value - * property by name. - * - * The current implementation extracts enrollment specific attributes - * and calls the getValue() method of the subclass. - * + * Retrieves the value of the given value property by name. + * + * The current implementation extracts enrollment specific attributes and + * calls the getValue() method of the subclass. + * * @param name name of property * @param locale locale of the end user * @param request request * @exception EPropertyException failed to get property */ public String getValue(String name, Locale locale, IRequest request) - throws EPropertyException { + throws EPropertyException { X509CertInfo info = - request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); String value = getValue(name, locale, info); request.setExtData(IEnrollProfile.REQUEST_CERTINFO, info); @@ -279,8 +273,8 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } protected void refreshConfigAndValueNames() { - mConfigNames.removeAllElements(); - mValueNames.removeAllElements(); + mConfigNames.removeAllElements(); + mValueNames.removeAllElements(); } protected void deleteExtension(String name, X509CertInfo info) { @@ -294,7 +288,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe Enumeration<String> e = exts.getNames(); while (e.hasMoreElements()) { - String n = e.nextElement(); + String n = e.nextElement(); Extension ext = (Extension) exts.get(n); if (ext.getExtensionId().toString().equals(name)) { @@ -336,18 +330,18 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } protected void addExtension(String name, Extension ext, X509CertInfo info) - throws EProfileException { + throws EProfileException { if (ext == null) { throw new EProfileException("extension not found"); } CertificateExtensions exts = null; - Extension alreadyPresentExtension = getExtension(name,info); + Extension alreadyPresentExtension = getExtension(name, info); if (alreadyPresentExtension != null) { String eName = ext.toString(); CMS.debug("EnrollDefault.addExtension: duplicate extension attempted! Name: " + eName); - throw new EProfileException(CMS.getUserMessage("CMS_PROFILE_DUPLICATE_EXTENSION",eName)); + throw new EProfileException(CMS.getUserMessage("CMS_PROFILE_DUPLICATE_EXTENSION", eName)); } try { @@ -367,7 +361,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } protected void replaceExtension(String name, Extension ext, X509CertInfo info) - throws EProfileException { + throws EProfileException { deleteExtension(name, info); addExtension(name, ext, info); } @@ -392,65 +386,62 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe return getInt(getConfig(value)); } - protected boolean isGeneralNameValid(String name) - { + protected boolean isGeneralNameValid(String name) { if (name == null) - return false; + return false; int pos = name.indexOf(':'); if (pos == -1) - return false; + return false; String nameType = name.substring(0, pos).trim(); String nameValue = name.substring(pos + 1).trim(); if (nameValue.equals("")) - return false; + return false; return true; } protected GeneralNameInterface parseGeneralName(String name) - throws IOException { + throws IOException { int pos = name.indexOf(':'); if (pos == -1) - return null; + return null; String nameType = name.substring(0, pos).trim(); String nameValue = name.substring(pos + 1).trim(); return parseGeneralName(nameType, nameValue); } - protected boolean isGeneralNameType(String nameType) - { + protected boolean isGeneralNameType(String nameType) { if (nameType.equalsIgnoreCase("RFC822Name")) { - return true; + return true; } if (nameType.equalsIgnoreCase("DNSName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("x400")) { - return true; + return true; } if (nameType.equalsIgnoreCase("DirectoryName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("EDIPartyName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("URIName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("IPAddress")) { - return true; + return true; } if (nameType.equalsIgnoreCase("OIDName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("OtherName")) { - return true; + return true; } return false; } protected GeneralNameInterface parseGeneralName(String nameType, String nameValue) - throws IOException - { + throws IOException { if (nameType.equalsIgnoreCase("RFC822Name")) { return new RFC822Name(nameValue); } @@ -458,7 +449,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe return new DNSName(nameValue); } if (nameType.equalsIgnoreCase("x400")) { - // XXX + // XXX } if (nameType.equalsIgnoreCase("DirectoryName")) { return new X500Name(nameValue); @@ -476,153 +467,153 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe StringTokenizer st = new StringTokenizer(nameValue, "/"); String addr = st.nextToken(); String netmask = st.nextToken(); - CMS.debug("addr:" + addr +" netmask: "+netmask); + CMS.debug("addr:" + addr + " netmask: " + netmask); return new IPAddressName(addr, netmask); - } else { + } else { return new IPAddressName(nameValue); - } + } } if (nameType.equalsIgnoreCase("OIDName")) { try { - // check if OID - ObjectIdentifier oid = new ObjectIdentifier(nameValue); + // check if OID + ObjectIdentifier oid = new ObjectIdentifier(nameValue); } catch (Exception e) { - return null; + return null; } return new OIDName(nameValue); - } + } if (nameType.equals("OtherName")) { if (nameValue == null || nameValue.length() == 0) nameValue = " "; if (nameValue.startsWith("(PrintableString)")) { - // format: OtherName: (PrintableString)oid,value - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_PrintableString, on_value); - } else { - return null; - } + // format: OtherName: (PrintableString)oid,value + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_PrintableString, on_value); + } else { + return null; + } } else if (nameValue.startsWith("(KerberosName)")) { // Syntax: (KerberosName)Realm|NameType|NameString(s) - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf('|'); - int pos2 = nameValue.lastIndexOf('|'); - String realm = nameValue.substring(pos0 + 1, pos1).trim(); - String name_type = nameValue.substring(pos1 + 1, pos2).trim(); - String name_strings = nameValue.substring(pos2 + 1).trim(); - Vector<String> strings = new Vector<String>(); - StringTokenizer st = new StringTokenizer(name_strings, ","); - while (st.hasMoreTokens()) { - strings.addElement(st.nextToken()); - } - KerberosName name = new KerberosName(realm, - Integer.parseInt(name_type), strings); - // krb5 OBJECT IDENTIFIER ::= { iso (1) - // org (3) - // dod (6) - // internet (1) - // security (5) - // kerberosv5 (2) } - // krb5PrincipalName OBJECT IDENTIFIER ::= { krb5 2 } - return new OtherName(KerberosName.KRB5_PRINCIPAL_NAME, - name.toByteArray()); + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf('|'); + int pos2 = nameValue.lastIndexOf('|'); + String realm = nameValue.substring(pos0 + 1, pos1).trim(); + String name_type = nameValue.substring(pos1 + 1, pos2).trim(); + String name_strings = nameValue.substring(pos2 + 1).trim(); + Vector<String> strings = new Vector<String>(); + StringTokenizer st = new StringTokenizer(name_strings, ","); + while (st.hasMoreTokens()) { + strings.addElement(st.nextToken()); + } + KerberosName name = new KerberosName(realm, + Integer.parseInt(name_type), strings); + // krb5 OBJECT IDENTIFIER ::= { iso (1) + // org (3) + // dod (6) + // internet (1) + // security (5) + // kerberosv5 (2) } + // krb5PrincipalName OBJECT IDENTIFIER ::= { krb5 2 } + return new OtherName(KerberosName.KRB5_PRINCIPAL_NAME, + name.toByteArray()); } else if (nameValue.startsWith("(IA5String)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_IA5String, on_value); - } else { - return null; - } + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_IA5String, on_value); + } else { + return null; + } } else if (nameValue.startsWith("(UTF8String)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_UTF8String, on_value); - } else { - return null; - } + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_UTF8String, on_value); + } else { + return null; + } } else if (nameValue.startsWith("(BMPString)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_BMPString, on_value); - } else { - return null; - } + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_BMPString, on_value); + } else { + return null; + } } else if (nameValue.startsWith("(Any)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - CMS.debug("OID: " + on_oid + " Value:" + on_value); - return new OtherName(new ObjectIdentifier(on_oid), getBytes(on_value)); - } else { - CMS.debug("Invalid OID " + on_oid); - return null; - } + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + CMS.debug("OID: " + on_oid + " Value:" + on_value); + return new OtherName(new ObjectIdentifier(on_oid), getBytes(on_value)); + } else { + CMS.debug("Invalid OID " + on_oid); + return null; + } } else { - return null; + return null; } } return null; } -/** - * Converts string containing pairs of characters in the range of '0' - * to '9', 'a' to 'f' to an array of bytes such that each pair of - * characters in the string represents an individual byte - */ + /** + * Converts string containing pairs of characters in the range of '0' to + * '9', 'a' to 'f' to an array of bytes such that each pair of characters in + * the string represents an individual byte + */ public byte[] getBytes(String string) { - if (string == null) - return null; - int stringLength = string.length(); - if ((stringLength == 0) || ((stringLength % 2) != 0)) - return null; - byte[] bytes = new byte[ (stringLength / 2) ]; - for (int i = 0, b = 0; i < stringLength; i += 2, ++b) { - String nextByte = string.substring(i, (i + 2)); - bytes[b] = (byte)Integer.parseInt(nextByte, 0x10); - } - return bytes; + if (string == null) + return null; + int stringLength = string.length(); + if ((stringLength == 0) || ((stringLength % 2) != 0)) + return null; + byte[] bytes = new byte[(stringLength / 2)]; + for (int i = 0, b = 0; i < stringLength; i += 2, ++b) { + String nextByte = string.substring(i, (i + 2)); + bytes[b] = (byte) Integer.parseInt(nextByte, 0x10); + } + return bytes; } /** - * Check if a object identifier in string form is valid, - * that is a string in the form n.n.n.n and der encode and decode-able. + * Check if a object identifier in string form is valid, that is a string in + * the form n.n.n.n and der encode and decode-able. + * * @param oid object identifier string. * @return true if the oid is valid */ - public boolean isValidOID(String oid) - { - ObjectIdentifier v = null; + public boolean isValidOID(String oid) { + ObjectIdentifier v = null; try { v = ObjectIdentifier.getObjectIdentifier(oid); } catch (Exception e) { - return false; + return false; } if (v == null) - return false; + return false; // if the OID isn't valid (ex. n.n) the error isn't caught til // encoding time leaving a bad request in the request queue. @@ -632,7 +623,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe derOut.putOID(v); new ObjectIdentifier(new DerInputStream(derOut.toByteArray())); } catch (Exception e) { - return false; + return false; } return true; } @@ -641,7 +632,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe StringBuffer sb = new StringBuffer(); for (int i = 0; i < recs.size(); i++) { - NameValuePairs pairs = recs.elementAt(i); + NameValuePairs pairs = recs.elementAt(i); sb.append("Record #"); sb.append(i); @@ -658,7 +649,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe sb.append("\r\n"); } sb.append("\r\n"); - + } return sb.toString(); } @@ -670,15 +661,15 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe NameValuePairs nvps = null; while (st.hasMoreTokens()) { - String token = st.nextToken(); + String token = st.nextToken(); if (token.equals("Record #" + num)) { CMS.debug("parseRecords: Record" + num); nvps = new NameValuePairs(); v.addElement(nvps); try { - token = st.nextToken(); - } catch (NoSuchElementException e) { + token = st.nextToken(); + } catch (NoSuchElementException e) { v.removeElementAt(num); CMS.debug(e.toString()); return v; @@ -688,7 +679,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe if (nvps == null) throw new EPropertyException("Bad Input Format"); - + int pos = token.indexOf(":"); if (pos <= 0) { @@ -706,8 +697,8 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe return v; } - protected String getGeneralNameType(GeneralName gn) - throws EPropertyException { + protected String getGeneralNameType(GeneralName gn) + throws EPropertyException { int type = gn.getType(); if (type == GeneralNameInterface.NAME_RFC822) @@ -762,17 +753,17 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } public String toGeneralNameString(GeneralNameInterface gn) { - int type = gn.getType(); + int type = gn.getType(); // Sun's General Name is not consistent, so we need // to do a special case for directory string if (type == GeneralNameInterface.NAME_DIRECTORY) { - return "DirectoryName: " + gn.toString(); + return "DirectoryName: " + gn.toString(); } return gn.toString(); } protected String mapPattern(IRequest request, String pattern) - throws IOException { + throws IOException { Pattern p = new Pattern(pattern); IAttrSet attrSet = null; if (request != null) { @@ -781,30 +772,32 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe return p.substitute2("request", attrSet); } - protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) - { + protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) { StringBuffer result = new StringBuffer(); // Do we need to escape any characters for (int i = 0; i < v.length(); i++) { int c = v.charAt(i); if (c == ',' || c == '=' || c == '+' || c == '<' || - c == '>' || c == '#' || c == ';' || c == '\r' || - c == '\n' || c == '\\' || c == '"') { - if ((c == 0x5c) && ((i+1) < v.length())) { - int nextC = v.charAt(i+1); + c == '>' || c == '#' || c == ';' || c == '\r' || + c == '\n' || c == '\\' || c == '"') { + if ((c == 0x5c) && ((i + 1) < v.length())) { + int nextC = v.charAt(i + 1); if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' || nextC == '<' || nextC == '>' || nextC == '#' || nextC == ';' || nextC == '\r' || nextC == '\n' || nextC == '\\' || nextC == '"')) { - if (doubleEscape) result.append('\\'); + if (doubleEscape) + result.append('\\'); } else { result.append('\\'); - if (doubleEscape) result.append('\\'); + if (doubleEscape) + result.append('\\'); } } else { result.append('\\'); - if (doubleEscape) result.append('\\'); + if (doubleEscape) + result.append('\\'); } } if (c == '\r') { @@ -812,10 +805,10 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } else if (c == '\n') { result.append("0A"); } else { - result.append((char)c); + result.append((char) c); } } return result; } - + } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java index 7cf2a359..acdf98b4 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java @@ -17,14 +17,10 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - - - /** - * This class implements an enrollment extension - * default policy that extension into the certificate - * template. - * + * This class implements an enrollment extension default policy that extension + * into the certificate template. + * * @version $Revision$, $Date$ */ public abstract class EnrollExtDefault extends EnrollDefault { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java index 62d21cc8..4ea3679b 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Enumeration; import java.util.Locale; import java.util.StringTokenizer; @@ -35,12 +34,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates Extended Key Usage extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates Extended + * Key Usage extension into the certificate template. + * * @version $Revision$, $Date$ */ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { @@ -60,17 +57,17 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_OIDS)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_OIDS")); } @@ -91,51 +88,49 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { ExtendedKeyUsageExtension ext = null; - ext = (ExtendedKeyUsageExtension) getExtension(ExtendedKeyUsageExtension.OID, info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - } - if (name == null) { + } + if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_CRITICAL)) { ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); - boolean val = Boolean.valueOf(value).booleanValue(); + getExtension(ExtendedKeyUsageExtension.OID, info); + boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { + if (ext == null) { return; } - ext.setCritical(val); + ext.setCritical(val); } else if (name.equals(VAL_OIDS)) { ext = (ExtendedKeyUsageExtension) getExtension(ExtendedKeyUsageExtension.OID, info); - // ext.deleteAllOIDs(); + // ext.deleteAllOIDs(); StringTokenizer st = new StringTokenizer(value, ","); - if(ext == null) { + if (ext == null) { return; } while (st.hasMoreTokens()) { String oid = st.nextToken(); - ext.addOID(new ObjectIdentifier(oid)); + ext.addOID(new ObjectIdentifier(oid)); } } else { throw new EPropertyException(CMS.getUserMessage( @@ -151,8 +146,8 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); @@ -160,23 +155,21 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension) getExtension(ExtendedKeyUsageExtension.OID, info); - - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); + getExtension(ExtendedKeyUsageExtension.OID, info); if (ext == null) { return null; @@ -188,20 +181,20 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { } } else if (name.equals(VAL_OIDS)) { ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); + getExtension(ExtendedKeyUsageExtension.OID, info); StringBuffer sb = new StringBuffer(); - if(ext == null) { + if (ext == null) { return ""; } Enumeration e = ext.getOIDs(); while (e.hasMoreElements()) { ObjectIdentifier oid = (ObjectIdentifier) - e.nextElement(); + e.nextElement(); if (!sb.toString().equals("")) { sb.append(","); - } + } sb.append(oid.toString()); } return sb.toString(); @@ -213,11 +206,11 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_CRITICAL), getConfig(CONFIG_OIDS) }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_EXTENDED_KEY_EXT", params); } @@ -225,20 +218,20 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { ExtendedKeyUsageExtension ext = createExtension(); addExtension(ExtendedKeyUsageExtension.OID, ext, info); } public ExtendedKeyUsageExtension createExtension() { - ExtendedKeyUsageExtension ext = null; + ExtendedKeyUsageExtension ext = null; try { ext = new ExtendedKeyUsageExtension(); } catch (Exception e) { CMS.debug("ExtendedKeyUsageExtDefault: createExtension " + - e.toString()); + e.toString()); } if (ext == null) return null; @@ -250,7 +243,7 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { while (st.hasMoreTokens()) { String oid = st.nextToken(); - ext.addOID(new ObjectIdentifier(oid)); + ext.addOID(new ObjectIdentifier(oid)); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java index 13af0426..5824bbfd 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -42,12 +41,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates Freshest CRL extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates Freshest + * CRL extension into the certificate template. + * * @version $Revision$, $Date$ */ public class FreshestCRLExtDefault extends EnrollExtDefault { @@ -61,8 +58,8 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { public static final String CONFIG_ENABLE = "freshestCRLPointEnable_"; public static final String VAL_CRITICAL = "freshestCRLCritical"; - public static final String VAL_CRL_DISTRIBUTION_POINTS = - "freshestCRLPointsValue"; + public static final String VAL_CRL_DISTRIBUTION_POINTS = + "freshestCRLPointsValue"; private static final String POINT_TYPE = "Point Type"; private static final String POINT_NAME = "Point Name"; @@ -78,12 +75,11 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } - protected int getNumPoints() { int num = DEF_NUM_POINTS; String val = getConfig(CONFIG_NUM_POINTS); @@ -103,33 +99,32 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_POINTS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_POINTS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_POINTS || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } + } } super.setConfig(name, value); } - public Enumeration<String> getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); } protected void refreshConfigAndValueNames() { - //refesh our config name list + // refesh our config name list super.refreshConfigAndValueNames(); addValueName(VAL_CRITICAL); @@ -149,47 +144,47 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_POINT_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_POINT_TYPE")); } else if (name.startsWith(CONFIG_POINT_NAME)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_POINT_NAME")); } else if (name.startsWith(CONFIG_ISSUER_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_TYPE")); } else if (name.startsWith(CONFIG_ISSUER_NAME)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_NAME")); } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_POINTS)) { return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS")); + "1", + CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + if (name.equals(VAL_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_CRL_DISTRIBUTION_POINTS")); } else { @@ -198,39 +193,39 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { FreshestCRLExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (FreshestCRLExtension) getExtension(FreshestCRLExtension.OID, - info); + info); - if(ext == null) { - populate(locale,info); + if (ext == null) { + populate(locale, info); } - + if (name.equals(VAL_CRITICAL)) { ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); + getExtension(FreshestCRLExtension.OID, + info); boolean val = Boolean.valueOf(value).booleanValue(); - ext.setCritical(val); - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { + ext.setCritical(val); + } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); + getExtension(FreshestCRLExtension.OID, + info); Vector<NameValuePairs> v = parseRecords(value); int size = v.size(); - + boolean critical = ext.isCritical(); int i = 0; @@ -266,7 +261,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { if (issuerType != null) addIssuer(locale, cdp, issuerType, issuerValue); - // this is the first distribution point + // this is the first distribution point if (i == 0) { ext = new FreshestCRLExtension(cdp); ext.setCritical(critical); @@ -276,100 +271,99 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.FreshestCRL_Id.toString(), - ext, info); + ext, info); } catch (EProfileException e) { - CMS.debug("FreshestCRLExtDefault: setValue " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( + CMS.debug("FreshestCRLExtDefault: setValue " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { + String value) throws EPropertyException { try { if (value == null || value.length() == 0) return; - + if (isGeneralNameType(type)) { GeneralNames gen = new GeneralNames(); - gen.addElement(parseGeneralName(type,value)); + gen.addElement(parseGeneralName(type, value)); cdp.setFullName(gen); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } } catch (IOException e) { - CMS.debug("FreshestCRLExtDefault: addCRLPoint " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( + CMS.debug("FreshestCRLExtDefault: addCRLPoint " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } catch (GeneralNamesException e) { - CMS.debug("FreshestCRLExtDefault: addCRLPoint " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( + CMS.debug("FreshestCRLExtDefault: addCRLPoint " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } } private void addIssuer(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { + String value) throws EPropertyException { if (value == null || value.length() == 0) return; try { if (isGeneralNameType(type)) { GeneralNames gen = new GeneralNames(); - gen.addElement(parseGeneralName(type,value)); + gen.addElement(parseGeneralName(type, value)); cdp.setCRLIssuer(gen); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } } catch (IOException e) { - CMS.debug("FreshestCRLExtDefault: addIssuer " + - e.toString()); + CMS.debug("FreshestCRLExtDefault: addIssuer " + + e.toString()); } catch (GeneralNamesException e) { - CMS.debug("FreshestCRLExtDefault: addIssuer " + - e.toString()); + CMS.debug("FreshestCRLExtDefault: addIssuer " + + e.toString()); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { FreshestCRLExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (FreshestCRLExtension) getExtension(FreshestCRLExtension.OID, - info); - if(ext == null) - { + info); + if (ext == null) { try { - populate(locale,info); + populate(locale, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); + getExtension(FreshestCRLExtension.OID, + info); if (ext == null) { return null; @@ -379,10 +373,10 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { + } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); + getExtension(FreshestCRLExtension.OID, + info); if (ext == null) return ""; @@ -395,7 +389,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { NameValuePairs pairs = null; if (i < ext.getNumPoints()) { - CRLDistributionPoint p = ext.getPointAt(i); + CRLDistributionPoint p = ext.getPointAt(i); GeneralNames gns = p.getFullName(); pairs = buildGeneralNames(gns, p); @@ -404,10 +398,10 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } recs.addElement(pairs); } - + return buildRecords(recs); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -424,7 +418,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } protected NameValuePairs buildGeneralNames(GeneralNames gns, CRLDistributionPoint p) - throws EPropertyException { + throws EPropertyException { NameValuePairs pairs = new NameValuePairs(); @@ -495,8 +489,8 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_ENABLE + i)); sb.append("}"); } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_FRESHEST_CRL_EXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_FRESHEST_CRL_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); } @@ -505,7 +499,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { FreshestCRLExtension ext = createExtension(request); if (ext == null) @@ -519,14 +513,14 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); - ext.setCritical(critical); + ext.setCritical(critical); num = getNumPoints(); for (int i = 0; i < num; i++) { CRLDistributionPoint cdp = new CRLDistributionPoint(); - String enable = getConfig(CONFIG_ENABLE + i); - String pointType = getConfig(CONFIG_POINT_TYPE + i); + String enable = getConfig(CONFIG_ENABLE + i); + String pointType = getConfig(CONFIG_POINT_TYPE + i); String pointName = getConfig(CONFIG_POINT_NAME + i); String issuerType = getConfig(CONFIG_ISSUER_TYPE + i); String issuerName = getConfig(CONFIG_ISSUER_NAME + i); @@ -537,12 +531,12 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { if (issuerType != null) addIssuer(getLocale(request), cdp, issuerType, issuerName); - ext.addPoint(cdp); + ext.addPoint(cdp); } } } catch (Exception e) { CMS.debug("FreshestCRLExtDefault: createExtension " + - e.toString()); + e.toString()); } return ext; @@ -552,7 +546,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ private void populate(Locale locale, X509CertInfo info) - throws EProfileException { + throws EProfileException { FreshestCRLExtension ext = createExtension(locale); if (ext == null) @@ -589,7 +583,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } } catch (Exception e) { CMS.debug("FreshestCRLExtDefault: createExtension " + - e.toString()); + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java index 4051f31a..c1e109d2 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Locale; import netscape.security.util.DerOutputStream; @@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a Netscape comment extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a Netscape + * comment extension into the certificate template. + * * @version $Revision$, $Date$ */ public class GenericExtDefault extends EnrollExtDefault { @@ -62,13 +59,13 @@ public class GenericExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_OID)) { @@ -86,7 +83,7 @@ public class GenericExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_DATA)) { @@ -99,13 +96,13 @@ public class GenericExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { Extension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -114,28 +111,28 @@ public class GenericExtDefault extends EnrollExtDefault { ext = (Extension) getExtension(oid.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { ext = (Extension) getExtension(oid.toString(), info); - if (ext == null) { + if (ext == null) { return; } boolean val = Boolean.valueOf(value).booleanValue(); - ext.setCritical(val); - } else if (name.equals(VAL_DATA)) { + ext.setCritical(val); + } else if (name.equals(VAL_DATA)) { ext = (Extension) getExtension(oid.toString(), info); - if (ext == null) { + if (ext == null) { return; } byte data[] = getBytes(value); - ext.setExtensionValue(data); + ext.setExtensionValue(data); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -146,12 +143,12 @@ public class GenericExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { Extension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -160,14 +157,13 @@ public class GenericExtDefault extends EnrollExtDefault { ext = (Extension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -185,7 +181,7 @@ public class GenericExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_DATA)) { + } else if (name.equals(VAL_DATA)) { ext = (Extension) getExtension(oid.toString(), info); @@ -197,17 +193,17 @@ public class GenericExtDefault extends EnrollExtDefault { if (data == null) return ""; - + return toStr(data); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_CRITICAL), getConfig(CONFIG_OID), getConfig(CONFIG_DATA) }; @@ -218,10 +214,10 @@ public class GenericExtDefault extends EnrollExtDefault { public String toStr(byte data[]) { StringBuffer b = new StringBuffer(); for (int i = 0; i < data.length; i++) { - if ((data[i] & 0xff) < 16) { - b.append("0"); - } - b.append(Integer.toString((int)(data[i] & 0xff), 0x10)); + if ((data[i] & 0xff) < 16) { + b.append("0"); + } + b.append(Integer.toString((int) (data[i] & 0xff), 0x10)); } return b.toString(); } @@ -230,14 +226,14 @@ public class GenericExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { Extension ext = createExtension(request); addExtension(ext.getExtensionId().toString(), ext, info); } public Extension createExtension(IRequest request) { - Extension ext = null; + Extension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -250,13 +246,13 @@ public class GenericExtDefault extends EnrollExtDefault { data = getBytes(mapPattern(request, getConfig(CONFIG_DATA))); } - DerOutputStream out = new DerOutputStream(); + DerOutputStream out = new DerOutputStream(); out.putOctetString(data); ext = new Extension(oid, critical, out.toByteArray()); } catch (Exception e) { - CMS.debug("GenericExtDefault: createExtension " + - e.toString()); + CMS.debug("GenericExtDefault: createExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java index 5bb8abd4..dc1fa33d 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -31,11 +30,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that shows an image in the approval page. - * + * This class implements an enrollment default policy that shows an image in the + * approval page. + * * @version $Revision$, $Date$ */ public class ImageDefault extends EnrollDefault { @@ -50,7 +48,7 @@ public class ImageDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -68,12 +66,12 @@ public class ImageDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { } public String getValue(String name, Locale locale, IRequest request) - throws EPropertyException { + throws EPropertyException { if (name == null) { throw new EPropertyException(CMS.getUserMessage( @@ -89,19 +87,19 @@ public class ImageDefault extends EnrollDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { return null; } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_IMAGE" ); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_IMAGE"); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java index c6bbc7f7..c0a92ee7 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.math.BigInteger; import java.util.Locale; @@ -34,10 +33,9 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an inhibit Any-Policy extension - * + * * @version $Revision$, $Date$ */ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { @@ -61,31 +59,31 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { return new Descriptor(IDescriptor.BOOLEAN, null, "true", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); + CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_SKIP_CERTS)) { return new Descriptor(IDescriptor.INTEGER, null, "0", - CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS")); + CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS")); } else { return null; } } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (name.equals(CONFIG_SKIP_CERTS)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_SKIP_CERTS)); - } + } } super.setConfig(name, value); } @@ -93,36 +91,36 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { return new Descriptor(IDescriptor.BOOLEAN, null, "true", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); + CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_SKIP_CERTS)) { return new Descriptor(IDescriptor.INTEGER, null, "0", - CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS")); + CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS")); } else { return null; } } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { InhibitAnyPolicyExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); + getExtension(InhibitAnyPolicyExtension.OID, info); - if(ext == null) { - populate(null,info); - } + if (ext == null) { + populate(null, info); + } if (name.equals(VAL_CRITICAL)) { ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); + getExtension(InhibitAnyPolicyExtension.OID, info); if (ext == null) { // it is ok, the extension is never populated or delted @@ -133,7 +131,7 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { ext.setCritical(critical); } else if (name.equals(VAL_SKIP_CERTS)) { ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); + getExtension(InhibitAnyPolicyExtension.OID, info); if (ext == null) { // it is ok, the extension is never populated or delted @@ -150,48 +148,47 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { BigInteger l = new BigInteger(value); num = new BigInt(l); } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } ext = new InhibitAnyPolicyExtension(critical, - num); + num); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(InhibitAnyPolicyExtension.OID, ext, info); } catch (EProfileException e) { CMS.debug("InhibitAnyPolicyExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } InhibitAnyPolicyExtension ext = - (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); + (InhibitAnyPolicyExtension) + getExtension(InhibitAnyPolicyExtension.OID, info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); + getExtension(InhibitAnyPolicyExtension.OID, info); if (ext == null) { return null; @@ -203,38 +200,37 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { } } else if (name.equals(VAL_SKIP_CERTS)) { ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); + getExtension(InhibitAnyPolicyExtension.OID, info); if (ext == null) { return null; } BigInt n = ext.getSkipCerts(); - return ""+n.toInt(); + return "" + n.toInt(); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); + } } /* - * returns text that goes into description for this extension on - * a profile + * returns text that goes into description for this extension on a profile */ public String getText(Locale locale) { - StringBuffer sb = new StringBuffer(); + StringBuffer sb = new StringBuffer(); sb.append(SKIP_CERTS + ":"); sb.append(getConfig(CONFIG_SKIP_CERTS)); - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_INHIBIT_ANY_POLICY_EXT", - getConfig(CONFIG_CRITICAL), sb.toString()); + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_INHIBIT_ANY_POLICY_EXT", + getConfig(CONFIG_CRITICAL), sb.toString()); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { InhibitAnyPolicyExtension ext = null; ext = createExtension(request); @@ -242,7 +238,7 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { } public InhibitAnyPolicyExtension createExtension(IRequest request) - throws EProfileException { + throws EProfileException { InhibitAnyPolicyExtension ext = null; boolean critical = Boolean.valueOf( @@ -259,7 +255,7 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { val = new BigInt(b); } catch (NumberFormatException e) { throw new EProfileException( - CMS.getUserMessage("CMS_PROFILE_INHIBIT_ANY_POLICY_WRONG_SKIP_CERTS")); + CMS.getUserMessage("CMS_PROFILE_INHIBIT_ANY_POLICY_WRONG_SKIP_CERTS")); } try { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java index 40bd4876..00a05305 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -39,12 +38,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a issuer alternative name extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a issuer + * alternative name extension into the certificate template. + * * @version $Revision$, $Date$ */ public class IssuerAltNameExtDefault extends EnrollExtDefault { @@ -67,25 +64,25 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_TYPE)) { return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", "RFC822Name", - CMS.getUserMessage(locale, - "CMS_PROFILE_ISSUER_ALT_NAME_TYPE")); + CMS.getUserMessage(locale, + "CMS_PROFILE_ISSUER_ALT_NAME_TYPE")); } else if (name.equals(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_ISSUER_ALT_NAME_PATTERN")); + CMS.getUserMessage(locale, + "CMS_PROFILE_ISSUER_ALT_NAME_PATTERN")); } else { return null; } @@ -93,11 +90,11 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); } else { @@ -106,13 +103,13 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { IssuerAlternativeNameExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -120,20 +117,19 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { (IssuerAlternativeNameExtension) getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - + if (name.equals(VAL_CRITICAL)) { - ext = + ext = (IssuerAlternativeNameExtension) getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); @@ -145,7 +141,7 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { ext.setCritical(critical); } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = + ext = (IssuerAlternativeNameExtension) getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); @@ -166,34 +162,34 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { GeneralNameInterface n = parseGeneralName(gname); if (n != null) { - gn.addElement(n); + gn.addElement(n); } } ext.set(IssuerAlternativeNameExtension.ISSUER_NAME, gn); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension( - PKIXExtensions.IssuerAlternativeName_Id.toString(), - ext, info); + PKIXExtensions.IssuerAlternativeName_Id.toString(), + ext, info); } catch (IOException e) { CMS.debug("IssuerAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("IssuerAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { try { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -201,23 +197,22 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { (IssuerAlternativeNameExtension) getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = - (IssuerAlternativeNameExtension) - getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); + ext = + (IssuerAlternativeNameExtension) + getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); if (ext == null) { return null; @@ -228,16 +223,15 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = - (IssuerAlternativeNameExtension) - getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - if(ext == null) - { + ext = + (IssuerAlternativeNameExtension) + getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); + if (ext == null) { return ""; } GeneralNames names = (GeneralNames) - ext.get(IssuerAlternativeNameExtension.ISSUER_NAME); + ext.get(IssuerAlternativeNameExtension.ISSUER_NAME); StringBuffer sb = new StringBuffer(); Enumeration<GeneralNameInterface> e = names.elements(); @@ -246,17 +240,17 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { if (!sb.toString().equals("")) { sb.append("\r\n"); - } + } sb.append(toGeneralNameString(gn)); } return sb.toString(); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { - CMS.debug("IssuerAltNameExtDefault: getValue " + - e.toString()); + CMS.debug("IssuerAltNameExtDefault: getValue " + + e.toString()); } return null; } @@ -275,7 +269,7 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { IssuerAlternativeNameExtension ext = null; try { @@ -284,35 +278,35 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { } catch (IOException e) { CMS.debug("IssuerAltNameExtDefault: populate " + e.toString()); } - addExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), - ext, info); + addExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), + ext, info); } - public IssuerAlternativeNameExtension createExtension(IRequest request) - throws IOException { - IssuerAlternativeNameExtension ext = null; + public IssuerAlternativeNameExtension createExtension(IRequest request) + throws IOException { + IssuerAlternativeNameExtension ext = null; try { ext = new IssuerAlternativeNameExtension(); } catch (Exception e) { CMS.debug(e.toString()); - throw new IOException( e.toString() ); + throw new IOException(e.toString()); } boolean critical = Boolean.valueOf( - getConfig(CONFIG_CRITICAL)).booleanValue(); + getConfig(CONFIG_CRITICAL)).booleanValue(); String pattern = getConfig(CONFIG_PATTERN); if (!pattern.equals("")) { - GeneralNames gn = new GeneralNames(); + GeneralNames gn = new GeneralNames(); String gname = ""; - if(request != null) { + if (request != null) { gname = mapPattern(request, pattern); } gn.addElement(parseGeneralName( - getConfig(CONFIG_TYPE) + ":" + gname)); + getConfig(CONFIG_TYPE) + ":" + gname)); ext.set(IssuerAlternativeNameExtension.ISSUER_NAME, gn); } ext.setCritical(critical); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java index c8ed9281..4547a0f5 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -34,25 +33,23 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a Key Usage extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a Key Usage + * extension into the certificate template. + * * @version $Revision$, $Date$ */ public class KeyUsageExtDefault extends EnrollExtDefault { public static final String CONFIG_CRITICAL = "keyUsageCritical"; - public static final String CONFIG_DIGITAL_SIGNATURE = - "keyUsageDigitalSignature"; - public static final String CONFIG_NON_REPUDIATION = - "keyUsageNonRepudiation"; - public static final String CONFIG_KEY_ENCIPHERMENT = - "keyUsageKeyEncipherment"; - public static final String CONFIG_DATA_ENCIPHERMENT = - "keyUsageDataEncipherment"; + public static final String CONFIG_DIGITAL_SIGNATURE = + "keyUsageDigitalSignature"; + public static final String CONFIG_NON_REPUDIATION = + "keyUsageNonRepudiation"; + public static final String CONFIG_KEY_ENCIPHERMENT = + "keyUsageKeyEncipherment"; + public static final String CONFIG_DATA_ENCIPHERMENT = + "keyUsageDataEncipherment"; public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement"; public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign"; public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign"; @@ -60,14 +57,14 @@ public class KeyUsageExtDefault extends EnrollExtDefault { public static final String CONFIG_DECIPHER_ONLY = "keyUsageDecipherOnly"; public static final String VAL_CRITICAL = "keyUsageCritical"; - public static final String VAL_DIGITAL_SIGNATURE = - "keyUsageDigitalSignature"; - public static final String VAL_NON_REPUDIATION = - "keyUsageNonRepudiation"; - public static final String VAL_KEY_ENCIPHERMENT = - "keyUsageKeyEncipherment"; - public static final String VAL_DATA_ENCIPHERMENT = - "keyUsageDataEncipherment"; + public static final String VAL_DIGITAL_SIGNATURE = + "keyUsageDigitalSignature"; + public static final String VAL_NON_REPUDIATION = + "keyUsageNonRepudiation"; + public static final String VAL_KEY_ENCIPHERMENT = + "keyUsageKeyEncipherment"; + public static final String VAL_DATA_ENCIPHERMENT = + "keyUsageDataEncipherment"; public static final String VAL_KEY_AGREEMENT = "keyUsageKeyAgreement"; public static final String VAL_KEY_CERTSIGN = "keyUsageKeyCertSign"; public static final String VAL_CRL_SIGN = "keyUsageCrlSign"; @@ -100,21 +97,21 @@ public class KeyUsageExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_DIGITAL_SIGNATURE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE")); } else if (name.equals(CONFIG_NON_REPUDIATION)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION")); } else if (name.equals(CONFIG_KEY_ENCIPHERMENT)) { @@ -152,15 +149,15 @@ public class KeyUsageExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE")); } else if (name.equals(VAL_NON_REPUDIATION)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION")); } else if (name.equals(VAL_KEY_ENCIPHERMENT)) { @@ -197,158 +194,157 @@ public class KeyUsageExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { KeyUsageExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } - + if (name.equals(VAL_CRITICAL)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); + boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { + if (ext == null) { return; } ext.setCritical(val); - } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { + } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.DIGITAL_SIGNATURE, val); } else if (name.equals(VAL_NON_REPUDIATION)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.NON_REPUDIATION, val); } else if (name.equals(VAL_KEY_ENCIPHERMENT)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.KEY_ENCIPHERMENT, val); } else if (name.equals(VAL_DATA_ENCIPHERMENT)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.DATA_ENCIPHERMENT, val); } else if (name.equals(VAL_KEY_AGREEMENT)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.KEY_AGREEMENT, val); } else if (name.equals(VAL_KEY_CERTSIGN)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.KEY_CERTSIGN, val); } else if (name.equals(VAL_CRL_SIGN)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.CRL_SIGN, val); } else if (name.equals(VAL_ENCIPHER_ONLY)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.ENCIPHER_ONLY, val); } else if (name.equals(VAL_DECIPHER_ONLY)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.DECIPHER_ONLY, val); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info); } catch (IOException e) { CMS.debug("KeyUsageExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("KeyUsageExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { try { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } KeyUsageExtension ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; @@ -360,117 +356,117 @@ public class KeyUsageExtDefault extends EnrollExtDefault { } } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.DIGITAL_SIGNATURE); + ext.get(KeyUsageExtension.DIGITAL_SIGNATURE); return val.toString(); } else if (name.equals(VAL_NON_REPUDIATION)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.NON_REPUDIATION); + ext.get(KeyUsageExtension.NON_REPUDIATION); return val.toString(); } else if (name.equals(VAL_KEY_ENCIPHERMENT)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.KEY_ENCIPHERMENT); + ext.get(KeyUsageExtension.KEY_ENCIPHERMENT); return val.toString(); } else if (name.equals(VAL_DATA_ENCIPHERMENT)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.DATA_ENCIPHERMENT); + ext.get(KeyUsageExtension.DATA_ENCIPHERMENT); return val.toString(); } else if (name.equals(VAL_KEY_AGREEMENT)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.KEY_AGREEMENT); + ext.get(KeyUsageExtension.KEY_AGREEMENT); return val.toString(); } else if (name.equals(VAL_KEY_CERTSIGN)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.KEY_CERTSIGN); + ext.get(KeyUsageExtension.KEY_CERTSIGN); return val.toString(); } else if (name.equals(VAL_CRL_SIGN)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.CRL_SIGN); + ext.get(KeyUsageExtension.CRL_SIGN); return val.toString(); } else if (name.equals(VAL_ENCIPHER_ONLY)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.ENCIPHER_ONLY); + ext.get(KeyUsageExtension.ENCIPHER_ONLY); return val.toString(); } else if (name.equals(VAL_DECIPHER_ONLY)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.DECIPHER_ONLY); + ext.get(KeyUsageExtension.DECIPHER_ONLY); return val.toString(); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { CMS.debug("KeyUsageExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_DIGITAL_SIGNATURE), - getConfig(CONFIG_NON_REPUDIATION), - getConfig(CONFIG_KEY_ENCIPHERMENT), - getConfig(CONFIG_DATA_ENCIPHERMENT), - getConfig(CONFIG_KEY_AGREEMENT), - getConfig(CONFIG_KEY_CERTSIGN), - getConfig(CONFIG_CRL_SIGN), - getConfig(CONFIG_ENCIPHER_ONLY), + getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_DIGITAL_SIGNATURE), + getConfig(CONFIG_NON_REPUDIATION), + getConfig(CONFIG_KEY_ENCIPHERMENT), + getConfig(CONFIG_DATA_ENCIPHERMENT), + getConfig(CONFIG_KEY_AGREEMENT), + getConfig(CONFIG_KEY_CERTSIGN), + getConfig(CONFIG_CRL_SIGN), + getConfig(CONFIG_ENCIPHER_ONLY), getConfig(CONFIG_DECIPHER_ONLY) }; @@ -482,14 +478,14 @@ public class KeyUsageExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { KeyUsageExtension ext = createKeyUsageExtension(); addExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info); } public KeyUsageExtension createKeyUsageExtension() { - KeyUsageExtension ext = null; + KeyUsageExtension ext = null; boolean[] bits = new boolean[KeyUsageExtension.NBITS]; boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -506,8 +502,8 @@ public class KeyUsageExtDefault extends EnrollExtDefault { try { ext = new KeyUsageExtension(critical, bits); } catch (Exception e) { - CMS.debug("KeyUsageExtDefault: createKeyUsageExtension " + - e.toString()); + CMS.debug("KeyUsageExtDefault: createKeyUsageExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java index 01e92d6a..19cd23fa 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a Netscape comment extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a Netscape + * comment extension into the certificate template. + * * @version $Revision$, $Date$ */ public class NSCCommentExtDefault extends EnrollExtDefault { @@ -60,13 +57,13 @@ public class NSCCommentExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_COMMENT)) { @@ -80,7 +77,7 @@ public class NSCCommentExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_COMMENT)) { @@ -93,13 +90,13 @@ public class NSCCommentExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { NSCCommentExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -108,8 +105,8 @@ public class NSCCommentExtDefault extends EnrollExtDefault { ext = (NSCCommentExtension) getExtension(oid.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { @@ -118,27 +115,27 @@ public class NSCCommentExtDefault extends EnrollExtDefault { getExtension(oid.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if (ext == null) { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_COMMENT)) { + ext.setCritical(val); + } else if (name.equals(VAL_COMMENT)) { ext = (NSCCommentExtension) getExtension(oid.toString(), info); - if (ext == null) { + if (ext == null) { return; } boolean critical = ext.isCritical(); if (value == null || value.equals("")) ext = new NSCCommentExtension(critical, ""); - // throw new EPropertyException(name+" cannot be empty"); + // throw new EPropertyException(name+" cannot be empty"); else ext = new NSCCommentExtension(critical, value); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -151,12 +148,12 @@ public class NSCCommentExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { NSCCommentExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -165,14 +162,13 @@ public class NSCCommentExtDefault extends EnrollExtDefault { ext = (NSCCommentExtension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -190,7 +186,7 @@ public class NSCCommentExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_COMMENT)) { + } else if (name.equals(VAL_COMMENT)) { ext = (NSCCommentExtension) getExtension(oid.toString(), info); @@ -202,17 +198,17 @@ public class NSCCommentExtDefault extends EnrollExtDefault { if (comment == null) comment = ""; - + return comment; } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_CRITICAL), getConfig(CONFIG_COMMENT) }; @@ -223,14 +219,14 @@ public class NSCCommentExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { NSCCommentExtension ext = createExtension(); addExtension(ext.getExtensionId().toString(), ext, info); } public NSCCommentExtension createExtension() { - NSCCommentExtension ext = null; + NSCCommentExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -241,8 +237,8 @@ public class NSCCommentExtDefault extends EnrollExtDefault { else ext = new NSCCommentExtension(critical, comment); } catch (Exception e) { - CMS.debug("NSCCommentExtension: createExtension " + - e.toString()); + CMS.debug("NSCCommentExtension: createExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java index e3438ccf..68a12c28 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.security.cert.CertificateException; import java.util.Locale; @@ -33,12 +32,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a Netscape Certificate Type extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a Netscape + * Certificate Type extension into the certificate template. + * * @version $Revision$, $Date$ */ public class NSCertTypeExtDefault extends EnrollExtDefault { @@ -83,11 +80,11 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { return new Descriptor(IDescriptor.BOOLEAN, null, "false", @@ -127,7 +124,7 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_SSL_CLIENT)) { @@ -135,7 +132,7 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { "false", CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CLIENT")); } else if (name.equals(VAL_SSL_SERVER)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_SSL_SERVER")); } else if (name.equals(VAL_EMAIL)) { @@ -155,7 +152,7 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { "false", CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL_CA")); } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING_CA")); } else { @@ -164,8 +161,8 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { NSCertTypeExtension ext = null; @@ -174,12 +171,11 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { locale, "CMS_INVALID_PROPERTY", name)); } - ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { @@ -187,69 +183,69 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { getExtension(NSCertTypeExtension.CertType_Id.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { - return ; + if (ext == null) { + return; } - ext.setCritical(val); - } else if (name.equals(VAL_SSL_CLIENT)) { + ext.setCritical(val); + } else if (name.equals(VAL_SSL_CLIENT)) { ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.SSL_CLIENT, val); - } else if (name.equals(VAL_SSL_SERVER)) { + } else if (name.equals(VAL_SSL_SERVER)) { ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.SSL_SERVER, val); - } else if (name.equals(VAL_EMAIL)) { + } else if (name.equals(VAL_EMAIL)) { ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.EMAIL, val); - } else if (name.equals(VAL_OBJECT_SIGNING)) { + } else if (name.equals(VAL_OBJECT_SIGNING)) { ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.OBJECT_SIGNING, val); - } else if (name.equals(VAL_SSL_CA)) { + } else if (name.equals(VAL_SSL_CA)) { ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.SSL_CA, val); - } else if (name.equals(VAL_EMAIL_CA)) { + } else if (name.equals(VAL_EMAIL_CA)) { ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.EMAIL_CA, val); - } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { + } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); @@ -266,31 +262,30 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { try { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } NSCertTypeExtension ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; @@ -300,63 +295,63 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_SSL_CLIENT)) { + } else if (name.equals(VAL_SSL_CLIENT)) { ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_CLIENT); return val.toString(); - } else if (name.equals(VAL_SSL_SERVER)) { + } else if (name.equals(VAL_SSL_SERVER)) { ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_SERVER); return val.toString(); - } else if (name.equals(VAL_EMAIL)) { + } else if (name.equals(VAL_EMAIL)) { ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.EMAIL); return val.toString(); - } else if (name.equals(VAL_OBJECT_SIGNING)) { + } else if (name.equals(VAL_OBJECT_SIGNING)) { ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.OBJECT_SIGNING); return val.toString(); - } else if (name.equals(VAL_SSL_CA)) { + } else if (name.equals(VAL_SSL_CA)) { ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_CA); return val.toString(); - } else if (name.equals(VAL_EMAIL_CA)) { + } else if (name.equals(VAL_EMAIL_CA)) { ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.EMAIL_CA); return val.toString(); - } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { + } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } @@ -364,7 +359,7 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { return val.toString(); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } catch (CertificateException e) { @@ -375,13 +370,13 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_SSL_CLIENT), - getConfig(CONFIG_SSL_SERVER), - getConfig(CONFIG_EMAIL), - getConfig(CONFIG_OBJECT_SIGNING), - getConfig(CONFIG_SSL_CA), - getConfig(CONFIG_EMAIL_CA), + getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_SSL_CLIENT), + getConfig(CONFIG_SSL_SERVER), + getConfig(CONFIG_EMAIL), + getConfig(CONFIG_OBJECT_SIGNING), + getConfig(CONFIG_SSL_CA), + getConfig(CONFIG_EMAIL_CA), getConfig(CONFIG_OBJECT_SIGNING_CA) }; @@ -393,14 +388,14 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { NSCertTypeExtension ext = createExtension(); addExtension(NSCertTypeExtension.CertType_Id.toString(), ext, info); } public NSCertTypeExtension createExtension() { - NSCertTypeExtension ext = null; + NSCertTypeExtension ext = null; boolean[] bits = new boolean[NSCertTypeExtension.NBITS]; boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -415,8 +410,8 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { try { ext = new NSCertTypeExtension(critical, bits); } catch (Exception e) { - CMS.debug("NSCertTypeExtDefault: createExtension " + - e.toString()); + CMS.debug("NSCertTypeExtDefault: createExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java index 7776238a..7471b0c7 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -41,25 +40,23 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a name constraint extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a name + * constraint extension into the certificate template. + * * @version $Revision$, $Date$ */ public class NameConstraintsExtDefault extends EnrollExtDefault { public static final String CONFIG_CRITICAL = "nameConstraintsCritical"; - public static final String CONFIG_NUM_PERMITTED_SUBTREES = - "nameConstraintsNumPermittedSubtrees"; + public static final String CONFIG_NUM_PERMITTED_SUBTREES = + "nameConstraintsNumPermittedSubtrees"; public static final String CONFIG_PERMITTED_MIN_VAL = "nameConstraintsPermittedSubtreeMinValue_"; public static final String CONFIG_PERMITTED_MAX_VAL = "nameConstraintsPermittedSubtreeMaxValue_"; public static final String CONFIG_PERMITTED_NAME_CHOICE = "nameConstraintsPermittedSubtreeNameChoice_"; public static final String CONFIG_PERMITTED_NAME_VAL = "nameConstraintsPermittedSubtreeNameValue_"; public static final String CONFIG_PERMITTED_ENABLE = "nameConstraintsPermittedSubtreeEnable_"; - + public static final String CONFIG_NUM_EXCLUDED_SUBTREES = "nameConstraintsNumExcludedSubtrees"; public static final String CONFIG_EXCLUDED_MIN_VAL = "nameConstraintsExcludedSubtreeMinValue_"; public static final String CONFIG_EXCLUDED_MAX_VAL = "nameConstraintsExcludedSubtreeMaxValue_"; @@ -87,7 +84,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); @@ -128,48 +125,47 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { return num; } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_PERMITTED_SUBTREES)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_PERMITTED_SUBTREES || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_PERMITTED_SUBTREES || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES)); - } - } else if(name.equals(CONFIG_NUM_EXCLUDED_SUBTREES)) { + } + } else if (name.equals(CONFIG_NUM_EXCLUDED_SUBTREES)) { try { - num = Integer.parseInt(value); + num = Integer.parseInt(value); - if (num >= MAX_NUM_EXCLUDED_SUBTREES || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_EXCLUDED_SUBTREES || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES)); - } + } } super.setConfig(name, value); } - public Enumeration<String> getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); } protected void refreshConfigAndValueNames() { - //refesh our config name list + // refesh our config name list super.refreshConfigAndValueNames(); @@ -203,50 +199,49 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_PERMITTED_MIN_VAL)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_MIN_VAL")); } else if (name.startsWith(CONFIG_PERMITTED_MAX_VAL)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_MAX_VAL")); } else if (name.startsWith(CONFIG_PERMITTED_NAME_CHOICE)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_NAME_CHOICE")); } else if (name.startsWith(CONFIG_PERMITTED_NAME_VAL)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_NAME_VAL")); } else if (name.startsWith(CONFIG_PERMITTED_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_EXCLUDED_MIN_VAL)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_MIN_VAL")); } else if (name.startsWith(CONFIG_EXCLUDED_MAX_VAL)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_MAX_VAL")); } else if (name.startsWith(CONFIG_EXCLUDED_NAME_CHOICE)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_NAME_CHOICE")); } else if (name.startsWith(CONFIG_EXCLUDED_NAME_VAL)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_NAME_VAL")); } else if (name.startsWith(CONFIG_EXCLUDED_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_EXCLUDED_SUBTREES)) { @@ -255,23 +250,23 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { CMS.getUserMessage(locale, "CMS_PROFILE_NUM_EXCLUDED_SUBTREES")); } else if (name.startsWith(CONFIG_NUM_PERMITTED_SUBTREES)) { return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_PERMITTED_SUBTREES")); + "1", + CMS.getUserMessage(locale, "CMS_PROFILE_NUM_PERMITTED_SUBTREES")); } return null; } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_PERMITTED_SUBTREES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_SUBTREES")); } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_SUBTREES")); } else { @@ -280,21 +275,21 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { NameConstraintsExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (NameConstraintsExtension) getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { @@ -302,19 +297,19 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_PERMITTED_SUBTREES)) { + ext.setCritical(val); + } else if (name.equals(VAL_PERMITTED_SUBTREES)) { ext = (NameConstraintsExtension) getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } if ((value == null) || (value.equals("null")) || (value.equals(""))) { - CMS.debug("NameConstraintsExtDefault:setValue : " + + CMS.debug("NameConstraintsExtDefault:setValue : " + "blank value for permitted subtrees ... returning"); return; } @@ -323,17 +318,17 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { Vector<GeneralSubtree> permittedSubtrees = createSubtrees(locale, v); - ext.set(NameConstraintsExtension.PERMITTED_SUBTREES, - new GeneralSubtrees(permittedSubtrees)); + ext.set(NameConstraintsExtension.PERMITTED_SUBTREES, + new GeneralSubtrees(permittedSubtrees)); } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { ext = (NameConstraintsExtension) getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } if ((value == null) || (value.equals("null")) || (value.equals(""))) { - CMS.debug("NameConstraintsExtDefault:setValue : " + + CMS.debug("NameConstraintsExtDefault:setValue : " + "blank value for excluded subtrees ... returning"); return; } @@ -341,21 +336,21 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { Vector<GeneralSubtree> excludedSubtrees = createSubtrees(locale, v); - ext.set(NameConstraintsExtension.EXCLUDED_SUBTREES, - new GeneralSubtrees(excludedSubtrees)); + ext.set(NameConstraintsExtension.EXCLUDED_SUBTREES, + new GeneralSubtrees(excludedSubtrees)); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.NameConstraints_Id.toString(), ext, info); } catch (IOException e) { CMS.debug("NameConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("NameConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -385,16 +380,16 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } else if (name1.equals(MAX_VALUE)) { maxS = nvps.getValue(name1); } - } + } if (choice == null || choice.length() == 0) { throw new EPropertyException(CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAME_NOT_FOUND")); } - + if (val == null) val = ""; - + int min = 0; int max = -1; @@ -410,7 +405,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { gnI = parseGeneralName(choice + ":" + val); } catch (IOException e) { CMS.debug("NameConstraintsExtDefault: createSubtress " + - e.toString()); + e.toString()); } if (gnI != null) { @@ -423,32 +418,31 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { gn, min, max); subtrees.addElement(subtree); - } + } return subtrees; } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { NameConstraintsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); + getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -465,7 +459,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_PERMITTED_SUBTREES)) { + } else if (name.equals(VAL_PERMITTED_SUBTREES)) { ext = (NameConstraintsExtension) getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); @@ -475,19 +469,19 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { GeneralSubtrees subtrees = null; try { - subtrees = (GeneralSubtrees) + subtrees = (GeneralSubtrees) ext.get(NameConstraintsExtension.PERMITTED_SUBTREES); } catch (IOException e) { CMS.debug("NameConstraintExtDefault: getValue " + e.toString()); } - if( subtrees == null ) { - CMS.debug( "NameConstraintsExtDefault::getValue() VAL_PERMITTED_SUBTREES is null!" ); - throw new EPropertyException( "subtrees is null" ); + if (subtrees == null) { + CMS.debug("NameConstraintsExtDefault::getValue() VAL_PERMITTED_SUBTREES is null!"); + throw new EPropertyException("subtrees is null"); } return getSubtreesInfo(ext, subtrees); - } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { + } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { ext = (NameConstraintsExtension) getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); @@ -497,26 +491,26 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { GeneralSubtrees subtrees = null; try { - subtrees = (GeneralSubtrees) + subtrees = (GeneralSubtrees) ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES); } catch (IOException e) { CMS.debug("NameConstraintExtDefault: getValue " + e.toString()); } - if( subtrees == null ) { - CMS.debug( "NameConstraintsExtDefault::getValue() VAL_EXCLUDED_SUBTREES is null!" ); - throw new EPropertyException( "subtrees is null" ); + if (subtrees == null) { + CMS.debug("NameConstraintsExtDefault::getValue() VAL_EXCLUDED_SUBTREES is null!"); + throw new EPropertyException("subtrees is null"); } return getSubtreesInfo(ext, subtrees); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } - private String getSubtreesInfo(NameConstraintsExtension ext, - GeneralSubtrees subtrees) throws EPropertyException { + private String getSubtreesInfo(NameConstraintsExtension ext, + GeneralSubtrees subtrees) throws EPropertyException { Vector<GeneralSubtree> trees = subtrees.getSubtrees(); int size = trees.size(); @@ -526,8 +520,8 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { GeneralSubtree tree = (GeneralSubtree) trees.elementAt(i); GeneralName gn = tree.getGeneralName(); - String type = getGeneralNameType(gn); - int max = tree.getMaxValue(); + String type = getGeneralNameType(gn); + int max = tree.getMaxValue(); int min = tree.getMinValue(); NameValuePairs pairs = new NameValuePairs(); @@ -540,7 +534,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { recs.addElement(pairs); } - + return buildRecords(recs); } @@ -583,8 +577,8 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_EXCLUDED_MAX_VAL + i)); sb.append("}"); } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_NAME_CONSTRAINTS_EXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_NAME_CONSTRAINTS_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); } @@ -592,14 +586,14 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { NameConstraintsExtension ext = createExtension(); addExtension(PKIXExtensions.NameConstraints_Id.toString(), ext, info); } public NameConstraintsExtension createExtension() { - NameConstraintsExtension ext = null; + NameConstraintsExtension ext = null; try { int num = getNumPermitted(); @@ -637,18 +631,18 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } } - ext = new NameConstraintsExtension(critical, + ext = new NameConstraintsExtension(critical, new GeneralSubtrees(v), new GeneralSubtrees(v1)); } catch (Exception e) { - CMS.debug("NameConstraintsExtDefault: createExtension " + - e.toString()); + CMS.debug("NameConstraintsExtDefault: createExtension " + + e.toString()); } return ext; } - private GeneralSubtree createSubtree(String choice, String value, - String minS, String maxS) { + private GeneralSubtree createSubtree(String choice, String value, + String minS, String maxS) { GeneralName gn = null; GeneralNameInterface gnI = null; @@ -660,7 +654,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { if (gnI != null) gn = new GeneralName(gnI); else - //throw new EPropertyException("GeneralName must not be null"); + // throw new EPropertyException("GeneralName must not be null"); return null; int min = 0; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java index 283f5083..8197d3de 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -32,13 +31,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements no default policy. - * + * * @version $Revision$, $Date$ */ -public class NoDefault implements IPolicyDefault { +public class NoDefault implements IPolicyDefault { public static final String PROP_NAME = "name"; @@ -55,7 +53,7 @@ public class NoDefault implements IPolicyDefault { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { } public String getDefaultConfig(String name) { @@ -67,7 +65,7 @@ public class NoDefault implements IPolicyDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } @@ -79,7 +77,7 @@ public class NoDefault implements IPolicyDefault { * Populates the request with this policy default. */ public void populate(IRequest request) - throws EProfileException { + throws EProfileException { } public Enumeration getValueNames() { @@ -90,9 +88,9 @@ public class NoDefault implements IPolicyDefault { return null; } - public void setValue(String name, Locale locale, IRequest request, - String value) - throws EPropertyException { + public void setValue(String name, Locale locale, IRequest request, + String value) + throws EPropertyException { } public String getValue(String name, Locale locale, IRequest request) { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java index 28a25a6e..576d1a5d 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Locale; import netscape.security.extensions.OCSPNoCheckExtension; @@ -32,12 +31,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates an OCSP No Check extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates an OCSP No + * Check extension into the certificate template. + * * @version $Revision$, $Date$ */ public class OCSPNoCheckExtDefault extends EnrollExtDefault { @@ -53,13 +50,13 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else { @@ -69,7 +66,7 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else { @@ -78,70 +75,67 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + X509CertInfo info, String value) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } OCSPNoCheckExtension ext = (OCSPNoCheckExtension) getExtension(OCSPNoCheckExtension.OID, info); - - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (OCSPNoCheckExtension) - getExtension(OCSPNoCheckExtension.OID, info); + getExtension(OCSPNoCheckExtension.OID, info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { - return; + if (ext == null) { + return; } ext.setCritical(val); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } OCSPNoCheckExtension ext = (OCSPNoCheckExtension) getExtension(OCSPNoCheckExtension.OID, info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (OCSPNoCheckExtension) - getExtension(OCSPNoCheckExtension.OID, info); + getExtension(OCSPNoCheckExtension.OID, info); if (ext == null) { return null; @@ -152,7 +146,7 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault { return "false"; } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -166,20 +160,20 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { OCSPNoCheckExtension ext = createExtension(); addExtension(OCSPNoCheckExtension.OID, ext, info); } public OCSPNoCheckExtension createExtension() { - OCSPNoCheckExtension ext = null; + OCSPNoCheckExtension ext = null; try { ext = new OCSPNoCheckExtension(); } catch (Exception e) { CMS.debug("OCSPNoCheckExtDefault: createExtension " + - e.toString()); + e.toString()); return null; } boolean critical = getConfigBoolean(CONFIG_CRITICAL); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java index 9a36f0cd..c8a4e675 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a policy constraints extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a policy + * constraints extension into the certificate template. + * * @version $Revision$, $Date$ */ public class PolicyConstraintsExtDefault extends EnrollExtDefault { @@ -64,17 +61,17 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_REQ_EXPLICIT_POLICY)) { - return new Descriptor(IDescriptor.INTEGER, null, + return new Descriptor(IDescriptor.INTEGER, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY")); } else if (name.equals(CONFIG_INHIBIT_POLICY_MAPPING)) { @@ -87,11 +84,11 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { - return new Descriptor(IDescriptor.INTEGER, null, + return new Descriptor(IDescriptor.INTEGER, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY")); } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { @@ -103,104 +100,103 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { PolicyConstraintsExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (PolicyConstraintsExtension) getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); + info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { + ext.setCritical(val); + } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); - - if(ext == null) { + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); + + if (ext == null) { return; - } + } Integer num = new Integer(value); ext.set(PolicyConstraintsExtension.REQUIRE, num); - } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { + } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); - if(ext == null) { + if (ext == null) { return; } Integer num = new Integer(value); ext.set(PolicyConstraintsExtension.INHIBIT, num); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - ext, info); + ext, info); } catch (EProfileException e) { CMS.debug("PolicyConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } catch (IOException e) { CMS.debug("PolicyConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { PolicyConstraintsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (PolicyConstraintsExtension) getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); - if(ext == null) - { + info); + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); if (ext == null) { return null; @@ -210,10 +206,10 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { + } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); if (ext == null) return ""; @@ -223,8 +219,8 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { return "" + num; } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); if (ext == null) return ""; @@ -233,15 +229,15 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { return "" + num; } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_REQ_EXPLICIT_POLICY), + getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_REQ_EXPLICIT_POLICY), getConfig(CONFIG_INHIBIT_POLICY_MAPPING) }; @@ -252,17 +248,17 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { PolicyConstraintsExtension ext = createExtension(); if (ext == null) return; - addExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - ext, info); + addExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + ext, info); } public PolicyConstraintsExtension createExtension() { - PolicyConstraintsExtension ext = null; + PolicyConstraintsExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -281,8 +277,8 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { } ext = new PolicyConstraintsExtension(critical, reqNum, inhibitNum); } catch (Exception e) { - CMS.debug("PolicyConstraintsExtDefault: createExtension " + - e.toString()); + CMS.debug("PolicyConstraintsExtDefault: createExtension " + + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java index 05899e2c..c186c453 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -40,12 +39,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a policy mappings extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a policy + * mappings extension into the certificate template. + * * @version $Revision$, $Date$ */ public class PolicyMappingsExtDefault extends EnrollExtDefault { @@ -85,27 +82,27 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_POLICY_MAPPINGS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_MAPPINGS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_MAPPINGS || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS)); - } + } } super.setConfig(name, value); } @@ -132,7 +129,7 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { return new Descriptor(IDescriptor.BOOLEAN, null, "false", @@ -151,8 +148,8 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_POLICY_MAPPINGS)) { return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICY_MAPPINGS")); + "1", + CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICY_MAPPINGS")); } return null; @@ -160,7 +157,7 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_DOMAINS)) { @@ -172,43 +169,43 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { PolicyMappingsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (PolicyMappingsExtension) getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); + info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); + getExtension(PKIXExtensions.PolicyMappings_Id.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_DOMAINS)) { + ext.setCritical(val); + } else if (name.equals(VAL_DOMAINS)) { ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); - - if(ext == null) { + getExtension(PKIXExtensions.PolicyMappings_Id.toString(), + info); + + if (ext == null) { return; - } + } Vector<NameValuePairs> v = parseRecords(value); int size = v.size(); @@ -232,12 +229,12 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { enable = nvps.getValue(name1); } } - + if (enable != null && enable.equals("true")) { - if (issuerPolicyId == null || - issuerPolicyId.length() == 0 || subjectPolicyId == null || - subjectPolicyId.length() == 0) - throw new EPropertyException(CMS.getUserMessage( + if (issuerPolicyId == null || + issuerPolicyId.length() == 0 || subjectPolicyId == null || + subjectPolicyId.length() == 0) + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_PROFILE_POLICY_ID_NOT_FOUND")); CertificatePolicyMap map = new CertificatePolicyMap( new CertificatePolicyId(new ObjectIdentifier(issuerPolicyId)), @@ -248,52 +245,51 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { } ext.set(PolicyMappingsExtension.MAP, policyMaps); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.PolicyMappings_Id.toString(), - ext, info); + ext, info); } catch (EProfileException e) { CMS.debug("PolicyMappingsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } catch (IOException e) { CMS.debug("PolicyMappingsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { PolicyMappingsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (PolicyMappingsExtension) getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); - if(ext == null) - { + info); + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); + getExtension(PKIXExtensions.PolicyMappings_Id.toString(), + info); if (ext == null) { return null; @@ -303,10 +299,10 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_DOMAINS)) { + } else if (name.equals(VAL_DOMAINS)) { ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); + getExtension(PKIXExtensions.PolicyMappings_Id.toString(), + info); if (ext == null) return ""; @@ -314,7 +310,7 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { int num_mappings = getNumMappings(); Enumeration<CertificatePolicyMap> maps = ext.getMappings(); - + int num = 0; StringBuffer sb = new StringBuffer(); @@ -323,12 +319,12 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { for (int i = 0; i < num_mappings; i++) { NameValuePairs pairs = new NameValuePairs(); - if (maps.hasMoreElements()) { - CertificatePolicyMap map = - (CertificatePolicyMap) maps.nextElement(); - + if (maps.hasMoreElements()) { + CertificatePolicyMap map = + (CertificatePolicyMap) maps.nextElement(); + CertificatePolicyId i1 = map.getIssuerIdentifier(); - CertificatePolicyId s1 = map.getSubjectIdentifier(); + CertificatePolicyId s1 = map.getSubjectIdentifier(); pairs.add(ISSUER_POLICY_ID, i1.getIdentifier().toString()); pairs.add(SUBJECT_POLICY_ID, s1.getIdentifier().toString()); @@ -337,14 +333,14 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { pairs.add(ISSUER_POLICY_ID, ""); pairs.add(SUBJECT_POLICY_ID, ""); pairs.add(POLICY_ID_ENABLE, "false"); - + } recs.addElement(pairs); - } - + } + return buildRecords(recs); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -368,8 +364,8 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_ENABLE + i)); sb.append("}"); } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_POLICY_MAPPINGS_EXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_POLICY_MAPPINGS_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); } @@ -377,24 +373,24 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { PolicyMappingsExtension ext = createExtension(); if (ext == null) return; - addExtension(PKIXExtensions.PolicyMappings_Id.toString(), - ext, info); + addExtension(PKIXExtensions.PolicyMappings_Id.toString(), + ext, info); } public PolicyMappingsExtension createExtension() { - PolicyMappingsExtension ext = null; + PolicyMappingsExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); Vector<CertificatePolicyMap> policyMaps = new Vector<CertificatePolicyMap>(); int num = getNumMappings(); - for (int i = 0; i < num; i++) { + for (int i = 0; i < num; i++) { String enable = getConfig(CONFIG_ENABLE + i); if (enable != null && enable.equals("true")) { @@ -420,8 +416,8 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { ext = new PolicyMappingsExtension(critical, policyMaps); } catch (Exception e) { - CMS.debug("PolicyMappingsExtDefault: createExtension " + - e.toString()); + CMS.debug("PolicyMappingsExtDefault: createExtension " + + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java index f1a71ff9..73d4df32 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.text.ParsePosition; import java.text.SimpleDateFormat; import java.util.Date; @@ -37,12 +36,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a Private Key Usage Period extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a Private + * Key Usage Period extension into the certificate template. + * * @version $Revision$, $Date$ */ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { @@ -70,13 +67,13 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_START_TIME)) { @@ -93,28 +90,28 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (name.equals(CONFIG_START_TIME)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( + try { + Integer.parseInt(value); + } catch (Exception e) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); - } + } } else if (name.equals(CONFIG_DURATION)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( + try { + Integer.parseInt(value); + } catch (Exception e) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_DURATION)); - } + } } super.setConfig(name, value); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_NOT_BEFORE)) { @@ -131,13 +128,13 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { PrivateKeyUsageExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -146,8 +143,8 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { @@ -156,38 +153,38 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { getExtension(oid.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if (ext == null) { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - ParsePosition pos = new ParsePosition(0); + ext.setCritical(val); + } else if (name.equals(VAL_NOT_BEFORE)) { + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); + ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); - if (ext == null) { + if (ext == null) { return; } ext.set(PrivateKeyUsageExtension.NOT_BEFORE, date); - } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - ParsePosition pos = new ParsePosition(0); + } else if (name.equals(VAL_NOT_AFTER)) { + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); + ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); - if (ext == null) { + if (ext == null) { return; } ext.set(PrivateKeyUsageExtension.NOT_AFTER, date); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -200,12 +197,12 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { PrivateKeyUsageExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -214,14 +211,13 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -239,9 +235,9 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + } else if (name.equals(VAL_NOT_BEFORE)) { + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); @@ -250,9 +246,9 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { return ""; return formatter.format(ext.getNotBefore()); - } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + } else if (name.equals(VAL_NOT_AFTER)) { + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); @@ -262,14 +258,14 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { return formatter.format(ext.getNotAfter()); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_CRITICAL), getConfig(CONFIG_START_TIME), getConfig(CONFIG_DURATION) }; @@ -281,27 +277,27 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { PrivateKeyUsageExtension ext = createExtension(); addExtension(ext.getExtensionId().toString(), ext, info); } public PrivateKeyUsageExtension createExtension() { - PrivateKeyUsageExtension ext = null; + PrivateKeyUsageExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); - // always + 60 seconds + // always + 60 seconds String startTimeStr = getConfig(CONFIG_START_TIME); - if (startTimeStr == null || startTimeStr.equals("")) { - startTimeStr = "60"; - } - int startTime = Integer.parseInt(startTimeStr); - Date notBefore = new Date(CMS.getCurrentDate().getTime() + - (1000 * startTime)); + if (startTimeStr == null || startTimeStr.equals("")) { + startTimeStr = "60"; + } + int startTime = Integer.parseInt(startTimeStr); + Date notBefore = new Date(CMS.getCurrentDate().getTime() + + (1000 * startTime)); long notAfterVal = 0; notAfterVal = notBefore.getTime() + @@ -309,10 +305,10 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { Date notAfter = new Date(notAfterVal); ext = new PrivateKeyUsageExtension(notBefore, notAfter); - ext.setCritical(critical); + ext.setCritical(critical); } catch (Exception e) { - CMS.debug("PrivateKeyUsagePeriodExt: createExtension " + - e.toString()); + CMS.debug("PrivateKeyUsagePeriodExt: createExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java index 4bca9350..29d1116c 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Locale; import netscape.security.x509.AlgorithmId; @@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a signing algorithm - * into the certificate template. - * + * This class implements an enrollment default policy that populates a signing + * algorithm into the certificate template. + * * @version $Revision$, $Date$ */ public class SigningAlgDefault extends EnrollDefault { @@ -47,8 +44,8 @@ public class SigningAlgDefault extends EnrollDefault { public static final String CONFIG_ALGORITHM = "signingAlg"; public static final String VAL_ALGORITHM = "signingAlg"; - public static final String DEF_CONFIG_ALGORITHMS = - "-,MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA"; + public static final String DEF_CONFIG_ALGORITHMS = + "-,MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA"; public SigningAlgDefault() { super(); @@ -57,7 +54,7 @@ public class SigningAlgDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -68,41 +65,39 @@ public class SigningAlgDefault extends EnrollDefault { CMS.getUserMessage(locale, "CMS_PROFILE_SIGNING_ALGORITHM")); } else { return null; - } + } } - public String getSigningAlg() - { - String signingAlg = getConfig(CONFIG_ALGORITHM); - // if specified, use the specified one. Otherwise, pick - // the best selection for the user - if (signingAlg == null || signingAlg.equals("") || - signingAlg.equals("-")) { - // best pick for the user - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); - return ca.getDefaultAlgorithm(); - } else { - return signingAlg; - } + public String getSigningAlg() { + String signingAlg = getConfig(CONFIG_ALGORITHM); + // if specified, use the specified one. Otherwise, pick + // the best selection for the user + if (signingAlg == null || signingAlg.equals("") || + signingAlg.equals("-")) { + // best pick for the user + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); + return ca.getDefaultAlgorithm(); + } else { + return signingAlg; + } } - public String getDefSigningAlgorithms() - { - StringBuffer allowed = new StringBuffer(); - ICertificateAuthority ca = (ICertificateAuthority) + public String getDefSigningAlgorithms() { + StringBuffer allowed = new StringBuffer(); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); - String algos[] = ca.getCASigningAlgorithms(); - for (int i = 0; i < algos.length; i++) { - if (allowed.length()== 0) { - allowed.append(algos[i]); - } else { - allowed.append(","); - allowed.append(algos[i]); + String algos[] = ca.getCASigningAlgorithms(); + for (int i = 0; i < algos.length; i++) { + if (allowed.length() == 0) { + allowed.append(algos[i]); + } else { + allowed.append(","); + allowed.append(algos[i]); + } } - } - return allowed.toString(); - } + return allowed.toString(); + } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_ALGORITHM)) { @@ -115,31 +110,31 @@ public class SigningAlgDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + X509CertInfo info, String value) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_ALGORITHM)) { try { info.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId( - AlgorithmId.getAlgorithmId(value))); + new CertificateAlgorithmId( + AlgorithmId.getAlgorithmId(value))); } catch (Exception e) { CMS.debug("SigningAlgDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) throw new EPropertyException("Invalid name " + name); @@ -151,23 +146,23 @@ public class SigningAlgDefault extends EnrollDefault { algId = (CertificateAlgorithmId) info.get(X509CertInfo.ALGORITHM_ID); AlgorithmId id = (AlgorithmId) - algId.get(CertificateAlgorithmId.ALGORITHM); + algId.get(CertificateAlgorithmId.ALGORITHM); return id.toString(); } catch (Exception e) { CMS.debug("SigningAlgDefault: getValue " + e.toString()); } - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIGNING_ALGORITHM", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIGNING_ALGORITHM", getSigningAlg()); } @@ -175,11 +170,11 @@ public class SigningAlgDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { try { info.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId( - AlgorithmId.getAlgorithmId(getSigningAlg()))); + new CertificateAlgorithmId( + AlgorithmId.getAlgorithmId(getSigningAlg()))); } catch (Exception e) { CMS.debug("SigningAlgDefault: populate " + e.toString()); } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java index 8adc94dc..f02a65de 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -42,12 +41,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a subject alternative name extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a subject + * alternative name extension into the certificate template. + * * @version $Revision$, $Date$ */ public class SubjectAltNameExtDefault extends EnrollExtDefault { @@ -90,70 +87,69 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } if (num >= MAX_NUM_GN) - num = DEF_NUM_GN; + num = DEF_NUM_GN; return num; } - public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { - super.init(profile,config); - refreshConfigAndValueNames(); + super.init(profile, config); + refreshConfigAndValueNames(); // migrate old parameters to new parameters String old_type = null; String old_pattern = null; IConfigStore paramConfig = config.getSubStore("params"); try { - if (paramConfig != null) { - old_type = paramConfig.getString(CONFIG_OLD_TYPE); - } + if (paramConfig != null) { + old_type = paramConfig.getString(CONFIG_OLD_TYPE); + } } catch (EBaseException e) { - // nothing to do here + // nothing to do here } CMS.debug("SubjectAltNameExtDefault: Upgrading old_type=" + old_type); try { - if (paramConfig != null) { - old_pattern = paramConfig.getString(CONFIG_OLD_PATTERN); - } + if (paramConfig != null) { + old_pattern = paramConfig.getString(CONFIG_OLD_PATTERN); + } } catch (EBaseException e) { - // nothing to do here + // nothing to do here } CMS.debug("SubjectAltNameExtDefault: Upgrading old_pattern=" + old_pattern); - if (old_type != null && old_pattern != null) { - CMS.debug("SubjectAltNameExtDefault: Upgrading"); - try { - paramConfig.putString(CONFIG_NUM_GNS, "1"); - paramConfig.putString(CONFIG_GN_ENABLE + "0", "true"); - paramConfig.putString(CONFIG_TYPE + "0", old_type); - paramConfig.putString(CONFIG_PATTERN + "0", old_pattern); - paramConfig.remove(CONFIG_OLD_TYPE); - paramConfig.remove(CONFIG_OLD_PATTERN); - profile.getConfigStore().commit(true); - } catch (Exception e) { - CMS.debug("SubjectAltNameExtDefault: Failed to upgrade " + e); - } + if (old_type != null && old_pattern != null) { + CMS.debug("SubjectAltNameExtDefault: Upgrading"); + try { + paramConfig.putString(CONFIG_NUM_GNS, "1"); + paramConfig.putString(CONFIG_GN_ENABLE + "0", "true"); + paramConfig.putString(CONFIG_TYPE + "0", old_type); + paramConfig.putString(CONFIG_PATTERN + "0", old_pattern); + paramConfig.remove(CONFIG_OLD_TYPE); + paramConfig.remove(CONFIG_OLD_PATTERN); + profile.getConfigStore().commit(true); + } catch (Exception e) { + CMS.debug("SubjectAltNameExtDefault: Failed to upgrade " + e); + } } } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_GNS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_GN || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_GN || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS)); - } + } } super.setConfig(name, value); } @@ -173,29 +169,29 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { int num = getNumGNs(); addConfigName(CONFIG_NUM_GNS); for (int i = 0; i < num; i++) { - addConfigName(CONFIG_TYPE + i); - addConfigName(CONFIG_PATTERN + i); - addConfigName(CONFIG_GN_ENABLE + i); + addConfigName(CONFIG_TYPE + i); + addConfigName(CONFIG_PATTERN + i); + addConfigName(CONFIG_GN_ENABLE + i); } } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { + + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_TYPE)) { return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName,OtherName", "RFC822Name", - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_ALT_NAME_TYPE")); + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_ALT_NAME_TYPE")); } else if (name.startsWith(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_ALT_NAME_PATTERN")); + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_ALT_NAME_PATTERN")); } else if (name.startsWith(CONFIG_GN_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_GN_ENABLE")); } else if (name.startsWith(CONFIG_NUM_GNS)) { @@ -209,11 +205,11 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); } else { @@ -222,13 +218,13 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { SubjectAlternativeNameExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -236,12 +232,12 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { (SubjectAlternativeNameExtension) getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - if(ext == null) { - populate(null,info); - } + if (ext == null) { + populate(null, info); + } if (name.equals(VAL_CRITICAL)) { - ext = + ext = (SubjectAlternativeNameExtension) getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); @@ -253,7 +249,7 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { ext.setCritical(critical); } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = + ext = (SubjectAlternativeNameExtension) getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); @@ -278,41 +274,41 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } GeneralNameInterface n = parseGeneralName(gname); if (n != null) { - gn.addElement(n); + gn.addElement(n); } } if (gn.size() == 0) { - CMS.debug("GN size is zero"); - deleteExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); + CMS.debug("GN size is zero"); + deleteExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); return; } else { - CMS.debug("GN size is non zero (" + gn.size() + ")"); - ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn); + CMS.debug("GN size is non zero (" + gn.size() + ")"); + ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension( - PKIXExtensions.SubjectAlternativeName_Id.toString(), - ext, info); + PKIXExtensions.SubjectAlternativeName_Id.toString(), + ext, info); } catch (IOException e) { CMS.debug("SubjectAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("SubjectAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { try { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -320,22 +316,21 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { (SubjectAlternativeNameExtension) getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = - (SubjectAlternativeNameExtension) - getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); + ext = + (SubjectAlternativeNameExtension) + getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); if (ext == null) { return null; @@ -346,15 +341,15 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = - (SubjectAlternativeNameExtension) - getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); + ext = + (SubjectAlternativeNameExtension) + getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); if (ext == null) { return null; } GeneralNames names = (GeneralNames) - ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME); + ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME); StringBuffer sb = new StringBuffer(); Enumeration<GeneralNameInterface> e = names.elements(); @@ -369,39 +364,39 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } return sb.toString(); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { - CMS.debug("SubjectAltNameExtDefault: getValue " + - e.toString()); + CMS.debug("SubjectAltNameExtDefault: getValue " + + e.toString()); } return null; } /* - * returns text that goes into description for this extension on - * a profile + * returns text that goes into description for this extension on a profile */ public String getText(Locale locale) { StringBuffer sb = new StringBuffer(); String numGNs = getConfig(CONFIG_NUM_GNS); int num = getNumGNs(); - for (int i= 0; i< num; i++) { + for (int i = 0; i < num; i++) { sb.append("Record #"); sb.append(i); sb.append("{"); sb.append(GN_PATTERN + ":"); sb.append(getConfig(CONFIG_PATTERN + i)); sb.append(","); - sb.append(GN_TYPE +":"); - sb.append(getConfig(CONFIG_TYPE +i)); + sb.append(GN_TYPE + ":"); + sb.append(getConfig(CONFIG_TYPE + i)); sb.append(","); sb.append(GN_ENABLE + ":"); sb.append(getConfig(CONFIG_GN_ENABLE + i)); sb.append("}"); - }; + } + ; return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_ALT_NAME_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); } @@ -410,26 +405,26 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { SubjectAlternativeNameExtension ext = null; try { - /* read from config file*/ + /* read from config file */ ext = createExtension(request); } catch (IOException e) { CMS.debug("SubjectAltNameExtDefault: populate " + e.toString()); } if (ext != null) { - addExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), - ext, info); + addExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), + ext, info); } else { CMS.debug("SubjectAltNameExtDefault: populate sees no extension. get out"); } } public SubjectAlternativeNameExtension createExtension(IRequest request) - throws IOException { + throws IOException { SubjectAlternativeNameExtension ext = null; int num = getNumGNs(); @@ -438,11 +433,11 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { GeneralNames gn = new GeneralNames(); int count = 0; // # of actual gnames - for (int i=0; i< num; i++) { - String enable = getConfig(CONFIG_GN_ENABLE +i); + for (int i = 0; i < num; i++) { + String enable = getConfig(CONFIG_GN_ENABLE + i); if (enable != null && enable.equals("true")) { - CMS.debug("SubjectAltNameExtDefault: createExtension i=" +i); - + CMS.debug("SubjectAltNameExtDefault: createExtension i=" + i); + String pattern = getConfig(CONFIG_PATTERN + i); if (pattern == null || pattern.equals("")) { pattern = " "; @@ -453,28 +448,29 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { // cfu - see if this is server-generated (e.g. UUID4) // to use this feature, use $server.source$ in pattern - String source = getConfig(CONFIG_SOURCE +i); + String source = getConfig(CONFIG_SOURCE + i); String type = getConfig(CONFIG_TYPE + i); if ((source != null) && (!source.equals(""))) { if (type.equalsIgnoreCase("OtherName")) { - CMS.debug("SubjectAlternativeNameExtension: using "+ - source+ " as gn"); + CMS.debug("SubjectAlternativeNameExtension: using " + + source + " as gn"); if (source.equals(CONFIG_SOURCE_UUID4)) { - UUID randUUID = UUID.randomUUID(); - // call the mapPattern that does server-side gen - // request is not used, but needed for the substitute - // function - gname = mapPattern(randUUID.toString(), request, pattern); - } else { //expand more server-gen types here - CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: "+source+". Supported: UUID4"); - continue; + UUID randUUID = UUID.randomUUID(); + // call the mapPattern that does server-side gen + // request is not used, but needed for the + // substitute + // function + gname = mapPattern(randUUID.toString(), request, pattern); + } else { // expand more server-gen types here + CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: " + source + ". Supported: UUID4"); + continue; } } else { - CMS.debug("SubjectAltNameExtDefault: createExtension - source is only supported for subjAltExtType OtherName"); - continue; + CMS.debug("SubjectAltNameExtDefault: createExtension - source is only supported for subjAltExtType OtherName"); + continue; } } else { - if (request != null) { + if (request != null) { gname = mapPattern(request, pattern); } } @@ -483,11 +479,11 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { CMS.debug("gname is empty, not added"); continue; } - CMS.debug("SubjectAltNameExtDefault: createExtension got gname=" +gname); + CMS.debug("SubjectAltNameExtDefault: createExtension got gname=" + gname); GeneralNameInterface n = parseGeneralName(type + ":" + gname); - CMS.debug("adding gname: "+gname); + CMS.debug("adding gname: " + gname); if (n != null) { CMS.debug("SubjectAlternativeNameExtension: n not null"); gn.addElement(n); @@ -496,26 +492,26 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { CMS.debug("SubjectAlternativeNameExtension: n null"); } } - } - } //for + } + } // for if (count != 0) { - try { - ext = new SubjectAlternativeNameExtension(); - } catch (Exception e) { - CMS.debug(e.toString()); - throw new IOException( e.toString() ); - } - ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn); - ext.setCritical(critical); + try { + ext = new SubjectAlternativeNameExtension(); + } catch (Exception e) { + CMS.debug(e.toString()); + throw new IOException(e.toString()); + } + ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn); + ext.setCritical(critical); } else { - CMS.debug("count is 0"); - } + CMS.debug("count is 0"); + } return ext; } - public String mapPattern(IRequest request, String pattern) - throws IOException { + public String mapPattern(IRequest request, String pattern) + throws IOException { Pattern p = new Pattern(pattern); IAttrSet attrSet = null; if (request != null) { @@ -525,8 +521,8 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } // for server-side generated values - public String mapPattern(String val, IRequest request, String pattern) - throws IOException { + public String mapPattern(String val, IRequest request, String pattern) + throws IOException { Pattern p = new Pattern(pattern); IAttrSet attrSet = null; if (request != null) { @@ -535,7 +531,7 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { try { attrSet.set("source", val); } catch (Exception e) { - CMS.debug("SubjectAlternativeNameExtension: mapPattern source "+e.toString()); + CMS.debug("SubjectAlternativeNameExtension: mapPattern source " + e.toString()); } return p.substitute("server", attrSet); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java index 04ae8da3..37916e02 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java @@ -43,10 +43,9 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; /** - * This class implements an enrollment default policy - * that populates a subject directory attributes extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a subject + * directory attributes extension into the certificate template. + * * @version $Revision$, $Date$ */ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { @@ -71,7 +70,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } @@ -95,26 +94,25 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { int num = 0; if (name.equals(DEF_NUM_ATTRS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_ATTRS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_ATTRS || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS)); - } + } } super.setConfig(name, value); } - public Enumeration<String> getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); @@ -136,43 +134,43 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_ATTR_NAME)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS")); } else if (name.startsWith(CONFIG_ATTR_NAME)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ATTR_NAME")); } else if (name.startsWith(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ATTR_VALUE")); } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_ATTRS)) { return new Descriptor(IDescriptor.INTEGER, null, "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS")); - } + CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS")); + } return null; } public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + if (name.equals(VAL_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_ATTR)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_SUBJDIR_ATTRS")); } else { @@ -181,55 +179,53 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { SubjectDirAttributesExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); if (name.equals(VAL_CRITICAL)) { ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) - { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_ATTR)) { + ext.setCritical(val); + } else if (name.equals(VAL_ATTR)) { ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); - if(ext == null) - { + if (ext == null) { return; } Vector<NameValuePairs> v = parseRecords(value); int size = v.size(); - + boolean critical = ext.isCritical(); X500NameAttrMap map = X500NameAttrMap.getDefault(); Vector<Attribute> attrV = new Vector<Attribute>(); - for (int i=0; i < size; i++) { + for (int i = 0; i < size; i++) { NameValuePairs nvps = v.elementAt(i); Enumeration<String> names = nvps.getNames(); String attrName = null; String attrValue = null; String enable = "false"; while (names.hasMoreElements()) { - String name1 = names.nextElement(); + String name1 = names.nextElement(); if (name1.equals(ATTR_NAME)) { attrName = nvps.getValue(name1); @@ -241,8 +237,8 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } if (enable.equals("true")) { - AttributeConfig attributeConfig = - new AttributeConfig(attrName, attrValue); + AttributeConfig attributeConfig = + new AttributeConfig(attrName, attrValue); Attribute attr = attributeConfig.mAttribute; if (attr != null) attrV.addElement(attr); @@ -256,43 +252,43 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } else return; } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - ext, info); + ext, info); } catch (EProfileException e) { - CMS.debug("SubjectDirAttributesExtDefault: setValue " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( + CMS.debug("SubjectDirAttributesExtDefault: setValue " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } catch (IOException e) { - CMS.debug("SubjectDirAttributesExtDefault: setValue " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( + CMS.debug("SubjectDirAttributesExtDefault: setValue " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { SubjectDirAttributesExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); if (name.equals(VAL_CRITICAL)) { ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); if (ext == null) { return null; @@ -302,10 +298,10 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_ATTR)) { + } else if (name.equals(VAL_ATTR)) { ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); if (ext == null) return ""; @@ -315,42 +311,42 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { Vector<NameValuePairs> recs = new Vector<NameValuePairs>(); int num = getNumAttrs(); Enumeration<Attribute> e = ext.getAttributesList(); - CMS.debug("SubjectDirAttributesExtDefault: getValue: attributesList="+e); - int i=0; + CMS.debug("SubjectDirAttributesExtDefault: getValue: attributesList=" + e); + int i = 0; while (e.hasMoreElements()) { NameValuePairs pairs = new NameValuePairs(); pairs.add(ENABLE, "true"); Attribute attr = e.nextElement(); - CMS.debug("SubjectDirAttributesExtDefault: getValue: attribute="+attr); + CMS.debug("SubjectDirAttributesExtDefault: getValue: attribute=" + attr); ObjectIdentifier oid = attr.getOid(); - CMS.debug("SubjectDirAttributesExtDefault: getValue: oid="+oid); - + CMS.debug("SubjectDirAttributesExtDefault: getValue: oid=" + oid); + String vv = map.getName(oid); - if (vv != null) + if (vv != null) pairs.add(ATTR_NAME, vv); else pairs.add(ATTR_NAME, oid.toString()); Enumeration<String> v = attr.getValues(); - + // just support single value for now StringBuffer ss = new StringBuffer(); while (v.hasMoreElements()) { if (ss.length() == 0) - ss.append((String)(v.nextElement())); + ss.append((String) (v.nextElement())); else { ss.append(","); - ss.append((String)(v.nextElement())); + ss.append((String) (v.nextElement())); } } - pairs .add(ATTR_VALUE, ss.toString()); + pairs.add(ATTR_VALUE, ss.toString()); recs.addElement(pairs); i++; } - - for (;i < num; i++) { + + for (; i < num; i++) { NameValuePairs pairs = new NameValuePairs(); pairs.add(ENABLE, "false"); pairs.add(ATTR_NAME, "GENERATIONQUALIFIER"); @@ -360,7 +356,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { return buildRecords(recs); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -383,8 +379,8 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_ENABLE + i)); sb.append("}"); } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_SUBJECT_DIR_ATTR_EXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_SUBJECT_DIR_ATTR_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); } @@ -393,42 +389,42 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { SubjectDirAttributesExtension ext = createExtension(request); if (ext == null) return; - addExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - ext, info); + addExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + ext, info); } public SubjectDirAttributesExtension createExtension(IRequest request) - throws EProfileException { - SubjectDirAttributesExtension ext = null; + throws EProfileException { + SubjectDirAttributesExtension ext = null; int num = 0; boolean critical = getConfigBoolean(CONFIG_CRITICAL); num = getNumAttrs(); - + AttributeConfig attributeConfig = null; Vector<Attribute> attrs = new Vector<Attribute>(); for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_ENABLE + i); + String enable = getConfig(CONFIG_ENABLE + i); if (enable != null && enable.equals("true")) { String attrName = getConfig(CONFIG_ATTR_NAME + i); - String pattern = getConfig(CONFIG_PATTERN + i); + String pattern = getConfig(CONFIG_PATTERN + i); if (pattern == null || pattern.equals("")) pattern = " "; - //check pattern syntax + // check pattern syntax int startpos = pattern.indexOf("$"); int lastpos = pattern.lastIndexOf("$"); String attrValue = pattern; if (!pattern.equals("") && startpos != -1 && - startpos == 0 && lastpos != -1 && - lastpos == (pattern.length()-1)) { + startpos == 0 && lastpos != -1 && + lastpos == (pattern.length() - 1)) { if (request != null) { try { attrValue = mapPattern(request, pattern); @@ -436,7 +432,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { throw new EProfileException(e.toString()); } } - } + } try { attributeConfig = new AttributeConfig(attrName, attrValue); } catch (EPropertyException e) { @@ -454,7 +450,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { attrs.copyInto(attrList); try { ext = - new SubjectDirAttributesExtension(attrList, critical); + new SubjectDirAttributesExtension(attrList, critical); } catch (IOException e) { throw new EProfileException(e.toString()); } @@ -470,50 +466,49 @@ class AttributeConfig { protected Attribute mAttribute = null; public AttributeConfig(String attrName, String attrValue) - throws EPropertyException { + throws EPropertyException { X500NameAttrMap map = X500NameAttrMap.getDefault(); - + if (attrName == null || attrName.length() == 0) { throw new EPropertyException( - CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRNAME", attrName)); + CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRNAME", attrName)); } - + if (attrValue == null || attrValue.length() == 0) { throw new EPropertyException( - CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRVAL", attrValue)); + CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRVAL", attrValue)); } try { mAttributeOID = new ObjectIdentifier(attrName); } catch (Exception e) { - CMS.debug("SubjectDirAttributesExtDefault: invalid OID syntax: "+ attrName); + CMS.debug("SubjectDirAttributesExtDefault: invalid OID syntax: " + attrName); } if (mAttributeOID == null) { mAttributeOID = map.getOid(attrName); if (mAttributeOID == null) throw new EPropertyException( - CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", attrName)); + CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", attrName)); try { checkValue(mAttributeOID, attrValue); } catch (IOException e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage())); + "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage())); } } - try { - mAttribute = new Attribute(mAttributeOID, - str2MultiValues(attrValue)); + mAttribute = new Attribute(mAttributeOID, + str2MultiValues(attrValue)); } catch (IOException e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage())); + "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage())); } } - private static void checkValue(ObjectIdentifier oid, String val) - throws IOException { + private static void checkValue(ObjectIdentifier oid, String val) + throws IOException { AVAValueConverter c = X500NameAttrMap.getDefault().getValueConverter(oid); DerValue derval; @@ -527,7 +522,7 @@ class AttributeConfig { while (tokenizer.hasMoreTokens()) { v.addElement(tokenizer.nextToken()); } - + return v; } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java index 8a3f2afc..309e7228 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -40,11 +39,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates Subject Info Access extension. - * + * This class implements an enrollment default policy that populates Subject + * Info Access extension. + * * @version $Revision$, $Date$ */ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { @@ -87,29 +85,29 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { return num; } - + public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_ADS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_AD || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_AD || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } + } } super.setConfig(name, value); } @@ -137,28 +135,28 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_AD_METHOD)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD")); } else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) { - return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", + return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", "URIName", CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE")); } else if (name.startsWith(CONFIG_AD_LOCATION)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATION")); } else if (name.startsWith(CONFIG_AD_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_AD_ENABLE")); - } else if (name.startsWith(CONFIG_NUM_ADS)) { + } else if (name.startsWith(CONFIG_NUM_ADS)) { return new Descriptor(IDescriptor.INTEGER, null, "1", CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ADS")); @@ -168,11 +166,11 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); } else { @@ -181,45 +179,42 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { SubjectInfoAccessExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } - SubjectInfoAccessExtension a = new SubjectInfoAccessExtension(false); ObjectIdentifier oid = a.getExtensionId(); ext = (SubjectInfoAccessExtension) - getExtension(oid.toString(), info); + getExtension(oid.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } - + if (name.equals(VAL_CRITICAL)) { ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) - { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_GENERAL_NAMES)) { + ext.setCritical(val); + } else if (name.equals(VAL_GENERAL_NAMES)) { ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { return; } boolean critical = ext.isCritical(); @@ -258,17 +253,17 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { GeneralNameInterface interface1 = parseGeneralName(locationType + ":" + location); if (interface1 == null) throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", locationType)); + locale, "CMS_INVALID_PROPERTY", locationType)); gn = new GeneralName(interface1); } - + if (method != null) { try { - ext.addAccessDescription(new ObjectIdentifier(method), gn); + ext.addAccessDescription(new ObjectIdentifier(method), gn); } catch (NumberFormatException ee) { - CMS.debug("SubjectInfoAccessExtDefault: "+ee.toString()); + CMS.debug("SubjectInfoAccessExtDefault: " + ee.toString()); throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_DEF_SIA_OID", method)); + locale, "CMS_PROFILE_DEF_SIA_OID", method)); } } } @@ -291,30 +286,29 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { SubjectInfoAccessExtension ext = null; - if (name == null) { + if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } SubjectInfoAccessExtension a = new SubjectInfoAccessExtension(false); - ObjectIdentifier oid = a.getExtensionId(); + ObjectIdentifier oid = a.getExtensionId(); ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { CMS.debug("SubjectInfoAccessExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -331,7 +325,7 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_GENERAL_NAMES)) { + } else if (name.equals(VAL_GENERAL_NAMES)) { ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), info); @@ -340,11 +334,11 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { return ""; int num = getNumAds(); - + CMS.debug("SubjectInfoAccess num=" + num); Vector recs = new Vector(); - for (int i = 0; i < num; i++) { + for (int i = 0; i < num; i++) { NameValuePairs np = new NameValuePairs(); AccessDescription des = null; @@ -358,7 +352,7 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { np.add(AD_ENABLE, "false"); } else { ObjectIdentifier methodOid = des.getMethod(); - GeneralName gn = des.getLocation(); + GeneralName gn = des.getLocation(); np.add(AD_METHOD, methodOid.toString()); np.add(AD_LOCATION_TYPE, getGeneralNameType(gn)); @@ -397,7 +391,7 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { ads.append(getConfig(CONFIG_AD_ENABLE + i)); ads.append("}"); } - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIA_TEXT", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIA_TEXT", getConfig(CONFIG_CRITICAL), ads.toString()); } @@ -405,14 +399,14 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { SubjectInfoAccessExtension ext = createExtension(); addExtension(ext.getExtensionId().toString(), ext, info); } public SubjectInfoAccessExtension createExtension() { - SubjectInfoAccessExtension ext = null; + SubjectInfoAccessExtension ext = null; int num = getNumAds(); try { @@ -434,21 +428,21 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { String hostname = CMS.getEENonSSLHost(); String port = CMS.getEENonSSLPort(); if (hostname != null && port != null) - location = "http://"+hostname+":"+port+"/ocsp"; + location = "http://" + hostname + ":" + port + "/ocsp"; } } String s = locationType + ":" + location; GeneralNameInterface gn = parseGeneralName(s); if (gn != null) { - ext.addAccessDescription(new ObjectIdentifier(method), - new GeneralName(gn)); + ext.addAccessDescription(new ObjectIdentifier(method), + new GeneralName(gn)); } } } } catch (Exception e) { - CMS.debug("SubjectInfoAccessExtDefault: createExtension " + - e.toString()); + CMS.debug("SubjectInfoAccessExtDefault: createExtension " + + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java index d8b09f5d..4df905a0 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -39,12 +38,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a subject key identifier extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a subject + * key identifier extension into the certificate template. + * * @version $Revision$, $Date$ */ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { @@ -61,19 +58,19 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, + return new Descriptor(IDescriptor.STRING, + IDescriptor.READONLY, null, CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_KEY_ID)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, + return new Descriptor(IDescriptor.STRING, + IDescriptor.READONLY, null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ID")); } else { @@ -82,8 +79,8 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); @@ -99,8 +96,8 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); @@ -108,24 +105,23 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { SubjectKeyIdentifierExtension ext = (SubjectKeyIdentifierExtension) getExtension( - PKIXExtensions.SubjectKey_Id.toString(), info); + PKIXExtensions.SubjectKey_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = - (SubjectKeyIdentifierExtension) getExtension( - PKIXExtensions.SubjectKey_Id.toString(), info); + ext = + (SubjectKeyIdentifierExtension) getExtension( + PKIXExtensions.SubjectKey_Id.toString(), info); if (ext == null) { return null; @@ -136,9 +132,9 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_KEY_ID)) { - ext = - (SubjectKeyIdentifierExtension) getExtension( - PKIXExtensions.SubjectKey_Id.toString(), info); + ext = + (SubjectKeyIdentifierExtension) getExtension( + PKIXExtensions.SubjectKey_Id.toString(), info); if (ext == null) { return null; @@ -149,11 +145,11 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { kid = (KeyIdentifier) ext.get(SubjectKeyIdentifierExtension.KEY_ID); } catch (IOException e) { - CMS.debug( "SubjectKeyIdentifierExtDefault::getValue() - " + - "kid is null!" ); - throw new EPropertyException( CMS.getUserMessage( locale, + CMS.debug("SubjectKeyIdentifierExtDefault::getValue() - " + + "kid is null!"); + throw new EPropertyException(CMS.getUserMessage(locale, "CMS_INVALID_PROPERTY", - name ) ); + name)); } return toHexString(kid.getIdentifier()); } else { @@ -170,7 +166,7 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { SubjectKeyIdentifierExtension ext = createExtension(info); addExtension(PKIXExtensions.SubjectKey_Id.toString(), ext, info); @@ -184,36 +180,36 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { return null; } SubjectKeyIdentifierExtension ext = null; - + boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)).booleanValue(); try { ext = new SubjectKeyIdentifierExtension(critical, kid.getIdentifier()); } catch (IOException e) { - CMS.debug("SubjectKeyIdentifierExtDefault: createExtension " + - e.toString()); + CMS.debug("SubjectKeyIdentifierExtDefault: createExtension " + + e.toString()); // } return ext; } - public KeyIdentifier getKeyIdentifier(X509CertInfo info) { - try { - CertificateX509Key infokey = (CertificateX509Key) - info.get(X509CertInfo.KEY); + public KeyIdentifier getKeyIdentifier(X509CertInfo info) { + try { + CertificateX509Key infokey = (CertificateX509Key) + info.get(X509CertInfo.KEY); X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY); MessageDigest md = MessageDigest.getInstance("SHA-1"); - md.update(key.getKey()); + md.update(key.getKey()); byte[] hash = md.digest(); return new KeyIdentifier(hash); } catch (NoSuchAlgorithmException e) { - CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + - e.toString()); + CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + + e.toString()); } catch (Exception e) { - CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + - e.toString()); + CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + + e.toString()); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java index 9f404e89..787c2358 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates server-side configurable subject name - * into the certificate template. - * + * This class implements an enrollment default policy that populates server-side + * configurable subject name into the certificate template. + * * @version $Revision$, $Date$ */ public class SubjectNameDefault extends EnrollDefault { @@ -55,15 +52,15 @@ public class SubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_NAME)) { - return new Descriptor(IDescriptor.STRING, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_NAME)) { + return new Descriptor(IDescriptor.STRING, null, "CN=TEST", CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } @@ -72,18 +69,18 @@ public class SubjectNameDefault extends EnrollDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_NAME)) { return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -100,25 +97,25 @@ public class SubjectNameDefault extends EnrollDefault { } CMS.debug("SubjectNameDefault: setValue name=" + x500name.toString()); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("SubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -133,18 +130,18 @@ public class SubjectNameDefault extends EnrollDefault { } catch (Exception e) { // nothing CMS.debug("SubjectNameDefault: getValue " + e.toString()); - + } - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_NAME", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_NAME", getConfig(CONFIG_NAME)); } @@ -152,13 +149,13 @@ public class SubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; String subjectName = null; try { - subjectName = mapPattern(request, getConfig(CONFIG_NAME)); + subjectName = mapPattern(request, getConfig(CONFIG_NAME)); } catch (IOException e) { CMS.debug("SubjectNameDefault: mapPattern " + e.toString()); } @@ -176,8 +173,8 @@ public class SubjectNameDefault extends EnrollDefault { // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name CMS.debug("SubjectNameDefault: populate " + e.toString()); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java index c834eee1..19b2d345 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Locale; import netscape.security.x509.CertificateExtensions; @@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a user-supplied extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a + * user-supplied extension into the certificate template. + * * @version $Revision$, $Date$ */ public class UserExtensionDefault extends EnrollExtDefault { @@ -57,11 +54,11 @@ public class UserExtensionDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_OID)) { return new Descriptor(IDescriptor.STRING, null, "Comment Here...", @@ -83,16 +80,16 @@ public class UserExtensionDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { // Nothing to do for read-only values } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + X509CertInfo info) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_OID)) { @@ -104,7 +101,7 @@ public class UserExtensionDefault extends EnrollExtDefault { } return ext.getExtensionId().toString(); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -117,22 +114,22 @@ public class UserExtensionDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificateExtensions inExts = null; String oid = getConfig(CONFIG_OID); inExts = request.getExtDataInCertExts(IEnrollProfile.REQUEST_EXTENSIONS); if (inExts == null) - return; + return; Extension ext = getExtension(getConfig(CONFIG_OID), inExts); if (ext == null) { - CMS.debug("UserExtensionDefault: no user ext supplied for "+ oid); - return; + CMS.debug("UserExtensionDefault: no user ext supplied for " + oid); + return; } // user supplied the ext that's allowed, replace the def set by system deleteExtension(oid, info); - CMS.debug("UserExtensionDefault: using user supplied ext for "+ oid); + CMS.debug("UserExtensionDefault: using user supplied ext for " + oid); addExtension(oid, ext, info); } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java index 1cff57df..97046e5f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.ByteArrayInputStream; import java.math.BigInteger; import java.security.interfaces.DSAParams; @@ -40,12 +39,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a user supplied key - * into the certificate template. - * + * This class implements an enrollment default policy that populates a user + * supplied key into the certificate template. + * * @version $Revision$, $Date$ */ public class UserKeyDefault extends EnrollDefault { @@ -62,24 +59,24 @@ public class UserKeyDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_KEY)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, + return new Descriptor(IDescriptor.STRING, + IDescriptor.READONLY, null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY")); } else if (name.equals(VAL_LEN)) { return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, + IDescriptor.READONLY, null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY_LEN")); } else if (name.equals(VAL_TYPE)) { return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, + IDescriptor.READONLY, null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE")); } else { @@ -88,15 +85,15 @@ public class UserKeyDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { // this default rule is readonly } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { + X509CertInfo info) + throws EPropertyException { + if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -116,7 +113,7 @@ public class UserKeyDefault extends EnrollDefault { ck.get(CertificateX509Key.KEY); } catch (Exception e) { // nothing - } + } if (k == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_PROFILE_KEY_NOT_FOUND")); @@ -139,7 +136,7 @@ public class UserKeyDefault extends EnrollDefault { } catch (Exception e) { // nothing } - if (k == null) { + if (k == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_PROFILE_KEY_NOT_FOUND")); } @@ -171,12 +168,12 @@ public class UserKeyDefault extends EnrollDefault { } catch (Exception e) { // nothing } - if (k == null) { + if (k == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_PROFILE_KEY_NOT_FOUND")); } - return k.getAlgorithm() + " - " + - k.getAlgorithmId().getOID().toString(); + return k.getAlgorithm() + " - " + + k.getAlgorithmId().getOID().toString(); } else { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); @@ -217,7 +214,7 @@ public class UserKeyDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificateX509Key certKey = null; // authenticate the certificate key, and move // the key from request into x509 certinfo diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java index 07e6c77e..b129e741 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.ByteArrayInputStream; import java.util.Locale; @@ -35,12 +34,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a user-supplied signing algorithm - * into the certificate template. - * + * This class implements an enrollment default policy that populates a + * user-supplied signing algorithm into the certificate template. + * * @version $Revision$, $Date$ */ public class UserSigningAlgDefault extends EnrollDefault { @@ -53,30 +50,30 @@ public class UserSigningAlgDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_ALG_ID)) { - return new Descriptor(IDescriptor.STRING, + return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SIGNING_ALGORITHM")); + "CMS_PROFILE_SIGNING_ALGORITHM")); } else { return null; } } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { // this default rule is readonly } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); @@ -88,12 +85,12 @@ public class UserSigningAlgDefault extends EnrollDefault { algID = (CertificateAlgorithmId) info.get(X509CertInfo.ALGORITHM_ID); AlgorithmId id = (AlgorithmId) - algID.get(CertificateAlgorithmId.ALGORITHM); + algID.get(CertificateAlgorithmId.ALGORITHM); return id.toString(); } catch (Exception e) { CMS.debug("UserSigningAlgDefault: setValue " + e.toString()); - return ""; //XXX + return ""; // XXX } } else { throw new EPropertyException(CMS.getUserMessage( @@ -109,7 +106,7 @@ public class UserSigningAlgDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificateAlgorithmId certAlg = null; // authenticate the certificate key, and move // the key from request into x509 certinfo diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java index f589b654..5f3ec298 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -35,12 +34,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a user-supplied subject name - * into the certificate template. - * + * This class implements an enrollment default policy that populates a + * user-supplied subject name into the certificate template. + * * @version $Revision$, $Date$ */ public class UserSubjectNameDefault extends EnrollDefault { @@ -53,7 +50,7 @@ public class UserSubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -67,8 +64,8 @@ public class UserSubjectNameDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); @@ -84,12 +81,12 @@ public class UserSubjectNameDefault extends EnrollDefault { } CMS.debug("SubjectNameDefault: setValue name=" + x500name); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("UserSubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else { @@ -99,10 +96,10 @@ public class UserSubjectNameDefault extends EnrollDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + X509CertInfo info) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -115,10 +112,10 @@ public class UserSubjectNameDefault extends EnrollDefault { } catch (Exception e) { // nothing } - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -131,7 +128,7 @@ public class UserSubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { // authenticate the subject name and populate it // to the certinfo try { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java index 2d79b192..2d3e9245 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.ByteArrayInputStream; import java.util.Date; import java.util.Locale; @@ -35,12 +34,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a user-supplied validity - * into the certificate template. - * + * This class implements an enrollment default policy that populates a + * user-supplied validity into the certificate template. + * * @version $Revision$, $Date$ */ public class UserValidityDefault extends EnrollDefault { @@ -55,13 +52,13 @@ public class UserValidityDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_NOT_BEFORE)) { - return new Descriptor(IDescriptor.STRING, + return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, null, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE")); @@ -76,16 +73,16 @@ public class UserValidityDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { // this default rule is readonly } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + X509CertInfo info) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NOT_BEFORE)) { @@ -93,32 +90,32 @@ public class UserValidityDefault extends EnrollDefault { try { validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); + info.get(X509CertInfo.VALIDITY); Date notBefore = (Date) - validity.get(CertificateValidity.NOT_BEFORE); + validity.get(CertificateValidity.NOT_BEFORE); return notBefore.toString(); } catch (Exception e) { CMS.debug("UserValidityDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_NOT_AFTER)) { try { CertificateValidity validity = null; validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); + info.get(X509CertInfo.VALIDITY); Date notAfter = (Date) - validity.get(CertificateValidity.NOT_AFTER); + validity.get(CertificateValidity.NOT_AFTER); return notAfter.toString(); } catch (Exception e) { CMS.debug("UserValidityDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -131,7 +128,7 @@ public class UserValidityDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificateValidity certValidity = null; // authenticate the certificate key, and move // the key from request into x509 certinfo diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java index 6e9b08ab..ab118757 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.text.ParsePosition; import java.text.SimpleDateFormat; @@ -36,12 +35,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a server-side configurable validity - * into the certificate template. - * + * This class implements an enrollment default policy that populates a + * server-side configurable validity into the certificate template. + * * @version $Revision$, $Date$ */ public class ValidityDefault extends EnrollDefault { @@ -64,26 +61,26 @@ public class ValidityDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (name.equals(CONFIG_RANGE)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_RANGE)); - } + } } else if (name.equals(CONFIG_START_TIME)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); - } + } } super.setConfig(name, value); } @@ -91,16 +88,16 @@ public class ValidityDefault extends EnrollDefault { public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_RANGE)) { return new Descriptor(IDescriptor.STRING, - null, + null, "2922", CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_RANGE")); + "CMS_PROFILE_VALIDITY_RANGE")); } else if (name.equals(CONFIG_START_TIME)) { return new Descriptor(IDescriptor.STRING, - null, + null, "60", /* 1 minute */ CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_START_TIME")); + "CMS_PROFILE_VALIDITY_START_TIME")); } else { return null; } @@ -119,19 +116,19 @@ public class ValidityDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { + X509CertInfo info, String value) + throws EPropertyException { + if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } - if (value == null || value.equals("")) { + if (value == null || value.equals("")) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); CertificateValidity validity = null; @@ -140,15 +137,15 @@ public class ValidityDefault extends EnrollDefault { validity = (CertificateValidity) info.get(X509CertInfo.VALIDITY); validity.set(CertificateValidity.NOT_BEFORE, - date); + date); } catch (Exception e) { CMS.debug("ValidityDefault: setValue " + e.toString()); throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); CertificateValidity validity = null; @@ -157,7 +154,7 @@ public class ValidityDefault extends EnrollDefault { validity = (CertificateValidity) info.get(X509CertInfo.VALIDITY); validity.set(CertificateValidity.NOT_AFTER, - date); + date); } catch (Exception e) { CMS.debug("ValidityDefault: setValue " + e.toString()); throw new EPropertyException(CMS.getUserMessage( @@ -170,16 +167,16 @@ public class ValidityDefault extends EnrollDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); CertificateValidity validity = null; try { @@ -192,8 +189,8 @@ public class ValidityDefault extends EnrollDefault { } throw new EPropertyException("Invalid valie"); } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); CertificateValidity validity = null; try { @@ -214,7 +211,7 @@ public class ValidityDefault extends EnrollDefault { } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", getConfig(CONFIG_RANGE)); } @@ -222,11 +219,11 @@ public class ValidityDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { // always + 60 seconds String startTimeStr = getConfig(CONFIG_START_TIME); try { - startTimeStr = mapPattern(request, startTimeStr); + startTimeStr = mapPattern(request, startTimeStr); } catch (IOException e) { CMS.debug("ValidityDefault: populate " + e.toString()); } @@ -241,7 +238,7 @@ public class ValidityDefault extends EnrollDefault { try { String rangeStr = getConfig(CONFIG_RANGE); rangeStr = mapPattern(request, rangeStr); - notAfterVal = notBefore.getTime() + + notAfterVal = notBefore.getTime() + (mDefault * Integer.parseInt(rangeStr)); } catch (Exception e) { // configured value is not correct @@ -250,8 +247,8 @@ public class ValidityDefault extends EnrollDefault { getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_RANGE)); } Date notAfter = new Date(notAfterVal); - CertificateValidity validity = - new CertificateValidity(notBefore, notAfter); + CertificateValidity validity = + new CertificateValidity(notBefore, notAfter); try { info.set(X509CertInfo.VALIDITY, validity); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java index c8beca2f..ffe7012a 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java @@ -34,22 +34,21 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; /** - * This class implements an enrollment default policy - * that populates server-side configurable subject name - * into the certificate template. - * + * This class implements an enrollment default policy that populates server-side + * configurable subject name into the certificate template. + * * @version $Revision$, $Date$ */ public class nsHKeySubjectNameDefault extends EnrollDefault { - public static final String PROP_PARAMS = "params"; + public static final String PROP_PARAMS = "params"; public static final String CONFIG_DNPATTERN = "dnpattern"; public static final String VAL_NAME = "name"; /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = - "CN=SecureMember - $request.tokencuid$, OU=Subscriber, O=Red Hat, C=US"; + protected static String DEFAULT_DNPATTERN = + "CN=SecureMember - $request.tokencuid$, OU=Subscriber, O=Red Hat, C=US"; protected IConfigStore mParamsConfig; @@ -61,43 +60,43 @@ public class nsHKeySubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsHKeySubjectNameDefault: in getConfigDescriptor, name="+ name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + CMS.debug("nsHKeySubjectNameDefault: in getConfigDescriptor, name=" + name); + if (name.equals(CONFIG_DNPATTERN)) { + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsHKeySubjectNameDefault: in getValueDescriptor name="+name); + CMS.debug("nsHKeySubjectNameDefault: in getValueDescriptor name=" + name); if (name.equals(VAL_NAME)) { return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { - CMS.debug("nsHKeySubjectNameDefault: in setValue, value="+value); + CMS.debug("nsHKeySubjectNameDefault: in setValue, value=" + value); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -111,26 +110,26 @@ public class nsHKeySubjectNameDefault extends EnrollDefault { } CMS.debug("nsHKeySubjectNameDefault: setValue name=" + x500name); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsHKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - CMS.debug("nsHKeySubjectNameDefault: in getValue, name="+name); + X509CertInfo info) + throws EPropertyException { + CMS.debug("nsHKeySubjectNameDefault: in getValue, name=" + name); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -145,19 +144,19 @@ public class nsHKeySubjectNameDefault extends EnrollDefault { } catch (Exception e) { // nothing CMS.debug("nsHKeySubjectNameDefault: getValue " + e.toString()); - + } - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - CMS.debug("nsHKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", + CMS.debug("nsHKeySubjectNameDefault: in getText"); + return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", getConfig(CONFIG_DNPATTERN)); } @@ -165,15 +164,15 @@ public class nsHKeySubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; - CMS.debug("nsHKeySubjectNameDefault: in populate"); + CMS.debug("nsHKeySubjectNameDefault: in populate"); try { - String subjectName = getSubjectName(request); - CMS.debug("subjectName=" + subjectName); - if (subjectName == null || subjectName.equals("")) - return; + String subjectName = getSubjectName(request); + CMS.debug("subjectName=" + subjectName); + if (subjectName == null || subjectName.equals("")) + return; name = new X500Name(subjectName); } catch (IOException e) { @@ -184,32 +183,32 @@ public class nsHKeySubjectNameDefault extends EnrollDefault { // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsHKeySubjectNameDefault: populate " + e.toString()); } } - private String getSubjectName(IRequest request) - throws EProfileException, IOException { + private String getSubjectName(IRequest request) + throws EProfileException, IOException { + + CMS.debug("nsHKeySubjectNameDefault: in getSubjectName"); - CMS.debug("nsHKeySubjectNameDefault: in getSubjectName"); + String pattern = getConfig(CONFIG_DNPATTERN); + if (pattern == null || pattern.equals("")) { + pattern = " "; + } - String pattern = getConfig(CONFIG_DNPATTERN); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } - - String sbjname = ""; + String sbjname = ""; - if (request != null) { - CMS.debug("pattern = "+pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsHKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - } + if (request != null) { + CMS.debug("pattern = " + pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsHKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + } - return sbjname; - } + return sbjname; + } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java index 3a1d1c6e..13e766fa 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java @@ -42,16 +42,15 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; /** - * This class implements an enrollment default policy - * that populates server-side configurable subject name - * into the certificate template. - * + * This class implements an enrollment default policy that populates server-side + * configurable subject name into the certificate template. + * * @version $Revision$, $Date$ */ public class nsNKeySubjectNameDefault extends EnrollDefault { - public static final String PROP_LDAP = "ldap"; - public static final String PROP_PARAMS = "params"; + public static final String PROP_LDAP = "ldap"; + public static final String PROP_PARAMS = "params"; public static final String CONFIG_DNPATTERN = "dnpattern"; public static final String CONFIG_LDAP_STRING_ATTRS = "ldapStringAttributes"; public static final String CONFIG_LDAP_HOST = "ldap.ldapconn.host"; @@ -64,130 +63,132 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { public static final String VAL_NAME = "name"; - public static final String CONFIG_LDAP_VERS = - "2,3"; + public static final String CONFIG_LDAP_VERS = + "2,3"; /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = - "CN=$request.aoluid$, E=$request.mail$"; + protected static String DEFAULT_DNPATTERN = + "CN=$request.aoluid$, E=$request.mail$"; /* ldap configuration sub-store */ - boolean mInitialized = false; + boolean mInitialized = false; protected IConfigStore mInstConfig; protected IConfigStore mLdapConfig; protected IConfigStore mParamsConfig; - /* ldap base dn */ + /* ldap base dn */ protected String mBaseDN = null; /* factory of anonymous ldap connections */ protected ILdapConnFactory mConnFactory = null; - /* the list of LDAP attributes with string values to retrieve to - * form the subject dn. */ + /* + * the list of LDAP attributes with string values to retrieve to form the + * subject dn. + */ protected String[] mLdapStringAttrs = null; public nsNKeySubjectNameDefault() { super(); addConfigName(CONFIG_DNPATTERN); - addConfigName(CONFIG_LDAP_STRING_ATTRS); + addConfigName(CONFIG_LDAP_STRING_ATTRS); addConfigName(CONFIG_LDAP_HOST); addConfigName(CONFIG_LDAP_PORT); addConfigName(CONFIG_LDAP_SEC_CONN); addConfigName(CONFIG_LDAP_VER); addConfigName(CONFIG_LDAP_BASEDN); - addConfigName(CONFIG_LDAP_MIN_CONN); - addConfigName(CONFIG_LDAP_MAX_CONN); + addConfigName(CONFIG_LDAP_MIN_CONN); + addConfigName(CONFIG_LDAP_MAX_CONN); addValueName(CONFIG_DNPATTERN); - addValueName(CONFIG_LDAP_STRING_ATTRS); + addValueName(CONFIG_LDAP_STRING_ATTRS); addValueName(CONFIG_LDAP_HOST); addValueName(CONFIG_LDAP_PORT); addValueName(CONFIG_LDAP_SEC_CONN); addValueName(CONFIG_LDAP_VER); addValueName(CONFIG_LDAP_BASEDN); - addValueName(CONFIG_LDAP_MIN_CONN); - addValueName(CONFIG_LDAP_MAX_CONN); + addValueName(CONFIG_LDAP_MIN_CONN); + addValueName(CONFIG_LDAP_MAX_CONN); } public void init(IProfile profile, IConfigStore config) - throws EProfileException { - mInstConfig = config; + throws EProfileException { + mInstConfig = config; super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsNKeySubjectNameDefault: in getConfigDescriptor, name="+ name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + CMS.debug("nsNKeySubjectNameDefault: in getConfigDescriptor, name=" + name); + if (name.equals(CONFIG_DNPATTERN)) { + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); - } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_LDAP_STRING_ATTRS")); - } else if (name.equals(CONFIG_LDAP_HOST)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_HOST_NAME")); - } else if (name.equals(CONFIG_LDAP_PORT)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_PORT_NUMBER")); - } else if (name.equals(CONFIG_LDAP_SEC_CONN)) { + "CMS_PROFILE_SUBJECT_NAME")); + } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) { + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_STRING_ATTRS")); + } else if (name.equals(CONFIG_LDAP_HOST)) { + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_HOST_NAME")); + } else if (name.equals(CONFIG_LDAP_PORT)) { + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_PORT_NUMBER")); + } else if (name.equals(CONFIG_LDAP_SEC_CONN)) { return new Descriptor(IDescriptor.BOOLEAN, - null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_SECURE_CONN")); - } else if (name.equals(CONFIG_LDAP_VER)) { + null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_SECURE_CONN")); + } else if (name.equals(CONFIG_LDAP_VER)) { return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS, "3", CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_VERSION")); - } else if (name.equals(CONFIG_LDAP_BASEDN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_BASEDN")); - } else if (name.equals(CONFIG_LDAP_MIN_CONN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_LDAP_MIN_CONN")); - } else if (name.equals(CONFIG_LDAP_MAX_CONN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_LDAP_MAX_CONN")); + } else if (name.equals(CONFIG_LDAP_BASEDN)) { + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_BASEDN")); + } else if (name.equals(CONFIG_LDAP_MIN_CONN)) { + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_MIN_CONN")); + } else if (name.equals(CONFIG_LDAP_MAX_CONN)) { + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_MAX_CONN")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsNKeySubjectNameDefault: in getValueDescriptor name="+name); + CMS.debug("nsNKeySubjectNameDefault: in getValueDescriptor name=" + name); if (name.equals(VAL_NAME)) { return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { - CMS.debug("nsNKeySubjectNameDefault: in setValue, value="+value); + CMS.debug("nsNKeySubjectNameDefault: in setValue, value=" + value); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -201,26 +202,26 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { } CMS.debug("nsNKeySubjectNameDefault: setValue name=" + x500name); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsNKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - CMS.debug("nsNKeySubjectNameDefault: in getValue, name="+name); + X509CertInfo info) + throws EPropertyException { + CMS.debug("nsNKeySubjectNameDefault: in getValue, name=" + name); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -235,79 +236,80 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { } catch (Exception e) { // nothing CMS.debug("nsNKeySubjectNameDefault: getValue " + e.toString()); - + } - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - CMS.debug("nsNKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", + CMS.debug("nsNKeySubjectNameDefault: in getText"); + return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", getConfig(CONFIG_DNPATTERN)); } - public void ldapInit() - throws EProfileException { - if (mInitialized == true) return; - - CMS.debug("nsNKeySubjectNameDefault: ldapInit(): begin"); - - try { - // cfu - XXX do more error handling here later - /* initialize ldap server configuration */ - mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS); - mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP); - mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); - mConnFactory = CMS.getLdapAnonConnFactory(); - mConnFactory.init(mLdapConfig); - - /* initialize dn pattern */ - String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); - - if (pattern == null || pattern.length() == 0) - pattern = DEFAULT_DNPATTERN; - - /* initialize ldap string attribute list */ - String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null); - - if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) { - StringTokenizer pAttrs = - new StringTokenizer(ldapStringAttrs, ",", false); - - mLdapStringAttrs = new String[pAttrs.countTokens()]; - - for (int i = 0; i < mLdapStringAttrs.length; i++) { - mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim(); - } - } - CMS.debug("nsNKeySubjectNameDefault: ldapInit(): done"); - mInitialized = true; - } catch (Exception e) { - CMS.debug("nsNKeySubjectNameDefault: ldapInit(): "+e.toString()); - // throw EProfileException... - throw new EProfileException("ldap init failure: "+e.toString()); - } - } + public void ldapInit() + throws EProfileException { + if (mInitialized == true) + return; + + CMS.debug("nsNKeySubjectNameDefault: ldapInit(): begin"); + + try { + // cfu - XXX do more error handling here later + /* initialize ldap server configuration */ + mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS); + mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP); + mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); + mConnFactory = CMS.getLdapAnonConnFactory(); + mConnFactory.init(mLdapConfig); + + /* initialize dn pattern */ + String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); + + if (pattern == null || pattern.length() == 0) + pattern = DEFAULT_DNPATTERN; + + /* initialize ldap string attribute list */ + String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null); + + if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) { + StringTokenizer pAttrs = + new StringTokenizer(ldapStringAttrs, ",", false); + + mLdapStringAttrs = new String[pAttrs.countTokens()]; + + for (int i = 0; i < mLdapStringAttrs.length; i++) { + mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim(); + } + } + CMS.debug("nsNKeySubjectNameDefault: ldapInit(): done"); + mInitialized = true; + } catch (Exception e) { + CMS.debug("nsNKeySubjectNameDefault: ldapInit(): " + e.toString()); + // throw EProfileException... + throw new EProfileException("ldap init failure: " + e.toString()); + } + } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; - CMS.debug("nsNKeySubjectNameDefault: in populate"); - ldapInit(); + CMS.debug("nsNKeySubjectNameDefault: in populate"); + ldapInit(); try { - // cfu - this goes to ldap - String subjectName = getSubjectName(request); - CMS.debug("subjectName=" + subjectName); - if (subjectName == null || subjectName.equals("")) - return; + // cfu - this goes to ldap + String subjectName = getSubjectName(request); + CMS.debug("subjectName=" + subjectName); + if (subjectName == null || subjectName.equals("")) + return; name = new X500Name(subjectName); } catch (IOException e) { @@ -318,55 +320,55 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsNKeySubjectNameDefault: populate " + e.toString()); } } - private String getSubjectName(IRequest request) - throws EProfileException, IOException { + private String getSubjectName(IRequest request) + throws EProfileException, IOException { - CMS.debug("nsNKeySubjectNameDefault: in getSubjectName"); + CMS.debug("nsNKeySubjectNameDefault: in getSubjectName"); - String pattern = getConfig(CONFIG_DNPATTERN); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } - - LDAPConnection conn = null; + String pattern = getConfig(CONFIG_DNPATTERN); + if (pattern == null || pattern.equals("")) { + pattern = " "; + } + + LDAPConnection conn = null; String userdn = null; - String sbjname = ""; - // get DN from ldap to fill request - try { - if (mConnFactory == null) { + String sbjname = ""; + // get DN from ldap to fill request + try { + if (mConnFactory == null) { conn = null; CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no LDAP connection"); throw new EProfileException("no LDAP connection"); } else { conn = mConnFactory.getConn(); - if( conn == null ) { - CMS.debug( "nsNKeySubjectNameDefault::getSubjectName() - " + - "no LDAP connection" ); - throw new EProfileException( "no LDAP connection" ); + if (conn == null) { + CMS.debug("nsNKeySubjectNameDefault::getSubjectName() - " + + "no LDAP connection"); + throw new EProfileException("no LDAP connection"); } CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got LDAP connection"); } - if (request != null) { - CMS.debug("pattern = "+pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - } else { - CMS.debug( "nsNKeySubjectNameDefault::getSubjectName() - " + - "request is null!" ); - throw new EProfileException( "request is null" ); - } - // retrieve the attributes + if (request != null) { + CMS.debug("pattern = " + pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + } else { + CMS.debug("nsNKeySubjectNameDefault::getSubjectName() - " + + "request is null!"); + throw new EProfileException("request is null"); + } + // retrieve the attributes // get user dn. - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with basedn = "+ mBaseDN); + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with basedn = " + mBaseDN); LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB, "(aoluid=" + request.getExtDataInString("aoluid") + ")", null, false); @@ -378,42 +380,43 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): screen name does not exist"); throw new EProfileException("screenname does not exist"); } - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): retrieved entry for aoluid = "+request.getExtDataInString("aoluid"));; - - LDAPEntry entry = null; - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with "+ mLdapStringAttrs.length +" attributes"); - LDAPSearchResults results = - conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", - mLdapStringAttrs, false); - - if (!results.hasMoreElements()) { - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no attributes"); - throw new EProfileException("no ldap attributes found"); - } - entry = results.next(); - // set attrs into request + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): retrieved entry for aoluid = " + request.getExtDataInString("aoluid")); + ; + + LDAPEntry entry = null; + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with " + mLdapStringAttrs.length + " attributes"); + LDAPSearchResults results = + conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", + mLdapStringAttrs, false); + + if (!results.hasMoreElements()) { + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no attributes"); + throw new EProfileException("no ldap attributes found"); + } + entry = results.next(); + // set attrs into request for (int i = 0; i < mLdapStringAttrs.length; i++) { - LDAPAttribute la = - entry.getAttribute(mLdapStringAttrs[i]); - if (la != null) { - String[] sla = la.getStringValueArray(); - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got attribute: "+sla[0]); - request.setExtData(mLdapStringAttrs[i], sla[0]); - } + LDAPAttribute la = + entry.getAttribute(mLdapStringAttrs[i]); + if (la != null) { + String[] sla = la.getStringValueArray(); + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got attribute: " + sla[0]); + request.setExtData(mLdapStringAttrs[i], sla[0]); + } } - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): attributes set in request"); - } catch (Exception e) { - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): "+e.toString()); - throw new EProfileException("getSubjectName() failure: "+e.toString()); - } finally { - try { - if (conn != null) - mConnFactory.returnConn(conn); - } catch (Exception e) { - throw new EProfileException("nsNKeySubjectNameDefault: getSubjectName(): connection return failure"); - } - } - return sbjname; - - } + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): attributes set in request"); + } catch (Exception e) { + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): " + e.toString()); + throw new EProfileException("getSubjectName() failure: " + e.toString()); + } finally { + try { + if (conn != null) + mConnFactory.returnConn(conn); + } catch (Exception e) { + throw new EProfileException("nsNKeySubjectNameDefault: getSubjectName(): connection return failure"); + } + } + return sbjname; + + } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java index 030470b3..31744c59 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java @@ -34,10 +34,9 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; /** - * This class implements an enrollment default policy - * that populates server-side configurable subject name - * into the certificate template. - * + * This class implements an enrollment default policy that populates server-side + * configurable subject name into the certificate template. + * * @version $Revision$, $Date$ */ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { @@ -49,7 +48,7 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { /* default dn pattern if left blank or not set in the config */ protected static String DEFAULT_DNPATTERN = - "Token Key Device - $request.tokencuid$"; + "Token Key Device - $request.tokencuid$"; protected IConfigStore mParamsConfig; @@ -61,43 +60,43 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getConfigDescriptor, name="+ name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getConfigDescriptor, name=" + name); + if (name.equals(CONFIG_DNPATTERN)) { + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValueDescriptor name="+name); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValueDescriptor name=" + name); if (name.equals(VAL_NAME)) { return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in setValue, value="+value); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in setValue, value=" + value); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -111,27 +110,26 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { } CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue name=" + x500name); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException - { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValue, name="+name); + X509CertInfo info) + throws EPropertyException { + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValue, name=" + name); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -146,19 +144,19 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { } catch (Exception e) { // nothing CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue " + e.toString()); - + } - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getText"); + return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", getConfig(CONFIG_DNPATTERN)); } @@ -166,15 +164,15 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in populate"); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in populate"); try { - String subjectName = getSubjectName(request); + String subjectName = getSubjectName(request); CMS.debug("subjectName=" + subjectName); if (subjectName == null || subjectName.equals("")) - return; + return; name = new X500Name(subjectName); } catch (IOException e) { @@ -185,8 +183,8 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsTokenDeviceKeySubjectNameDefault: populate " + e.toString()); @@ -194,23 +192,23 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { } private String getSubjectName(IRequest request) - throws EProfileException, IOException { + throws EProfileException, IOException { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getSubjectName"); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getSubjectName"); - String pattern = getConfig(CONFIG_DNPATTERN); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } - - String sbjname = ""; + String pattern = getConfig(CONFIG_DNPATTERN); + if (pattern == null || pattern.equals("")) { + pattern = " "; + } - if (request != null) { - CMS.debug("pattern = "+pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsTokenDeviceKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - } + String sbjname = ""; + + if (request != null) { + CMS.debug("pattern = " + pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + } - return sbjname; + return sbjname; } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java index ac98a0cb..094317f9 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java @@ -42,10 +42,9 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; /** - * This class implements an enrollment default policy - * that populates server-side configurable subject name - * into the certificate template. - * + * This class implements an enrollment default policy that populates server-side + * configurable subject name into the certificate template. + * * @version $Revision$, $Date$ */ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { @@ -66,12 +65,12 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { public static final String VAL_NAME = "name"; - public static final String CONFIG_LDAP_VERS = - "2,3"; + public static final String CONFIG_LDAP_VERS = + "2,3"; /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = - "CN=$request.uid$, E=$request.mail$"; + protected static String DEFAULT_DNPATTERN = + "CN=$request.uid$, E=$request.mail$"; /* ldap configuration sub-store */ boolean mldapInitialized = false; @@ -86,8 +85,10 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { /* factory of anonymous ldap connections */ protected ILdapConnFactory mConnFactory = null; - /* the list of LDAP attributes with string values to retrieve to - * form the subject dn. */ + /* + * the list of LDAP attributes with string values to retrieve to form the + * subject dn. + */ protected String[] mLdapStringAttrs = null; public nsTokenUserKeySubjectNameDefault() { @@ -118,93 +119,93 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mInstConfig = config; super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsTokenUserKeySubjectNameDefault: in getConfigDescriptor, name="+ name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + CMS.debug("nsTokenUserKeySubjectNameDefault: in getConfigDescriptor, name=" + name); + if (name.equals(CONFIG_DNPATTERN)) { + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + "CMS_PROFILE_SUBJECT_NAME")); } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_STRING_ATTRS")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_STRING_ATTRS")); } else if (name.equals(CONFIG_LDAP_ENABLE)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_ENABLE")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_ENABLE")); } else if (name.equals(CONFIG_LDAP_SEARCH_NAME)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_SEARCH_NAME")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_SEARCH_NAME")); } else if (name.equals(CONFIG_LDAP_HOST)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_HOST_NAME")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_HOST_NAME")); } else if (name.equals(CONFIG_LDAP_PORT)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_PORT_NUMBER")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_PORT_NUMBER")); } else if (name.equals(CONFIG_LDAP_SEC_CONN)) { return new Descriptor(IDescriptor.BOOLEAN, - null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_SECURE_CONN")); + null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_SECURE_CONN")); } else if (name.equals(CONFIG_LDAP_VER)) { return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS, "3", CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_VERSION")); } else if (name.equals(CONFIG_LDAP_BASEDN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_BASEDN")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_BASEDN")); } else if (name.equals(CONFIG_LDAP_MIN_CONN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_MIN_CONN")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_MIN_CONN")); } else if (name.equals(CONFIG_LDAP_MAX_CONN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_MAX_CONN")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_MAX_CONN")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsTokenUserKeySubjectNameDefault: in getValueDescriptor name="+name); + CMS.debug("nsTokenUserKeySubjectNameDefault: in getValueDescriptor name=" + name); if (name.equals(VAL_NAME)) { return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { - CMS.debug("nsTokenUserKeySubjectNameDefault: in setValue, value="+value); + CMS.debug("nsTokenUserKeySubjectNameDefault: in setValue, value=" + value); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -218,26 +219,26 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { } CMS.debug("nsTokenUserKeySubjectNameDefault: setValue name=" + x500name); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsTokenUserKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - CMS.debug("nsTokenUserKeySubjectNameDefault: in getValue, name="+name); + X509CertInfo info) + throws EPropertyException { + CMS.debug("nsTokenUserKeySubjectNameDefault: in getValue, name=" + name); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -254,76 +255,77 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { CMS.debug("nsTokenUserKeySubjectNameDefault: getValue " + e.toString()); } - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { CMS.debug("nsTokenUserKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", + return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", getConfig(CONFIG_DNPATTERN)); } public void ldapInit() - throws EProfileException { - if (mldapInitialized == true) return; + throws EProfileException { + if (mldapInitialized == true) + return; CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): begin"); try { - // cfu - XXX do more error handling here later - /* initialize ldap server configuration */ - mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS); - mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP); - mldapEnabled = mParamsConfig.getBoolean(CONFIG_LDAP_ENABLE, - false); - if (mldapEnabled == false) - return; + // cfu - XXX do more error handling here later + /* initialize ldap server configuration */ + mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS); + mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP); + mldapEnabled = mParamsConfig.getBoolean(CONFIG_LDAP_ENABLE, + false); + if (mldapEnabled == false) + return; - mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); - mConnFactory = CMS.getLdapAnonConnFactory(); - mConnFactory.init(mLdapConfig); + mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); + mConnFactory = CMS.getLdapAnonConnFactory(); + mConnFactory.init(mLdapConfig); - /* initialize dn pattern */ - String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); + /* initialize dn pattern */ + String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); - if (pattern == null || pattern.length() == 0) - pattern = DEFAULT_DNPATTERN; + if (pattern == null || pattern.length() == 0) + pattern = DEFAULT_DNPATTERN; - /* initialize ldap string attribute list */ - String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null); + /* initialize ldap string attribute list */ + String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null); - if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) { - StringTokenizer pAttrs = - new StringTokenizer(ldapStringAttrs, ",", false); + if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) { + StringTokenizer pAttrs = + new StringTokenizer(ldapStringAttrs, ",", false); - mLdapStringAttrs = new String[pAttrs.countTokens()]; + mLdapStringAttrs = new String[pAttrs.countTokens()]; - for (int i = 0; i < mLdapStringAttrs.length; i++) { - mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim(); + for (int i = 0; i < mLdapStringAttrs.length; i++) { + mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim(); + } } - } - CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): done"); - mldapInitialized = true; + CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): done"); + mldapInitialized = true; } catch (Exception e) { - CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): "+e.toString()); - // throw EProfileException... - throw new EProfileException("ldap init failure: "+e.toString()); + CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): " + e.toString()); + // throw EProfileException... + throw new EProfileException("ldap init failure: " + e.toString()); } - } + } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; CMS.debug("nsTokenUserKeySubjectNameDefault: in populate"); -ldapInit(); + ldapInit(); try { // cfu - this goes to ldap String subjectName = getSubjectName(request); @@ -340,8 +342,8 @@ ldapInit(); // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsTokenUserKeySubjectNameDefault: populate " + e.toString()); @@ -349,7 +351,7 @@ ldapInit(); } private String getSubjectName(IRequest request) - throws EProfileException, IOException { + throws EProfileException, IOException { CMS.debug("nsTokenUserKeySubjectNameDefault: in getSubjectName"); @@ -360,10 +362,10 @@ ldapInit(); String sbjname = ""; if (mldapInitialized == false) { - if (request != null) { - CMS.debug("pattern = "+pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + if (request != null) { + CMS.debug("pattern = " + pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done"); } return sbjname; } @@ -384,34 +386,34 @@ ldapInit(); throw new EProfileException("no LDAP connection"); } else { conn = mConnFactory.getConn(); - if( conn == null ) { - CMS.debug( "nsTokenUserKeySubjectNameDefault::getSubjectName() - " + - "no LDAP connection" ); - throw new EProfileException( "no LDAP connection" ); + if (conn == null) { + CMS.debug("nsTokenUserKeySubjectNameDefault::getSubjectName() - " + + "no LDAP connection"); + throw new EProfileException("no LDAP connection"); } CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got LDAP connection"); } // retrieve the attributes // get user dn. - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with basedn = "+ mBaseDN); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with basedn = " + mBaseDN); LDAPSearchResults res = conn.search(mBaseDN, - LDAPv2.SCOPE_SUB, "("+ searchName + "=" + request.getExtDataInString("uid") + ")", null, false); + LDAPv2.SCOPE_SUB, "(" + searchName + "=" + request.getExtDataInString("uid") + ")", null, false); if (res.hasMoreElements()) { LDAPEntry entry = res.next(); userdn = entry.getDN(); } else {// put into property file later - cfu - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): "+ searchName + " does not exist"); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): " + searchName + " does not exist"); throw new EProfileException("id does not exist"); } - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): retrieved entry for "+searchName + " = "+request.getExtDataInString("uid")); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): retrieved entry for " + searchName + " = " + request.getExtDataInString("uid")); LDAPEntry entry = null; - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with "+ mLdapStringAttrs.length +" attributes"); - LDAPSearchResults results = - conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", - mLdapStringAttrs, false); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with " + mLdapStringAttrs.length + " attributes"); + LDAPSearchResults results = + conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", + mLdapStringAttrs, false); if (!results.hasMoreElements()) { CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): no attributes"); @@ -420,28 +422,28 @@ ldapInit(); entry = results.next(); // set attrs into request for (int i = 0; i < mLdapStringAttrs.length; i++) { - LDAPAttribute la = - entry.getAttribute(mLdapStringAttrs[i]); - if (la != null) { - String[] sla = la.getStringValueArray(); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: "+mLdapStringAttrs[i]+ - "=" + escapeValueRfc1779(sla[0], false).toString()); - request.setExtData(mLdapStringAttrs[i], escapeValueRfc1779(sla[0], false).toString()); - } + LDAPAttribute la = + entry.getAttribute(mLdapStringAttrs[i]); + if (la != null) { + String[] sla = la.getStringValueArray(); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: " + mLdapStringAttrs[i] + + "=" + escapeValueRfc1779(sla[0], false).toString()); + request.setExtData(mLdapStringAttrs[i], escapeValueRfc1779(sla[0], false).toString()); + } } - CMS.debug("pattern = "+pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + CMS.debug("pattern = " + pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done"); CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): attributes set in request"); } catch (Exception e) { - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): "+e.toString()); - throw new EProfileException("getSubjectName() failure: "+e.toString()); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): " + e.toString()); + throw new EProfileException("getSubjectName() failure: " + e.toString()); } finally { try { if (conn != null) mConnFactory.returnConn(conn); - } catch (Exception e) { + } catch (Exception e) { throw new EProfileException("nsTokenUserKeySubjectNameDefault: getSubjectName(): connection return failure"); } } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java index d067f1e6..db3821e5 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -35,23 +34,21 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** - * This class implements the certificate request input. - * This input populates 2 main fields to the enrollment page: - * 1/ Certificate Request Type, 2/ Certificate Request + * This class implements the certificate request input. This input populates 2 + * main fields to the enrollment page: 1/ Certificate Request Type, 2/ + * Certificate Request * <p> * - * This input usually is used by an enrollment profile for - * certificate requests. - * + * This input usually is used by an enrollment profile for certificate requests. + * * @version $Revision$, $Date$ */ -public class CMCCertReqInput extends EnrollInput implements IProfileInput { - public static final String VAL_CERT_REQUEST_TYPE = - EnrollProfile.CTX_CERT_REQUEST_TYPE; +public class CMCCertReqInput extends EnrollInput implements IProfileInput { + public static final String VAL_CERT_REQUEST_TYPE = + EnrollProfile.CTX_CERT_REQUEST_TYPE; public static final String VAL_CERT_REQUEST = - EnrollProfile.CTX_CERT_REQUEST; + EnrollProfile.CTX_CERT_REQUEST; public EnrollProfile mEnrollProfile = null; @@ -63,7 +60,7 @@ public class CMCCertReqInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; @@ -87,22 +84,22 @@ public class CMCCertReqInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String cert_request = ctx.get(VAL_CERT_REQUEST); X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), cert_request); if (msgs == null) { - return; + return; } // This profile only handle the first request in CRMF Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); if (seqNum == null) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_SEQ_NUM")); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_SEQ_NUM")); } mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request); @@ -110,16 +107,15 @@ public class CMCCertReqInput extends EnrollInput implements IProfileInput { } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CERT_REQUEST)) { return new Descriptor(IDescriptor.CERT_REQUEST, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_CERT_REQ")); - } + "CMS_PROFILE_INPUT_CERT_REQ")); + } return null; } } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java index 12a4f549..044ba9fa 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import netscape.security.pkcs.PKCS10; @@ -38,23 +37,21 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** - * This class implements the certificate request input. - * This input populates 2 main fields to the enrollment page: - * 1/ Certificate Request Type, 2/ Certificate Request + * This class implements the certificate request input. This input populates 2 + * main fields to the enrollment page: 1/ Certificate Request Type, 2/ + * Certificate Request * <p> * - * This input usually is used by an enrollment profile for - * certificate requests. - * + * This input usually is used by an enrollment profile for certificate requests. + * * @version $Revision$, $Date$ */ -public class CertReqInput extends EnrollInput implements IProfileInput { - public static final String VAL_CERT_REQUEST_TYPE = - EnrollProfile.CTX_CERT_REQUEST_TYPE; +public class CertReqInput extends EnrollInput implements IProfileInput { + public static final String VAL_CERT_REQUEST_TYPE = + EnrollProfile.CTX_CERT_REQUEST_TYPE; public static final String VAL_CERT_REQUEST = - EnrollProfile.CTX_CERT_REQUEST; + EnrollProfile.CTX_CERT_REQUEST; public EnrollProfile mEnrollProfile = null; @@ -67,7 +64,7 @@ public class CertReqInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; @@ -91,19 +88,19 @@ public class CertReqInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String cert_request_type = ctx.get(VAL_CERT_REQUEST_TYPE); String cert_request = ctx.get(VAL_CERT_REQUEST); X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (cert_request_type == null) { - CMS.debug("CertReqInput: populate - invalid cert request type " + - ""); + CMS.debug("CertReqInput: populate - invalid cert request type " + + ""); throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - "")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + "")); } if (cert_request_type.equals(EnrollProfile.REQ_TYPE_PKCS10)) { @@ -114,7 +111,7 @@ public class CertReqInput extends EnrollInput implements IProfileInput { getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } - mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); + mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) { DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), cert_request); @@ -138,7 +135,7 @@ public class CertReqInput extends EnrollInput implements IProfileInput { Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request - ); + ); } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_CMC)) { TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), cert_request); @@ -148,40 +145,39 @@ public class CertReqInput extends EnrollInput implements IProfileInput { } // This profile only handle the first request in CRMF Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - if (seqNum == null) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_SEQ_NUM")); + if (seqNum == null) { + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_SEQ_NUM")); } mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request); } else { // error - CMS.debug("CertReqInput: populate - invalid cert request type " + - cert_request_type); + CMS.debug("CertReqInput: populate - invalid cert request type " + + cert_request_type); throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - cert_request_type)); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + cert_request_type)); } request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CERT_REQUEST_TYPE)) { return new Descriptor(IDescriptor.CERT_REQUEST_TYPE, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_CERT_REQ_TYPE")); + "CMS_PROFILE_INPUT_CERT_REQ_TYPE")); } else if (name.equals(VAL_CERT_REQUEST)) { return new Descriptor(IDescriptor.CERT_REQUEST, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_CERT_REQ")); + "CMS_PROFILE_INPUT_CERT_REQ")); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java b/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java index b887807c..b898043d 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import netscape.security.pkcs.PKCS10; @@ -37,26 +36,23 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** - * This class implements the dual key generation input. - * This input populates parameters to the enrollment - * pages so that a CRMF request containing 2 certificate - * requests will be generated. + * This class implements the dual key generation input. This input populates + * parameters to the enrollment pages so that a CRMF request containing 2 + * certificate requests will be generated. * <p> - * - * This input can only be used with Netscape 7.x or later - * clients. + * + * This input can only be used with Netscape 7.x or later clients. * <p> - * + * * @version $Revision$, $Date$ */ -public class DualKeyGenInput extends EnrollInput implements IProfileInput { +public class DualKeyGenInput extends EnrollInput implements IProfileInput { - public static final String VAL_KEYGEN_REQUEST_TYPE = - EnrollProfile.CTX_CERT_REQUEST_TYPE; - public static final String VAL_KEYGEN_REQUEST = - EnrollProfile.CTX_CERT_REQUEST; + public static final String VAL_KEYGEN_REQUEST_TYPE = + EnrollProfile.CTX_CERT_REQUEST_TYPE; + public static final String VAL_KEYGEN_REQUEST = + EnrollProfile.CTX_CERT_REQUEST; public EnrollProfile mEnrollProfile = null; @@ -69,7 +65,7 @@ public class DualKeyGenInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; } @@ -92,29 +88,29 @@ public class DualKeyGenInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE); String keygen_request = ctx.get(VAL_KEYGEN_REQUEST); X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (keygen_request_type == null) { CMS.debug("DualKeyGenInput: populate - invalid cert request type " + - ""); + ""); throw new EProfileException( CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - "")); + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + "")); } if (keygen_request_type.startsWith("pkcs10")) { PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request); - mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); + mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); } else if (keygen_request_type.startsWith("keygen")) { DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request); - mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); + mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); } else if (keygen_request_type.startsWith("crmf")) { CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request); @@ -128,28 +124,27 @@ public class DualKeyGenInput extends EnrollInput implements IProfileInput { // This profile only handle the first request in CRMF Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - if (seqNum == null) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_SEQ_NUM")); + if (seqNum == null) { + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_SEQ_NUM")); } mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request); } else { // error - CMS.debug("DualKeyGenInput: populate - " + - "invalid cert request type " + keygen_request_type); + CMS.debug("DualKeyGenInput: populate - " + + "invalid cert request type " + keygen_request_type); throw new EProfileException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", keygen_request_type)); } request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_KEYGEN_REQUEST_TYPE)) { diff --git a/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java b/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java index 1eaf476b..35e83a8d 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -41,16 +40,15 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the base enrollment input. - * + * * @version $Revision$, $Date$ */ -public abstract class EnrollInput implements IProfileInput { +public abstract class EnrollInput implements IProfileInput { private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = - "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; + "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; protected IConfigStore mConfig = null; protected Vector mValueNames = new Vector(); @@ -58,12 +56,12 @@ public abstract class EnrollInput implements IProfileInput { protected IProfile mProfile = null; protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - + /** * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; mProfile = profile; } @@ -74,17 +72,17 @@ public abstract class EnrollInput implements IProfileInput { /** * Populates the request with this policy default. - * + * * @param ctx profile context * @param request request * @exception EProfileException failed to populate */ public abstract void populate(IProfileContext ctx, IRequest request) - throws EProfileException; + throws EProfileException; /** * Retrieves the localizable name of this policy. - * + * * @param locale user locale * @return localized input name */ @@ -92,23 +90,21 @@ public abstract class EnrollInput implements IProfileInput { /** * Retrieves the localizable description of this policy. - * + * * @param locale user locale * @return localized input description */ public abstract String getText(Locale locale); /** - * Retrieves the descriptor of the given value - * property by name. - * + * Retrieves the descriptor of the given value property by name. + * * @param locale user locale * @param name property name * @return descriptor of the property */ public abstract IDescriptor getValueDescriptor(Locale locale, String name); - public void addValueName(String name) { mValueNames.addElement(name); } @@ -129,7 +125,7 @@ public abstract class EnrollInput implements IProfileInput { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (mConfig.getSubStore("params") == null) { // } else { @@ -141,7 +137,7 @@ public abstract class EnrollInput implements IProfileInput { try { if (mConfig == null) { return null; - } + } if (mConfig.getSubStore("params") != null) { return mConfig.getSubStore("params").getString(name); } @@ -155,7 +151,7 @@ public abstract class EnrollInput implements IProfileInput { } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { return request.getExtDataInString(name); } @@ -163,7 +159,7 @@ public abstract class EnrollInput implements IProfileInput { * Sets the value of the given value parameter by name. */ public void setValue(String name, Locale locale, IRequest request, - String value) throws EPropertyException { + String value) throws EPropertyException { request.setExtData(name, value); } @@ -181,16 +177,16 @@ public abstract class EnrollInput implements IProfileInput { return null; } - public void verifyPOP(Locale locale, CertReqMsg certReqMsg) - throws EProfileException { - CMS.debug("EnrollInput ::in verifyPOP"); + public void verifyPOP(Locale locale, CertReqMsg certReqMsg) + throws EProfileException { + CMS.debug("EnrollInput ::in verifyPOP"); String auditMessage = null; String auditSubjectID = auditSubjectID(); - if (!certReqMsg.hasPop()) { + if (!certReqMsg.hasPop()) { CMS.debug("CertReqMsg has not POP, return"); - return; + return; } ProofOfPossession pop = certReqMsg.getPop(); ProofOfPossession.Type popType = pop.getType(); @@ -202,8 +198,8 @@ public abstract class EnrollInput implements IProfileInput { try { if (CMS.getConfigStore().getBoolean("cms.skipPOPVerify", false)) { - CMS.debug("skipPOPVerify on, return"); - return; + CMS.debug("skipPOPVerify on, return"); + return; } CMS.debug("POP verification begins:"); CryptoManager cm = CryptoManager.getInstance(); @@ -214,42 +210,42 @@ public abstract class EnrollInput implements IProfileInput { CMS.debug("POP verification using internal token"); certReqMsg.verify(); } else { - CMS.debug("POP verification using token:"+ tokenName); + CMS.debug("POP verification using token:" + tokenName); verifyToken = cm.getTokenByName(tokenName); certReqMsg.verify(verifyToken); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.SUCCESS ); - audit( auditMessage ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.SUCCESS); + audit(auditMessage); } catch (Exception e) { - CMS.debug("Failed POP verify! "+e.toString()); + CMS.debug("Failed POP verify! " + e.toString()); CMS.debug(e); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); - throw new EProfileException(CMS.getUserMessage(locale, + throw new EProfileException(CMS.getUserMessage(locale, "CMS_POP_VERIFICATION_ERROR")); } } /** * Signed Audit Log - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to store messages to the signed audit log. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -261,20 +257,19 @@ public abstract class EnrollInput implements IProfileInput { } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Subject ID - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to obtain the "SubjectID" for - * a signed audit log message. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * obtain the "SubjectID" for a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { diff --git a/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java b/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java index 70ede1e2..7e497c64 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.io.BufferedInputStream; import java.net.URL; import java.net.URLConnection; @@ -34,15 +33,13 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements the image - * input that collects a picture. + * This class implements the image input that collects a picture. * <p> - * + * * @version $Revision$, $Date$ */ -public class FileSigningInput extends EnrollInput implements IProfileInput { +public class FileSigningInput extends EnrollInput implements IProfileInput { public static final String URL = "file_signing_url"; public static final String TEXT = "file_signing_text"; @@ -59,7 +56,7 @@ public class FileSigningInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -77,13 +74,12 @@ public class FileSigningInput extends EnrollInput implements IProfileInput { return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_TEXT"); } - public String toHexString(byte data[]) - { + public String toHexString(byte data[]) { StringBuffer sb = new StringBuffer(); for (int i = 0; i < data.length; i++) { int v = data[i] & 0xff; if (v <= 9) { - sb.append("0"); + sb.append("0"); } sb.append(Integer.toHexString(v)); } @@ -94,42 +90,41 @@ public class FileSigningInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { request.setExtData(TEXT, ctx.get(TEXT)); request.setExtData(URL, ctx.get(URL)); request.setExtData(DIGEST_TYPE, "SHA256"); - + try { - // retrieve file and calculate the hash - URL url = new URL(ctx.get(URL)); - URLConnection c = url.openConnection(); - c.setAllowUserInteraction(false); - c.setDoInput(true); - c.setDoOutput(false); - c.setUseCaches(false); - c.connect(); - int len = c.getContentLength(); - request.setExtData(SIZE, Integer.toString(len)); - BufferedInputStream is = new BufferedInputStream(c.getInputStream()); - byte data[] = new byte[len]; - is.read(data, 0, len); - is.close(); + // retrieve file and calculate the hash + URL url = new URL(ctx.get(URL)); + URLConnection c = url.openConnection(); + c.setAllowUserInteraction(false); + c.setDoInput(true); + c.setDoOutput(false); + c.setUseCaches(false); + c.connect(); + int len = c.getContentLength(); + request.setExtData(SIZE, Integer.toString(len)); + BufferedInputStream is = new BufferedInputStream(c.getInputStream()); + byte data[] = new byte[len]; + is.read(data, 0, len); + is.close(); - // calculate digest - MessageDigest digester = MessageDigest.getInstance("SHA256"); - byte digest[] = digester.digest(data); - request.setExtData(DIGEST, toHexString(digest)); - } catch (Exception e) { - CMS.debug("FileSigningInput populate failure " + e); - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_FILE_NOT_FOUND")); + // calculate digest + MessageDigest digester = MessageDigest.getInstance("SHA256"); + byte digest[] = digester.digest(data); + request.setExtData(DIGEST, toHexString(digest)); + } catch (Exception e) { + CMS.debug("FileSigningInput populate failure " + e); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_FILE_NOT_FOUND")); } } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(URL)) { diff --git a/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java b/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java index 5aa85e0e..d9ce1487 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -32,14 +31,13 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements a generic input. * <p> - * + * * @version $Revision$, $Date$ */ -public class GenericInput extends EnrollInput implements IProfileInput { +public class GenericInput extends EnrollInput implements IProfileInput { public static final String CONFIG_NUM = "gi_num"; public static final String CONFIG_DISPLAY_NAME = "gi_display_name"; @@ -49,12 +47,12 @@ public class GenericInput extends EnrollInput implements IProfileInput { public static final int DEF_NUM = 5; public GenericInput() { - int num = getNum(); - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_PARAM_NAME + i); - addConfigName(CONFIG_DISPLAY_NAME + i); - addConfigName(CONFIG_ENABLE + i); - } + int num = getNum(); + for (int i = 0; i < num; i++) { + addConfigName(CONFIG_PARAM_NAME + i); + addConfigName(CONFIG_DISPLAY_NAME + i); + addConfigName(CONFIG_ENABLE + i); + } } protected int getNum() { @@ -75,7 +73,7 @@ public class GenericInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -97,65 +95,64 @@ public class GenericInput extends EnrollInput implements IProfileInput { * Returns selected value names based on the configuration. */ public Enumeration getValueNames() { - Vector v = new Vector(); - int num = getNum(); - for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_ENABLE + i); - if (enable != null && enable.equals("true")) { - v.addElement(getConfig(CONFIG_PARAM_NAME + i)); - } - } - return v.elements(); + Vector v = new Vector(); + int num = getNum(); + for (int i = 0; i < num; i++) { + String enable = getConfig(CONFIG_ENABLE + i); + if (enable != null && enable.equals("true")) { + v.addElement(getConfig(CONFIG_PARAM_NAME + i)); + } + } + return v.elements(); } /** * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { int num = getNum(); for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_ENABLE + i); - if (enable != null && enable.equals("true")) { + String enable = getConfig(CONFIG_ENABLE + i); + if (enable != null && enable.equals("true")) { String param = getConfig(CONFIG_PARAM_NAME + i); request.setExtData(param, ctx.get(param)); - } + } } } public IDescriptor getConfigDescriptor(Locale locale, String name) { int num = getNum(); for (int i = 0; i < num; i++) { - if (name.equals(CONFIG_PARAM_NAME + i)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_GI_PARAM_NAME") + i); - } else if (name.equals(CONFIG_DISPLAY_NAME + i)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_GI_DISPLAY_NAME") + i); - } else if (name.equals(CONFIG_ENABLE + i)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_GI_ENABLE") + i); - } + if (name.equals(CONFIG_PARAM_NAME + i)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_GI_PARAM_NAME") + i); + } else if (name.equals(CONFIG_DISPLAY_NAME + i)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_GI_DISPLAY_NAME") + i); + } else if (name.equals(CONFIG_ENABLE + i)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_GI_ENABLE") + i); + } } // for return null; } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { int num = getNum(); for (int i = 0; i < num; i++) { - String param = getConfig(CONFIG_PARAM_NAME + i); - if (param != null && param.equals(name)) { - return new Descriptor(IDescriptor.STRING, null, - null, - getConfig(CONFIG_DISPLAY_NAME + i)); - } + String param = getConfig(CONFIG_PARAM_NAME + i); + if (param != null && param.equals(name)) { + return new Descriptor(IDescriptor.STRING, null, + null, + getConfig(CONFIG_DISPLAY_NAME + i)); + } } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java b/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java index 265b958d..9c8f73d7 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import com.netscape.certsrv.apps.CMS; @@ -30,15 +29,13 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements the image - * input that collects a picture. + * This class implements the image input that collects a picture. * <p> - * + * * @version $Revision$, $Date$ */ -public class ImageInput extends EnrollInput implements IProfileInput { +public class ImageInput extends EnrollInput implements IProfileInput { public static final String IMAGE_URL = "image_url"; @@ -50,7 +47,7 @@ public class ImageInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -72,13 +69,12 @@ public class ImageInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { request.setExtData(IMAGE_URL, ctx.get(IMAGE_URL)); } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(IMAGE_URL)) { diff --git a/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java b/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java index 00c0ffcf..4d7a3090 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import netscape.security.pkcs.PKCS10; @@ -38,25 +37,23 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** - * This class implements the key generation input that - * populates parameters to the enrollment page for - * key generation. + * This class implements the key generation input that populates parameters to + * the enrollment page for key generation. * <p> - * - * This input normally is used with user-based or - * non certificate request profile. + * + * This input normally is used with user-based or non certificate request + * profile. * <p> - * + * * @version $Revision$, $Date$ */ -public class KeyGenInput extends EnrollInput implements IProfileInput { +public class KeyGenInput extends EnrollInput implements IProfileInput { - public static final String VAL_KEYGEN_REQUEST_TYPE = - EnrollProfile.CTX_CERT_REQUEST_TYPE; - public static final String VAL_KEYGEN_REQUEST = - EnrollProfile.CTX_CERT_REQUEST; + public static final String VAL_KEYGEN_REQUEST_TYPE = + EnrollProfile.CTX_CERT_REQUEST_TYPE; + public static final String VAL_KEYGEN_REQUEST = + EnrollProfile.CTX_CERT_REQUEST; public EnrollProfile mEnrollProfile = null; @@ -69,7 +66,7 @@ public class KeyGenInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; } @@ -92,20 +89,20 @@ public class KeyGenInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE); String keygen_request = ctx.get(VAL_KEYGEN_REQUEST); X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (keygen_request_type == null) { CMS.debug("KeyGenInput: populate - invalid cert request type " + - ""); + ""); throw new EProfileException( CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - "")); + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + "")); } if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_PKCS10)) { PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request); @@ -115,7 +112,7 @@ public class KeyGenInput extends EnrollInput implements IProfileInput { getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } - mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); + mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) { DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request); @@ -124,7 +121,7 @@ public class KeyGenInput extends EnrollInput implements IProfileInput { getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } - mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); + mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CRMF)) { CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request); @@ -149,17 +146,17 @@ public class KeyGenInput extends EnrollInput implements IProfileInput { // This profile only handle the first request in CRMF Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - if (seqNum == null) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_SEQ_NUM")); + if (seqNum == null) { + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_SEQ_NUM")); } mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request); } else { // error CMS.debug("DualKeyGenInput: populate - " + - "invalid cert request type " + keygen_request_type); + "invalid cert request type " + keygen_request_type); throw new EProfileException(CMS.getUserMessage( getLocale(request), "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", @@ -169,8 +166,7 @@ public class KeyGenInput extends EnrollInput implements IProfileInput { } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_KEYGEN_REQUEST_TYPE)) { diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java index dce75c15..870f75d2 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import com.netscape.certsrv.apps.CMS; @@ -30,15 +29,13 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements the serial number input - * for renewal + * This class implements the serial number input for renewal * <p> - * - * @author Christina Fu + * + * @author Christina Fu */ -public class SerialNumRenewInput extends EnrollInput implements IProfileInput { +public class SerialNumRenewInput extends EnrollInput implements IProfileInput { public static final String SERIAL_NUM = "serial_num"; @@ -50,7 +47,7 @@ public class SerialNumRenewInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -72,13 +69,12 @@ public class SerialNumRenewInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { // } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(SERIAL_NUM)) { diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java index 4a8f6050..18f18fad 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -37,11 +36,10 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This plugin accepts subject DN from end user. */ -public class SubjectDNInput extends EnrollInput implements IProfileInput { +public class SubjectDNInput extends EnrollInput implements IProfileInput { public static final String VAL_SUBJECT = "subject"; @@ -52,7 +50,7 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -70,37 +68,36 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput { return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT"); } - public String getConfig(String name) { - String config = super.getConfig(name); - if (config == null || config.equals("")) - return "true"; - return config; + String config = super.getConfig(name); + if (config == null || config.equals("")) + return "true"; + return config; } /** * Returns selected value names based on the configuration. */ public Enumeration<String> getValueNames() { - Vector<String> v = new Vector<String>(); - v.addElement(VAL_SUBJECT); - return v.elements(); + Vector<String> v = new Vector<String>(); + v.addElement(VAL_SUBJECT); + return v.elements(); } /** * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); String subjectName = ""; subjectName = ctx.get(VAL_SUBJECT); if (subjectName.equals("")) { throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } X500Name name = null; @@ -108,10 +105,10 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput { name = new X500Name(subjectName); } catch (Exception e) { throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName)); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName)); } - parseSubjectName(name, info, request); + parseSubjectName(name, info, request); request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } @@ -120,8 +117,7 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput { } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_SUBJECT)) { @@ -133,13 +129,13 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput { } protected void parseSubjectName(X500Name subj, X509CertInfo info, IRequest req) - throws EProfileException { + throws EProfileException { try { req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME, new CertificateSubjectName(subj)); } catch (Exception e) { - CMS.debug("SubjectNameInput: parseSubject Name " + - e.toString()); + CMS.debug("SubjectNameInput: parseSubject Name " + + e.toString()); } } } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java index 15f906f9..5ada65c9 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -37,20 +36,18 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** - * This class implements the subject name input - * that populates text fields to the enrollment - * page so that distinguished name parameters - * can be collected from the user. + * This class implements the subject name input that populates text fields to + * the enrollment page so that distinguished name parameters can be collected + * from the user. * <p> - * The collected parameters could be used for - * fomulating the subject name in the certificate. + * The collected parameters could be used for fomulating the subject name in the + * certificate. * <p> - * + * * @version $Revision$, $Date$ */ -public class SubjectNameInput extends EnrollInput implements IProfileInput { +public class SubjectNameInput extends EnrollInput implements IProfileInput { public static final String CONFIG_UID = "sn_uid"; public static final String CONFIG_EMAIL = "sn_e"; @@ -88,7 +85,7 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -106,101 +103,100 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput { return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT"); } - public String getConfig(String name) { - String config = super.getConfig(name); - if (config == null || config.equals("")) - return "true"; - return config; + String config = super.getConfig(name); + if (config == null || config.equals("")) + return "true"; + return config; } /** * Returns selected value names based on the configuration. */ public Enumeration getValueNames() { - Vector v = new Vector(); - String c_uid = getConfig(CONFIG_UID); - if (c_uid == null || c_uid.equals("")) { - v.addElement(VAL_UID); // default case - } else { - if (c_uid.equals("true")) { - v.addElement(VAL_UID); - } - } - String c_email = getConfig(CONFIG_EMAIL); - if (c_email == null || c_email.equals("")) { - v.addElement(VAL_EMAIL); - } else { - if (c_email.equals("true")) { - v.addElement(VAL_EMAIL); - } - } - String c_cn = getConfig(CONFIG_CN); - if (c_cn == null || c_cn.equals("")) { - v.addElement(VAL_CN); - } else { - if (c_cn.equals("true")) { - v.addElement(VAL_CN); - } - } - String c_ou3 = getConfig(CONFIG_OU3); - if (c_ou3 == null || c_ou3.equals("")) { - v.addElement(VAL_OU3); - } else { - if (c_ou3.equals("true")) { - v.addElement(VAL_OU3); - } - } - String c_ou2 = getConfig(CONFIG_OU2); - if (c_ou2 == null || c_ou2.equals("")) { - v.addElement(VAL_OU2); - } else { - if (c_ou2.equals("true")) { - v.addElement(VAL_OU2); - } - } - String c_ou1 = getConfig(CONFIG_OU1); - if (c_ou1 == null || c_ou1.equals("")) { - v.addElement(VAL_OU1); - } else { - if (c_ou1.equals("true")) { - v.addElement(VAL_OU1); - } - } - String c_ou = getConfig(CONFIG_OU); - if (c_ou == null || c_ou.equals("")) { - v.addElement(VAL_OU); - } else { - if (c_ou.equals("true")) { - v.addElement(VAL_OU); - } - } - String c_o = getConfig(CONFIG_O); - if (c_o == null || c_o.equals("")) { - v.addElement(VAL_O); - } else { - if (c_o.equals("true")) { - v.addElement(VAL_O); - } - } - String c_c = getConfig(CONFIG_C); - if (c_c == null || c_c.equals("")) { - v.addElement(VAL_C); - } else { - if (c_c.equals("true")) { - v.addElement(VAL_C); - } - } - return v.elements(); + Vector v = new Vector(); + String c_uid = getConfig(CONFIG_UID); + if (c_uid == null || c_uid.equals("")) { + v.addElement(VAL_UID); // default case + } else { + if (c_uid.equals("true")) { + v.addElement(VAL_UID); + } + } + String c_email = getConfig(CONFIG_EMAIL); + if (c_email == null || c_email.equals("")) { + v.addElement(VAL_EMAIL); + } else { + if (c_email.equals("true")) { + v.addElement(VAL_EMAIL); + } + } + String c_cn = getConfig(CONFIG_CN); + if (c_cn == null || c_cn.equals("")) { + v.addElement(VAL_CN); + } else { + if (c_cn.equals("true")) { + v.addElement(VAL_CN); + } + } + String c_ou3 = getConfig(CONFIG_OU3); + if (c_ou3 == null || c_ou3.equals("")) { + v.addElement(VAL_OU3); + } else { + if (c_ou3.equals("true")) { + v.addElement(VAL_OU3); + } + } + String c_ou2 = getConfig(CONFIG_OU2); + if (c_ou2 == null || c_ou2.equals("")) { + v.addElement(VAL_OU2); + } else { + if (c_ou2.equals("true")) { + v.addElement(VAL_OU2); + } + } + String c_ou1 = getConfig(CONFIG_OU1); + if (c_ou1 == null || c_ou1.equals("")) { + v.addElement(VAL_OU1); + } else { + if (c_ou1.equals("true")) { + v.addElement(VAL_OU1); + } + } + String c_ou = getConfig(CONFIG_OU); + if (c_ou == null || c_ou.equals("")) { + v.addElement(VAL_OU); + } else { + if (c_ou.equals("true")) { + v.addElement(VAL_OU); + } + } + String c_o = getConfig(CONFIG_O); + if (c_o == null || c_o.equals("")) { + v.addElement(VAL_O); + } else { + if (c_o.equals("true")) { + v.addElement(VAL_O); + } + } + String c_c = getConfig(CONFIG_C); + if (c_c == null || c_c.equals("")) { + v.addElement(VAL_C); + } else { + if (c_c.equals("true")) { + v.addElement(VAL_C); + } + } + return v.elements(); } /** * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); String subjectName = ""; String uid = ctx.get(VAL_UID); @@ -270,8 +266,8 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput { } if (subjectName.equals("")) { throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } X500Name name = null; @@ -279,10 +275,10 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput { name = new X500Name(subjectName); } catch (Exception e) { throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName)); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName)); } - parseSubjectName(name, info, request); + parseSubjectName(name, info, request); request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } @@ -329,8 +325,7 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput { } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_UID)) { @@ -374,13 +369,13 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput { } protected void parseSubjectName(X500Name subj, X509CertInfo info, IRequest req) - throws EProfileException { + throws EProfileException { try { req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME, new CertificateSubjectName(subj)); } catch (Exception e) { - CMS.debug("SubjectNameInput: parseSubject Name " + - e.toString()); + CMS.debug("SubjectNameInput: parseSubject Name " + + e.toString()); } } } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java index 52df2d41..5d7be747 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import com.netscape.certsrv.apps.CMS; @@ -30,16 +29,14 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements the submitter information - * input that collects certificate requestor's - * information such as name, email and phone. + * This class implements the submitter information input that collects + * certificate requestor's information such as name, email and phone. * <p> - * + * * @version $Revision$, $Date$ */ -public class SubmitterInfoInput extends EnrollInput implements IProfileInput { +public class SubmitterInfoInput extends EnrollInput implements IProfileInput { public static final String NAME = "requestor_name"; public static final String EMAIL = "requestor_email"; @@ -55,7 +52,7 @@ public class SubmitterInfoInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -77,13 +74,12 @@ public class SubmitterInfoInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { // } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(NAME)) { diff --git a/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java index 64988fed..4e51feec 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -33,19 +32,17 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** - * This class implements the certificate request input from TPS. - * This input populates 2 main fields to the enrollment "page": - * 1/ token cuid, 2/ publickey + * This class implements the certificate request input from TPS. This input + * populates 2 main fields to the enrollment "page": 1/ token cuid, 2/ publickey * <p> * - * This input usually is used by an enrollment profile for - * certificate requests coming from TPS. - * + * This input usually is used by an enrollment profile for certificate requests + * coming from TPS. + * * @version $Revision$, $Date$ */ -public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { +public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { public static final String VAL_TOKEN_CUID = "tokencuid"; public static final String VAL_PUBLIC_KEY = "publickey"; @@ -60,7 +57,7 @@ public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; @@ -80,84 +77,82 @@ public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TEXT"); } - /* - * Pretty print token cuid - */ - public String toPrettyPrint(String cuid) - { - if (cuid == null) - return null; - - if (cuid.length() != 20) - return null; - - StringBuffer sb = new StringBuffer(); - for (int i=0; i < cuid.length(); i++) { - if (i == 4 || i == 8 || i == 12 || i == 16) { - sb.append("-"); - } - sb.append(cuid.charAt(i)); - } - return sb.toString(); - } + /* + * Pretty print token cuid + */ + public String toPrettyPrint(String cuid) { + if (cuid == null) + return null; + + if (cuid.length() != 20) + return null; + + StringBuffer sb = new StringBuffer(); + for (int i = 0; i < cuid.length(); i++) { + if (i == 4 || i == 8 || i == 12 || i == 16) { + sb.append("-"); + } + sb.append(cuid.charAt(i)); + } + return sb.toString(); + } /** * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String tcuid = ctx.get(VAL_TOKEN_CUID); - // pretty print tcuid - String prettyPrintCuid = toPrettyPrint(tcuid); - if (prettyPrintCuid == null) { + // pretty print tcuid + String prettyPrintCuid = toPrettyPrint(tcuid); + if (prettyPrintCuid == null) { throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", - "")); - } + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", + "")); + } - request.setExtData("pretty_print_tokencuid", prettyPrintCuid); + request.setExtData("pretty_print_tokencuid", prettyPrintCuid); String pk = ctx.get(VAL_PUBLIC_KEY); X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (tcuid == null) { - CMS.debug("nsHKeyCertReqInput: populate - tokencuid not found " + - ""); + CMS.debug("nsHKeyCertReqInput: populate - tokencuid not found " + + ""); throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", - "")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", + "")); } if (pk == null) { - CMS.debug("nsHKeyCertReqInput: populate - public key not found " + - ""); + CMS.debug("nsHKeyCertReqInput: populate - public key not found " + + ""); throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", - "")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", + "")); } - mEnrollProfile.fillNSHKEY(getLocale(request), tcuid, pk, info, request); + mEnrollProfile.fillNSHKEY(getLocale(request), tcuid, pk, info, request); request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_TOKEN_CUID)) { return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TOKEN_CUID")); + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TOKEN_CUID")); } else if (name.equals(VAL_PUBLIC_KEY)) { return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK")); + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK")); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java index 58984c6c..b2476a66 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -33,19 +32,17 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** - * This class implements the certificate request input from TPS. - * This input populates 2 main fields to the enrollment "page": - * 1/ id, 2/ publickey + * This class implements the certificate request input from TPS. This input + * populates 2 main fields to the enrollment "page": 1/ id, 2/ publickey * <p> * - * This input usually is used by an enrollment profile for - * certificate requests coming from TPS. - * + * This input usually is used by an enrollment profile for certificate requests + * coming from TPS. + * * @version $Revision$, $Date$ */ -public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { +public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { public static final String VAL_SN = "screenname"; public static final String VAL_PUBLIC_KEY = "publickey"; @@ -60,7 +57,7 @@ public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; @@ -84,48 +81,47 @@ public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String sn = ctx.get(VAL_SN); String pk = ctx.get(VAL_PUBLIC_KEY); X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (sn == null) { - CMS.debug("nsNKeyCertReqInput: populate - id not found " + - ""); + CMS.debug("nsNKeyCertReqInput: populate - id not found " + + ""); throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_ID", - "")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_ID", + "")); } if (pk == null) { - CMS.debug("nsNKeyCertReqInput: populate - public key not found " + - ""); + CMS.debug("nsNKeyCertReqInput: populate - public key not found " + + ""); throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", - "")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", + "")); } - mEnrollProfile.fillNSNKEY(getLocale(request), sn, pk, info, request); + mEnrollProfile.fillNSNKEY(getLocale(request), sn, pk, info, request); request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_SN)) { return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_UID")); + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_UID")); } else if (name.equals(VAL_PUBLIC_KEY)) { return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK")); + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK")); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java index 999bdc67..421d5852 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; - import java.io.ByteArrayOutputStream; import java.security.cert.X509Certificate; import java.util.Locale; @@ -45,14 +44,13 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** - * This class implements the output plugin that outputs - * CMMF response for the issued certificate. - * + * This class implements the output plugin that outputs CMMF response for the + * issued certificate. + * * @version $Revision$, $Date$ */ -public class CMMFOutput extends EnrollOutput implements IProfileOutput { +public class CMMFOutput extends EnrollOutput implements IProfileOutput { public static final String VAL_PRETTY_CERT = "pretty_cert"; public static final String VAL_CMMF_RESPONSE = "cmmf_response"; @@ -66,7 +64,7 @@ public class CMMFOutput extends EnrollOutput implements IProfileOutput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -88,72 +86,71 @@ public class CMMFOutput extends EnrollOutput implements IProfileOutput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_PRETTY_CERT)) { return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CERT_PP")); + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_CERT_PP")); } else if (name.equals(VAL_CMMF_RESPONSE)) { return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CMMF_B64")); + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_CMMF_B64")); } return null; } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { if (name.equals(VAL_PRETTY_CERT)) { X509CertImpl cert = request.getExtDataInCert( EnrollProfile.REQUEST_ISSUED_CERT); - ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); + ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); return prettyCert.toString(locale); } else if (name.equals(VAL_CMMF_RESPONSE)) { try { - X509CertImpl cert = request.getExtDataInCert( - EnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) - return null; - - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem("ca"); - CertificateChain cachain = ca.getCACertChain(); - X509Certificate[] cacerts = cachain.getChain(); - - byte[][] caPubs = new byte[cacerts.length][]; - - for (int j = 0; j < cacerts.length; j++) { - caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded(); - } - - CertRepContent certRepContent = null; - certRepContent = new CertRepContent(caPubs); - - PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted); - CertifiedKeyPair certifiedKP = - new CertifiedKeyPair(new CertOrEncCert(cert.getEncoded())); - CertResponse resp = - new CertResponse(new INTEGER(request.getRequestId().toString()), - status, certifiedKP); - certRepContent.addCertResponse(resp); - - ByteArrayOutputStream certRepOut = new ByteArrayOutputStream(); - certRepContent.encode(certRepOut); - byte[] certRepBytes = certRepOut.toByteArray(); - - return CMS.BtoA(certRepBytes); + X509CertImpl cert = request.getExtDataInCert( + EnrollProfile.REQUEST_ISSUED_CERT); + if (cert == null) + return null; + + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem("ca"); + CertificateChain cachain = ca.getCACertChain(); + X509Certificate[] cacerts = cachain.getChain(); + + byte[][] caPubs = new byte[cacerts.length][]; + + for (int j = 0; j < cacerts.length; j++) { + caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded(); + } + + CertRepContent certRepContent = null; + certRepContent = new CertRepContent(caPubs); + + PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted); + CertifiedKeyPair certifiedKP = + new CertifiedKeyPair(new CertOrEncCert(cert.getEncoded())); + CertResponse resp = + new CertResponse(new INTEGER(request.getRequestId().toString()), + status, certifiedKP); + certRepContent.addCertResponse(resp); + + ByteArrayOutputStream certRepOut = new ByteArrayOutputStream(); + certRepContent.encode(certRepOut); + byte[] certRepBytes = certRepOut.toByteArray(); + + return CMS.BtoA(certRepBytes); } catch (Exception e) { - return null; + return null; } } else { return null; diff --git a/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java index 7a2631da..676b280f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; - import java.util.Locale; import netscape.security.x509.X509CertImpl; @@ -34,14 +33,13 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** - * This class implements the pretty print certificate output - * that displays the issued certificate in a pretty print format. - * + * This class implements the pretty print certificate output that displays the + * issued certificate in a pretty print format. + * * @version $Revision$, $Date$ */ -public class CertOutput extends EnrollOutput implements IProfileOutput { +public class CertOutput extends EnrollOutput implements IProfileOutput { public static final String VAL_PRETTY_CERT = "pretty_cert"; public static final String VAL_B64_CERT = "b64_cert"; @@ -54,7 +52,7 @@ public class CertOutput extends EnrollOutput implements IProfileOutput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -76,36 +74,35 @@ public class CertOutput extends EnrollOutput implements IProfileOutput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_PRETTY_CERT)) { return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CERT_PP")); + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_CERT_PP")); } else if (name.equals(VAL_B64_CERT)) { return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CERT_B64")); + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_CERT_B64")); } return null; } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { if (name.equals(VAL_PRETTY_CERT)) { X509CertImpl cert = request.getExtDataInCert( EnrollProfile.REQUEST_ISSUED_CERT); if (cert == null) return null; - ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); + ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); return prettyCert.toString(locale); } else if (name.equals(VAL_B64_CERT)) { @@ -113,7 +110,7 @@ public class CertOutput extends EnrollOutput implements IProfileOutput { EnrollProfile.REQUEST_ISSUED_CERT); if (cert == null) return null; - return CMS.getEncodedCert(cert); + return CMS.getEncodedCert(cert); } else { return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java index 5e3f077b..e0cd89da 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -31,22 +30,21 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements the basic enrollment output. - * + * * @version $Revision$, $Date$ */ -public abstract class EnrollOutput implements IProfileOutput { +public abstract class EnrollOutput implements IProfileOutput { private IConfigStore mConfig = null; private Vector<String> mValueNames = new Vector<String>(); protected Vector<String> mConfigNames = new Vector<String>(); - + /** * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } @@ -60,28 +58,26 @@ public abstract class EnrollOutput implements IProfileOutput { /** * Populates the request with this policy default. - * + * * @param ctx profile context * @param request request * @exception EProfileException failed to populate */ public abstract void populate(IProfileContext ctx, IRequest request) - throws EProfileException; + throws EProfileException; /** - * Retrieves the descriptor of the given value - * parameter by name. - * + * Retrieves the descriptor of the given value parameter by name. + * * @param locale user locale * @param name property name * @return property descriptor */ public abstract IDescriptor getValueDescriptor(Locale locale, String name); - /** * Retrieves the localizable name of this policy. - * + * * @param locale user locale * @return output policy name */ @@ -89,7 +85,7 @@ public abstract class EnrollOutput implements IProfileOutput { /** * Retrieves the localizable description of this policy. - * + * * @param locale user locale * @return output policy description */ @@ -103,7 +99,7 @@ public abstract class EnrollOutput implements IProfileOutput { } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { return request.getExtDataInString(name); } @@ -111,7 +107,7 @@ public abstract class EnrollOutput implements IProfileOutput { * Sets the value of the given value parameter by name. */ public void setValue(String name, Locale locale, IRequest request, - String value) throws EPropertyException { + String value) throws EPropertyException { request.setExtData(name, value); } @@ -124,7 +120,7 @@ public abstract class EnrollOutput implements IProfileOutput { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { } public String getConfig(String name) { diff --git a/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java b/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java index 65718481..e2d9a08c 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; - import java.io.ByteArrayOutputStream; import java.security.cert.X509Certificate; import java.util.Locale; @@ -42,14 +41,13 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** - * This class implements the output plugin that outputs - * PKCS7 for the issued certificate. - * + * This class implements the output plugin that outputs PKCS7 for the issued + * certificate. + * * @version $Revision$, $Date$ */ -public class PKCS7Output extends EnrollOutput implements IProfileOutput { +public class PKCS7Output extends EnrollOutput implements IProfileOutput { public static final String VAL_PRETTY_CERT = "pretty_cert"; public static final String VAL_PKCS7 = "pkcs7"; @@ -63,7 +61,7 @@ public class PKCS7Output extends EnrollOutput implements IProfileOutput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -85,72 +83,71 @@ public class PKCS7Output extends EnrollOutput implements IProfileOutput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_PRETTY_CERT)) { return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CERT_PP")); + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_CERT_PP")); } else if (name.equals(VAL_PKCS7)) { return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_PKCS7_B64")); + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_PKCS7_B64")); } return null; } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { if (name.equals(VAL_PRETTY_CERT)) { X509CertImpl cert = request.getExtDataInCert( EnrollProfile.REQUEST_ISSUED_CERT); if (cert == null) - return null; - ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); + return null; + ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); return prettyCert.toString(locale); } else if (name.equals(VAL_PKCS7)) { try { - X509CertImpl cert = request.getExtDataInCert( - EnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) - return null; - - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem("ca"); - CertificateChain cachain = ca.getCACertChain(); - X509Certificate[] cacerts = cachain.getChain(); - - X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; - int m = 1, n = 0; - - for (; n < cacerts.length; m++, n++) { - userChain[m] = (X509CertImpl) cacerts[n]; - } - - userChain[0] = cert; - PKCS7 p7 = new PKCS7(new AlgorithmId[0], - new ContentInfo(new byte[0]), - userChain, - new SignerInfo[0]); - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - - p7.encodeSignedData(bos); - byte[] p7Bytes = bos.toByteArray(); - String p7Str = CMS.BtoA(p7Bytes); - - return p7Str; + X509CertImpl cert = request.getExtDataInCert( + EnrollProfile.REQUEST_ISSUED_CERT); + if (cert == null) + return null; + + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem("ca"); + CertificateChain cachain = ca.getCACertChain(); + X509Certificate[] cacerts = cachain.getChain(); + + X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; + int m = 1, n = 0; + + for (; n < cacerts.length; m++, n++) { + userChain[m] = (X509CertImpl) cacerts[n]; + } + + userChain[0] = cert; + PKCS7 p7 = new PKCS7(new AlgorithmId[0], + new ContentInfo(new byte[0]), + userChain, + new SignerInfo[0]); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + + p7.encodeSignedData(bos); + byte[] p7Bytes = bos.toByteArray(); + String p7Str = CMS.BtoA(p7Bytes); + + return p7Str; } catch (Exception e) { - return ""; + return ""; } } else { return null; diff --git a/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java index 90aa40a1..2ba07e6e 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; - import java.util.Locale; import netscape.security.x509.X509CertImpl; @@ -33,14 +32,13 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** - * This class implements the output plugin that outputs - * DER for the issued certificate for token keys - * + * This class implements the output plugin that outputs DER for the issued + * certificate for token keys + * * @version $Revision$, $Date$ */ -public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { +public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { public static final String VAL_DER = "der"; @@ -52,7 +50,7 @@ public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -74,35 +72,34 @@ public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_DER)) { return new Descriptor("der_b64", null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_DER_B64")); + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_DER_B64")); } return null; } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { if (name.equals(VAL_DER)) { try { - X509CertImpl cert = request.getExtDataInCert( - EnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) - return null; - return CMS.BtoA(cert.getEncoded()); + X509CertImpl cert = request.getExtDataInCert( + EnrollProfile.REQUEST_ISSUED_CERT); + if (cert == null) + return null; + return CMS.BtoA(cert.getEncoded()); } catch (Exception e) { - return ""; + return ""; } } else { return null; diff --git a/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java b/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java index 69803421..589763b5 100644 --- a/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java +++ b/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java @@ -43,8 +43,8 @@ import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cms.profile.common.EnrollProfile; /** - * This updater class will create the new user to the subsystem group and - * then add the subsystem certificate to the user. + * This updater class will create the new user to the subsystem group and then + * add the subsystem certificate to the user. * * @version $Revision$, $Date$ */ @@ -58,7 +58,7 @@ public class SubsystemGroupUpdater implements IProfileUpdater { private Vector mValueNames = new Vector(); private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = - "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; private final static String SIGNED_AUDIT_PASSWORD_VALUE = "********"; private final static String SIGNED_AUDIT_EMPTY_NAME_VALUE_PAIR = "Unknown"; private final static String SIGNED_AUDIT_NAME_VALUE_DELIMITER = ";;"; @@ -67,8 +67,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater { public SubsystemGroupUpdater() { } - public void init(IProfile profile, IConfigStore config) - throws EProfileException { + public void init(IProfile profile, IConfigStore config) + throws EProfileException { mConfig = config; mProfile = profile; mEnrollProfile = (EnrollProfile) profile; @@ -82,8 +82,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater { return null; } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { if (mConfig.getSubStore("params") == null) { // } else { @@ -108,8 +108,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater { return mConfig; } - public void update(IRequest req, RequestStatus status) - throws EProfileException { + public void update(IRequest req, RequestStatus status) + throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -124,33 +124,34 @@ public class SubsystemGroupUpdater implements IProfileUpdater { return; IConfigStore mainConfig = CMS.getConfigStore(); - - int num=0; + + int num = 0; try { num = mainConfig.getInteger("subsystem.count", 0); - } catch (Exception e) {} + } catch (Exception e) { + } IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); String requestor_name = "subsystem"; try { - requestor_name = req.getExtDataInString("requestor_name"); + requestor_name = req.getExtDataInString("requestor_name"); } catch (Exception e1) { - // ignore + // ignore } // i.e. tps-1.2.3.4-4 String id = requestor_name; - + num++; mainConfig.putInteger("subsystem.count", num); - + try { mainConfig.commit(false); } catch (Exception e) { } String auditParams = "Scope;;users+Operation;;OP_ADD+source;;SubsystemGroupUpdater" + - "+Resource;;"+ id + + "+Resource;;" + id + "+fullname;;" + id + "+state;;1" + "+userType;;agentType+email;;<null>+password;;<null>+phone;;<null>"; @@ -196,8 +197,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater { } auditParams = "Scope;;certs+Operation;;OP_ADD+source;;SubsystemGroupUpdater" + - "+Resource;;"+ id + - "+cert;;"+ b64; + "+Resource;;" + id + + "+cert;;" + b64; system.addUserCert(user); CMS.debug("SubsystemGroupUpdater update: successfully add the user certificate"); @@ -216,7 +217,7 @@ public class SubsystemGroupUpdater implements IProfileUpdater { ILogger.FAILURE, auditParams); audit(auditMessage); - throw new EProfileException(e.toString()); + throw new EProfileException(e.toString()); } } catch (Exception e) { CMS.debug("UpdateSubsystemGroup: update addUser " + e.toString()); @@ -232,17 +233,17 @@ public class SubsystemGroupUpdater implements IProfileUpdater { IGroup group = null; String groupName = "Subsystem Group"; auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;SubsystemGroupUpdater" + - "+Resource;;"+ groupName; + "+Resource;;" + groupName; try { group = system.getGroupFromName(groupName); - + auditParams += "+user;;"; Enumeration members = group.getMemberNames(); while (members.hasMoreElements()) { auditParams += (String) members.nextElement(); if (members.hasMoreElements()) { - auditParams +=","; + auditParams += ","; } } @@ -287,10 +288,10 @@ public class SubsystemGroupUpdater implements IProfileUpdater { } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } private String auditSubjectID() { diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java index aea489e3..ca05129c 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java @@ -20,7 +20,6 @@ package com.netscape.cms.publish.mappers; - /////////////////////// // import statements // /////////////////////// @@ -49,24 +48,24 @@ import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.publish.ECompSyntaxErr; import com.netscape.certsrv.request.IRequest; - ////////////////////// // class definition // ////////////////////// /** - * avaPattern is a string representing an ldap - * attribute formulated from the certificate - * subject name, extension or request attributes. + * avaPattern is a string representing an ldap attribute formulated from the + * certificate subject name, extension or request attributes. * <p> * - * The syntax is + * The syntax is + * * <pre> * avaPattern := constant-value | * "$subj" "." attrName [ "." attrNumber ] | * "$req" "." [ prefix .] attrName [ "." attrNumber ] | - * "$ext" "." extName [ "." nameType ] [ "." attrNumber ] + * "$ext" "." extName [ "." nameType ] [ "." attrNumber ] * </pre> + * * <pre> * Example: <i>$ext.SubjectAlternativeName.RFC822Name.1</i> * cert subjectAltName is rfc822Name: jjames@mcom.com @@ -77,15 +76,16 @@ import com.netscape.certsrv.request.IRequest; * The first rfc822name value in the subjAltName extension. <br> * <p> * </pre> - * If a request attribute or subject DN component does not exist, - * the attribute is skipped. - * + * + * If a request attribute or subject DN component does not exist, the attribute + * is skipped. + * * @version $Revision$, $Date$ */ class AVAPattern { - //////////////// + // ////////////// // parameters // - //////////////// + // ////////////// /* the value type of the dn component */ public static final String TYPE_REQ = "$req"; @@ -101,29 +101,30 @@ class AVAPattern { "EDIName", "URIName", "IPAddress", - "OIDName"}; + "OIDName" }; private static final char[] endChars = new char[] { '+', ',' }; - private static final LdapV3DNStrConverter mLdapDNStrConverter = - new LdapV3DNStrConverter(); + private static final LdapV3DNStrConverter mLdapDNStrConverter = + new LdapV3DNStrConverter(); - /* the list of request attributes needed by this AVA */ + /* the list of request attributes needed by this AVA */ protected String[] mReqAttrs = null; - /* the list of cert attributes needed by this AVA*/ + /* the list of cert attributes needed by this AVA */ protected String[] mCertAttrs = null; /* value type */ protected String mType = null; - /* value - could be name of a request attribute or - * cert subject attribute or extension name. + /* + * value - could be name of a request attribute or cert subject attribute or + * extension name. */ protected String mValue = null; - /* value type - general name type of an - * extension attribute if any. + /* + * value type - general name type of an extension attribute if any. */ protected String mGNType = null; @@ -135,12 +136,12 @@ class AVAPattern { protected String mTestDN = null; - ///////////// + // /////////// // methods // - ///////////// + // /////////// public AVAPattern(String component) - throws ELdapException { + throws ELdapException { if (component == null || component.length() == 0) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", component)); } @@ -148,33 +149,33 @@ class AVAPattern { parse(new PushbackReader(new StringReader(component))); } - public AVAPattern(PushbackReader in) - throws ELdapException { + public AVAPattern(PushbackReader in) + throws ELdapException { parse(in); } private void parse(PushbackReader in) - throws ELdapException { + throws ELdapException { int c; // skip spaces - //System.out.println("============ AVAPattern Begin ==========="); - //System.out.println("skip spaces"); + // System.out.println("============ AVAPattern Begin ==========="); + // System.out.println("skip spaces"); try { - while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces read "+(char)c); + while ((c = in.read()) == ' ' || c == '\t') {// System.out.println("spaces read "+(char)c); ; } } catch (IOException e) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); } - if (c == -1) { + if (c == -1) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); } if (c == '$') { - // check for $subj $ext or $req + // check for $subj $ext or $req try { c = in.read(); } catch (IOException e) { @@ -189,9 +190,9 @@ class AVAPattern { if (c == 'r') { try { - if (in.read() != 'e' || - in.read() != 'q' || - in.read() != '.') { + if (in.read() != 'e' || + in.read() != 'q' || + in.read() != '.') { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "expecting $req in ava pattern")); } @@ -201,13 +202,13 @@ class AVAPattern { } mType = TYPE_REQ; - //System.out.println("---- mtype $req"); + // System.out.println("---- mtype $req"); } else if (c == 's') { try { - if (in.read() != 'u' || - in.read() != 'b' || - in.read() != 'j' || - in.read() != '.') { + if (in.read() != 'u' || + in.read() != 'b' || + in.read() != 'j' || + in.read() != '.') { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "expecting $subj in ava pattern")); } @@ -217,12 +218,12 @@ class AVAPattern { } mType = TYPE_SUBJ; - //System.out.println("----- mtype $subj"); + // System.out.println("----- mtype $subj"); } else if (c == 'e') { try { - if (in.read() != 'x' || - in.read() != 't' || - in.read() != '.') { + if (in.read() != 'x' || + in.read() != 't' || + in.read() != '.') { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "expecting $ext in ava pattern")); } @@ -232,10 +233,10 @@ class AVAPattern { } mType = TYPE_EXT; - //System.out.println("----- mtype $ext"); + // System.out.println("----- mtype $ext"); } else { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "unknown keyword. expecting $subj $ext or $req.")); + "unknown keyword. expecting $subj $ext or $req.")); } // get request attribute or @@ -245,14 +246,14 @@ class AVAPattern { StringBuffer valueBuf = new StringBuffer(); try { - while ((c = in.read()) != ',' && - c != -1 && c != '.' && c != '+') { - //System.out.println("mValue read "+(char)c); + while ((c = in.read()) != ',' && + c != -1 && c != '.' && c != '+') { + // System.out.println("mValue read "+(char)c); valueBuf.append((char) c); } if (c == '+' || c == ',') { // either ',' or '+' - in.unread(c); // pushback last , or + + in.unread(c); // pushback last , or + } } catch (IOException e) { throw new ELdapException( @@ -260,11 +261,11 @@ class AVAPattern { } mValue = valueBuf.toString().trim(); - if (mValue.length() == 0) { + if (mValue.length() == 0) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "$subj $ext or $req attribute name expected")); } - //System.out.println("----- mValue "+mValue); + // System.out.println("----- mValue "+mValue); // get nth dn xxx not nth request attribute . if (c == '.') { @@ -272,13 +273,13 @@ class AVAPattern { try { while ((c = in.read()) != ',' && c != -1 && c != '.' - && c != '+') { - //System.out.println("mElement read "+(char)c); + && c != '+') { + // System.out.println("mElement read "+(char)c); attrNumberBuf.append((char) c); } - if (c == ',' || c == '+') { // either ',' or '+' - in.unread(c); // pushback last , or + + if (c == ',' || c == '+') { // either ',' or '+' + in.unread(c); // pushback last , or + } } catch (IOException e) { throw new ELdapException( @@ -304,7 +305,7 @@ class AVAPattern { } else { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid format in nth element " + - "$req $ext or $subj")); + "$req $ext or $subj")); } // get nth request attribute . @@ -313,14 +314,14 @@ class AVAPattern { try { while ((c = in.read()) != ',' && - c != -1 && c != '+') { - //System.out.println("mElement read "+ - // (char)c); + c != -1 && c != '+') { + // System.out.println("mElement read "+ + // (char)c); attrNumberBuf1.append((char) c); } - if (c != -1) { // either ',' or '+' - in.unread(c); // pushback last , or + + if (c != -1) { // either ',' or '+' + in.unread(c); // pushback last , or + } } catch (IOException ex) { throw new ELdapException( @@ -328,28 +329,28 @@ class AVAPattern { } String attrNumber1 = - attrNumberBuf1.toString().trim(); + attrNumberBuf1.toString().trim(); if (attrNumber1.length() == 0) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "nth element $req or $ext expected")); } - try { - mElement = Integer.parseInt(attrNumber1) - 1; + try { + mElement = Integer.parseInt(attrNumber1) - 1; } catch (NumberFormatException ex) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid format in nth element " + - "$req or $ext.")); + "$req or $ext.")); } } } } - //System.out.println("----- mElement "+mElement); + // System.out.println("----- mElement "+mElement); } else { // value is constant. treat as regular ava. mType = TYPE_CONSTANT; - // parse ava value. + // parse ava value. StringBuffer valueBuf = new StringBuffer(); valueBuf.append((char) c); @@ -361,7 +362,7 @@ class AVAPattern { } if (c == '+' || c == ',') { // either ',' or '+' - in.unread(c); // pushback last , or + + in.unread(c); // pushback last , or + } } catch (IOException e) { throw new ELdapException( @@ -370,22 +371,19 @@ class AVAPattern { mValue = valueBuf.toString().trim(); - /* try { - * AVA ava = mLdapDNStrConverter.parseAVA( - * valueBuf.toString()); - * mValue = ava.toLdapDNString(); - * //System.out.println("----- mValue "+mValue); - * } catch (IOException e) { - * throw new ECompSyntaxErr(e.toString()); - * } + /* + * try { AVA ava = mLdapDNStrConverter.parseAVA( + * valueBuf.toString()); mValue = ava.toLdapDNString(); + * //System.out.println("----- mValue "+mValue); } catch + * (IOException e) { throw new ECompSyntaxErr(e.toString()); } */ } } public String formAVA(IRequest req, - X500Name subject, - CertificateExtensions extensions) - throws ELdapException { + X500Name subject, + CertificateExtensions extensions) + throws ELdapException { if (TYPE_CONSTANT.equals(mType)) { return mValue; } @@ -393,11 +391,11 @@ class AVAPattern { if (TYPE_SUBJ.equals(mType)) { String dn = subject.toString(); - if (mTestDN != null) { + if (mTestDN != null) { dn = mTestDN; } - //System.out.println("AVAPattern Using dn "+mTestDN); + // System.out.println("AVAPattern Using dn "+mTestDN); String[] rdns = LDAPDN.explodeDN(dn, false); String value = null; @@ -410,8 +408,8 @@ class AVAPattern { for (int j = 0; j < avas.length; j++) { String[] exploded = explodeAVA(avas[j]); - if (exploded[0].equalsIgnoreCase(mValue) && - ++nFound == mElement) { + if (exploded[0].equalsIgnoreCase(mValue) && + ++nFound == mElement) { value = exploded[1]; break; } @@ -431,10 +429,10 @@ class AVAPattern { for (int i = 0; i < extensions.size(); i++) { Extension ext = (Extension) - extensions.elementAt(i); + extensions.elementAt(i); String extName = - OIDMap.getName(ext.getExtensionId()); + OIDMap.getName(ext.getExtensionId()); int index = extName.lastIndexOf("."); @@ -450,9 +448,9 @@ class AVAPattern { SubjectAlternativeNameExtension.class.getSimpleName())) { try { GeneralNames subjectNames = (GeneralNames) - ((SubjectAlternativeNameExtension) + ((SubjectAlternativeNameExtension) ext).get( - SubjectAlternativeNameExtension.SUBJECT_NAME); + SubjectAlternativeNameExtension.SUBJECT_NAME); if (subjectNames.size() == 0) { break; @@ -461,11 +459,10 @@ class AVAPattern { int j = 0; for (Enumeration<GeneralNameInterface> n = - subjectNames.elements(); - n.hasMoreElements();) { + subjectNames.elements(); n.hasMoreElements();) { GeneralName gn = (GeneralName) - n.nextElement(); + n.nextElement(); String gname = gn.toString(); @@ -476,7 +473,7 @@ class AVAPattern { } String gType = - gname.substring(0, index); + gname.substring(0, index); if (mGNType != null) { if (mGNType.equalsIgnoreCase(gType)) { @@ -497,12 +494,12 @@ class AVAPattern { j++; } } - } catch (IOException e) { + } catch (IOException e) { CMS.debug( - "AVAPattern: Publishing attr not formed " + - "from extension " + - "-- no attr : " + - mValue); + "AVAPattern: Publishing attr not formed " + + "from extension " + + "-- no attr : " + + mValue); } } } @@ -510,10 +507,10 @@ class AVAPattern { } CMS.debug( - "AVAPattern: Publishing:attr not formed " + - "from extension " + - "-- no attr : " + - mValue); + "AVAPattern: Publishing:attr not formed " + + "from extension " + + "-- no attr : " + + mValue); return null; } @@ -522,8 +519,7 @@ class AVAPattern { // mPrefix and mValue are looked up case-insensitive String reqAttr = req.getExtDataInString(mPrefix, mValue); if (reqAttr == null) { - throw new - ELdapException( + throw new ELdapException( CMS.getUserMessage("CMS_LDAP_NO_REQUEST", mValue, "")); } @@ -550,10 +546,9 @@ class AVAPattern { } /** - * Explode RDN into AVAs. - * Does not handle escaped '+' - * Java ldap library does not yet support multiple avas per rdn. - * If RDN is malformed returns empty array. + * Explode RDN into AVAs. Does not handle escaped '+' Java ldap library does + * not yet support multiple avas per rdn. If RDN is malformed returns empty + * array. */ public static String[] explodeRDN(String rdn) { int plus = rdn.indexOf('+'); @@ -578,9 +573,8 @@ class AVAPattern { } /** - * Explode AVA into name and value. - * Does not handle escaped '=' - * If AVA is malformed empty array is returned. + * Explode AVA into name and value. Does not handle escaped '=' If AVA is + * malformed empty array is returned. */ public static String[] explodeAVA(String ava) { int equals = ava.indexOf('='); @@ -593,4 +587,3 @@ class AVAPattern { ava.substring(equals + 1).trim() }; } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java index 3cf1bca8..ee903016 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Locale; @@ -48,20 +47,18 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; - -/** - * Maps a request to an entry in the LDAP server. - * Takes a dnPattern to form the baseDN from the request attributes - * and certificate subject name.Do a base search for the entry - * in the directory to publish the cert or crl. - * The restriction of this mapper is that the ldap dn components must - * be part of certificate subject name or request attributes or constant. - * +/** + * Maps a request to an entry in the LDAP server. Takes a dnPattern to form the + * baseDN from the request attributes and certificate subject name.Do a base + * search for the entry in the directory to publish the cert or crl. The + * restriction of this mapper is that the ldap dn components must be part of + * certificate subject name or request attributes or constant. + * * @version $Revision$, $Date$ */ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { - protected static final String PROP_DNPATTERN = "dnPattern"; - protected static final String PROP_CREATECA = "createCAEntry"; + protected static final String PROP_DNPATTERN = "dnPattern"; + protected static final String PROP_CREATECA = "createCAEntry"; protected String mDnPattern = null; protected boolean mCreateCAEntry = true; @@ -72,20 +69,20 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { /* the subject DN pattern */ protected MapDNPattern mPattern = null; - /* the list of request attriubutes to retrieve*/ + /* the list of request attriubutes to retrieve */ protected String[] mReqAttrs = null; - /* the list of cert attriubutes to retrieve*/ + /* the list of cert attriubutes to retrieve */ protected String[] mCertAttrs = null; /* default dn pattern if left blank or not set in the config */ - public static final String DEFAULT_DNPATTERN = - "UID=$req.HTTP_PARAMS.UID, OU=people, O=$subj.o, C=$subj.c"; + public static final String DEFAULT_DNPATTERN = + "UID=$req.HTTP_PARAMS.UID, OU=people, O=$subj.o, C=$subj.c"; - /** + /** * Constructor. - * - * @param dnPattern The base DN. + * + * @param dnPattern The base DN. */ public LdapCaSimpleMap(String dnPattern) { try { @@ -93,7 +90,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); } - + } /** @@ -105,11 +102,11 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { String params[] = { "dnPattern;string;Describes how to form the Ldap Subject name in" + - " the directory. Example 1: 'uid=CertMgr, o=Fedora'. Example 2:" + - " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " + - "$req means: take the attribute from the request. " + - "$subj means: take the attribute from the certificate subject name. " + - "$ext means: take the attribute from the certificate extension", + " the directory. Example 1: 'uid=CertMgr, o=Fedora'. Example 2:" + + " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " + + "$req means: take the attribute from the request. " + + "$subj means: take the attribute from the certificate subject name. " + + "$ext means: take the attribute from the certificate extension", "createCAEntry;boolean;If checked, CA entry will be created automatically", IExtendedPluginInfo.HELP_TOKEN + ";configuration-ldappublish-mapper-casimplemapper", IExtendedPluginInfo.HELP_TEXT + ";Describes how to form the LDAP DN of the entry to publish to" @@ -122,11 +119,11 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { return mConfig; } - /** + /** * for initializing from config store. */ - public void init(IConfigStore config) - throws EBaseException { + public void init(IConfigStore config) + throws EBaseException { mConfig = config; String dnPattern = mConfig.getString(PROP_DNPATTERN); @@ -138,12 +135,12 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { * common initialization routine. */ protected void init(String dnPattern) - throws EBaseException { - if (mInited) + throws EBaseException { + if (mInited) return; mDnPattern = dnPattern; - if (mDnPattern == null || mDnPattern.length() == 0) + if (mDnPattern == null || mDnPattern.length() == 0) mDnPattern = DEFAULT_DNPATTERN; try { mPattern = new MapDNPattern(mDnPattern); @@ -151,7 +148,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { String[] mCertAttrs = mPattern.getCertAttrs(); } catch (ELdapException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", dnPattern, e.toString())); - throw new EBaseException("falied to init with pattern " + + throw new EBaseException("falied to init with pattern " + dnPattern + " " + e); } @@ -159,29 +156,29 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { } /** - * Maps a X500 subject name to LDAP entry. - * Uses DN pattern to form a DN for a LDAP base search. + * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for + * a LDAP base search. * - * @param conn the LDAP connection. - * @param obj the object to map. + * @param conn the LDAP connection. + * @param obj the object to map. * @exception ELdapException if any LDAP exceptions occured. - */ + */ public String map(LDAPConnection conn, Object obj) - throws ELdapException { + throws ELdapException { return map(conn, null, obj); } /** - * Maps a X500 subject name to LDAP entry. - * Uses DN pattern to form a DN for a LDAP base search. + * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for + * a LDAP base search. * - * @param conn the LDAP connection. - * @param req the request to map. - * @param obj the object to map. + * @param conn the LDAP connection. + * @param req the request to map. + * @param obj the object to map. * @exception ELdapException if any LDAP exceptions occured. - */ + */ public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { if (conn == null) return null; String dn = null; @@ -204,26 +201,26 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { String[] attrs = new String[] { LDAPv3.NO_ATTRS }; log(ILogger.LL_INFO, "searching for dn: " + dn + " filter:" - + filter + " scope: base"); + + filter + " scope: base"); - LDAPSearchResults results = - conn.search(dn, scope, filter, attrs, false); + LDAPSearchResults results = + conn.search(dn, scope, filter, attrs, false); LDAPEntry entry = results.next(); if (results.hasMoreElements()) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn, - ((req == null) ? "" : req.getRequestId().toString()))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn, + ((req == null) ? "" : req.getRequestId().toString()))); throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", - ((req == null) ? "" : req.getRequestId().toString()))); + CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", + ((req == null) ? "" : req.getRequestId().toString()))); } if (entry != null) return entry.getDN(); else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn, - ((req == null) ? "" : req.getRequestId().toString()))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn, + ((req == null) ? "" : req.getRequestId().toString()))); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", "null entry")); } @@ -232,7 +229,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT && mCreateCAEntry) { try { @@ -246,8 +243,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CA_ENTRY_NOT_CREATED1")); } - throw new - ELdapException(CMS.getUserMessage("CMS_LDAP_CREATE_CA_FAILED", dn)); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_CREATE_CA_FAILED", dn)); } } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", dn, e.toString())); @@ -260,19 +256,19 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { } private void createCAEntry(LDAPConnection conn, String dn) - throws LDAPException { + throws LDAPException { LDAPAttributeSet attrs = new LDAPAttributeSet(); // OID 2.5.6.16 - String caOc[] = new String[] {"top", - "person", - "organizationalPerson", - "inetOrgPerson"}; - - String oOc[] = {"top", - "organization"}; - String oiOc[] = {"top", - "organizationalunit"}; - + String caOc[] = new String[] { "top", + "person", + "organizationalPerson", + "inetOrgPerson" }; + + String oOc[] = { "top", + "organization" }; + String oiOc[] = { "top", + "organizationalunit" }; + DN dnobj = new DN(dn); String attrval[] = dnobj.explodeDN(true); @@ -286,6 +282,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { /** * form a dn from component in the request and cert subject name + * * @param req The request * @param obj The certificate or crl */ @@ -296,13 +293,13 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { try { X509Certificate cert = (X509Certificate) obj; - subjectDN = + subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); CMS.debug("LdapCaSimpleMap: cert subject dn:" + subjectDN.toString()); X509CertInfo info = (X509CertInfo) - ((X509CertImpl) cert).get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + ((X509CertImpl) cert).get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); certExt = (CertificateExtensions) info.get( CertificateExtensions.NAME); @@ -316,12 +313,12 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { try { X509CRLImpl crl = (X509CRLImpl) obj; - subjectDN = + subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN(); CMS.debug("LdapCaSimpleMap: crl issuer dn: " + - subjectDN.toString()); - }catch (ClassCastException ex) { + subjectDN.toString()); + } catch (ClassCastException ex) { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED", ((req == null) ? "" : req.getRequestId().toString()))); return null; @@ -332,9 +329,9 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { return dn; } catch (ELdapException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_FORM_DN", - ((req == null) ? "" : req.getRequestId().toString()), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CANT_FORM_DN", + ((req == null) ? "" : req.getRequestId().toString()), e.toString())); throw new EBaseException("falied to form dn for request: " + ((req == null) ? "" : req.getRequestId().toString()) + " " + e); } @@ -362,9 +359,9 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { try { if (mDnPattern == null) { v.addElement(PROP_DNPATTERN + "="); - }else { + } else { v.addElement(PROP_DNPATTERN + "=" + - mConfig.getString(PROP_DNPATTERN)); + mConfig.getString(PROP_DNPATTERN)); } v.addElement(PROP_CREATECA + "=" + mConfig.getBoolean(PROP_CREATECA, true)); } catch (Exception e) { @@ -374,8 +371,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCaSimpleMapper: " + msg); + "LdapCaSimpleMapper: " + msg); } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java index 17c562ce..0b510472 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.security.cert.CRLException; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; @@ -34,22 +33,20 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; - -/** - * Maps a X509 certificate to a LDAP entry using AVAs in the certificate's - * subject name to form the ldap search dn and filter. - * Takes a optional root search dn. - * The DN comps are used to form a LDAP entry to begin a subtree search. - * The filter comps are used to form a search filter for the subtree. - * If none of the DN comps matched, baseDN is used for the subtree. - * If the baseDN is null and none of the DN comps matched, it is an error. - * If none of the DN comps and filter comps matched, it is an error. - * If just the filter comps is null, a base search is performed. - * +/** + * Maps a X509 certificate to a LDAP entry using AVAs in the certificate's + * subject name to form the ldap search dn and filter. Takes a optional root + * search dn. The DN comps are used to form a LDAP entry to begin a subtree + * search. The filter comps are used to form a search filter for the subtree. If + * none of the DN comps matched, baseDN is used for the subtree. If the baseDN + * is null and none of the DN comps matched, it is an error. If none of the DN + * comps and filter comps matched, it is an error. If just the filter comps is + * null, a base search is performed. + * * @version $Revision$, $Date$ */ -public class LdapCertCompsMap - extends LdapDNCompsMap implements ILdapMapper { +public class LdapCertCompsMap + extends LdapDNCompsMap implements ILdapMapper { ILogger mLogger = CMS.getLogger(); public LdapCertCompsMap() { @@ -57,22 +54,22 @@ public class LdapCertCompsMap // via configuration } - /** + /** * Constructor. - * - * The DN comps are used to form a LDAP entry to begin a subtree search. - * The filter comps are used to form a search filter for the subtree. - * If none of the DN comps matched, baseDN is used for the subtree. - * If the baseDN is null and none of the DN comps matched, it is an error. - * If none of the DN comps and filter comps matched, it is an error. - * If just the filter comps is null, a base search is performed. * - * @param baseDN The base DN. + * The DN comps are used to form a LDAP entry to begin a subtree search. The + * filter comps are used to form a search filter for the subtree. If none of + * the DN comps matched, baseDN is used for the subtree. If the baseDN is + * null and none of the DN comps matched, it is an error. If none of the DN + * comps and filter comps matched, it is an error. If just the filter comps + * is null, a base search is performed. + * + * @param baseDN The base DN. * @param dnComps Components to form the LDAP base dn for search. * @param filterComps Components to form the LDAP search filter. */ public LdapCertCompsMap(String baseDN, ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { + ObjectIdentifier[] filterComps) { init(baseDN, dnComps, filterComps); } @@ -99,40 +96,38 @@ public class LdapCertCompsMap /** * constructor using non-standard certificate attribute. */ - public LdapCertCompsMap(String certAttr, String baseDN, - ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { + public LdapCertCompsMap(String certAttr, String baseDN, + ObjectIdentifier[] dnComps, + ObjectIdentifier[] filterComps) { super(certAttr, baseDN, dnComps, filterComps); } protected void init(String baseDN, ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { + ObjectIdentifier[] filterComps) { super.init(baseDN, dnComps, filterComps); } /** - * Maps a certificate to LDAP entry. - * Uses DN components and filter components to form a DN and - * filter for a LDAP search. - * If the formed DN is null the baseDN will be used. - * If the formed DN is null and baseDN is null an error is thrown. - * If the filter is null a base search is performed. - * If both are null an error is thrown. + * Maps a certificate to LDAP entry. Uses DN components and filter + * components to form a DN and filter for a LDAP search. If the formed DN is + * null the baseDN will be used. If the formed DN is null and baseDN is null + * an error is thrown. If the filter is null a base search is performed. If + * both are null an error is thrown. * * @param conn - the LDAP connection. * @param obj - the X509Certificate. */ public String - map(LDAPConnection conn, Object obj) - throws ELdapException { + map(LDAPConnection conn, Object obj) + throws ELdapException { if (conn == null) return null; try { X509Certificate cert = (X509Certificate) obj; String result = null; // form dn and filter for search. - X500Name subjectDN = - (X500Name) ((X509Certificate) cert).getSubjectDN(); + X500Name subjectDN = + (X500Name) ((X509Certificate) cert).getSubjectDN(); CMS.debug("LdapCertCompsMap: " + subjectDN.toString()); @@ -148,8 +143,8 @@ public class LdapCertCompsMap try { X509CRLImpl crl = (X509CRLImpl) obj; String result = null; - X500Name issuerDN = - (X500Name) ((X509CRLImpl) crl).getIssuerDN(); + X500Name issuerDN = + (X500Name) ((X509CRLImpl) crl).getIssuerDN(); CMS.debug("LdapCertCompsMap: " + issuerDN.toString()); @@ -168,14 +163,13 @@ public class LdapCertCompsMap } public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return map(conn, obj); } private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCertCompsMap: " + msg); + "LdapCertCompsMap: " + msg); } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java index 7eded9cd..d8e95d60 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.security.cert.X509Certificate; import java.util.Locale; import java.util.Vector; @@ -41,11 +40,10 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; - -/** - * Maps a X509 certificate to a LDAP entry by using the subject name - * of the certificate as the LDAP entry DN. - * +/** + * Maps a X509 certificate to a LDAP entry by using the subject name of the + * certificate as the LDAP entry DN. + * * @version $Revision$, $Date$ */ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { @@ -64,7 +62,7 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { } public void init(IConfigStore config) - throws EBaseException { + throws EBaseException { if (mInited == true) return; mConfig = config; @@ -74,9 +72,9 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { String[] params = { IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-mapper-certexactmapper", + ";configuration-ldappublish-mapper-certexactmapper", IExtendedPluginInfo.HELP_TEXT + - ";Literally uses the subject name of the certificate as the DN to publish to" + ";Literally uses the subject name of the certificate as the DN to publish to" }; return params; @@ -95,7 +93,7 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { return v; } - + public Vector<String> getInstanceParams() { Vector<String> v = new Vector<String>(); @@ -103,15 +101,15 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { } /** - * Finds the entry for the certificate by looking for the cert - * subject name in the subject name attribute. + * Finds the entry for the certificate by looking for the cert subject name + * in the subject name attribute. * * @param conn - the LDAP connection. * @param obj - the X509Certificate. - */ + */ public String - map(LDAPConnection conn, Object obj) - throws ELdapException { + map(LDAPConnection conn, Object obj) + throws ELdapException { if (conn == null) return null; @@ -120,7 +118,7 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { try { X509Certificate cert = (X509Certificate) obj; - subjectDN = + subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); CMS.debug("LdapCertExactMap: cert subject dn:" + subjectDN.toString()); @@ -128,12 +126,12 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { try { X509CRLImpl crl = (X509CRLImpl) obj; - subjectDN = + subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN(); CMS.debug("LdapCertExactMap: crl issuer dn: " + - subjectDN.toString()); - }catch (ClassCastException ex) { + subjectDN.toString()); + } catch (ClassCastException ex) { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); return null; } @@ -141,19 +139,19 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { try { boolean hasCert = false; boolean hasSubjectName = false; - String[] attrs = new String[] { LDAPv3.NO_ATTRS }; + String[] attrs = new String[] { LDAPv3.NO_ATTRS }; log(ILogger.LL_INFO, "Searching for " + subjectDN.toString()); - LDAPSearchResults results = - conn.search(subjectDN.toString(), LDAPv2.SCOPE_BASE, - "(objectclass=*)", attrs, false); - + LDAPSearchResults results = + conn.search(subjectDN.toString(), LDAPv2.SCOPE_BASE, + "(objectclass=*)", attrs, false); + LDAPEntry entry = results.next(); if (results.hasMoreElements()) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString())); } if (entry != null) { log(ILogger.LL_INFO, "entry found"); @@ -165,7 +163,7 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", e.toString())); @@ -174,30 +172,23 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { } /* - catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString())); - throw new ELdapException( - LdapResources.GET_CERT_SUBJECT_DN_FAILED, e); - } - catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString())); - throw new ELdapException( - LdapResources.GET_DER_ENCODED_CERT_FAILED, e); - } + * catch (IOException e) { log(ILogger.LL_FAILURE, + * CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString())); throw + * new ELdapException( LdapResources.GET_CERT_SUBJECT_DN_FAILED, e); } + * catch (CertificateEncodingException e) { log(ILogger.LL_FAILURE, + * CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString())); throw + * new ELdapException( LdapResources.GET_DER_ENCODED_CERT_FAILED, e); } */ } public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return map(conn, obj); } private void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCertExactMap: " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, + "LdapCertExactMap: " + msg); } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java index 42db2b27..a999cd0f 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.security.cert.X509Certificate; import java.util.Locale; import java.util.Vector; @@ -41,11 +40,10 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; - -/** - * Maps a X509 certificate to a LDAP entry by finding an LDAP entry - * which has an attribute whose contents are equal to the cert subject name. - * +/** + * Maps a X509 certificate to a LDAP entry by finding an LDAP entry which has an + * attribute whose contents are equal to the cert subject name. + * * @version $Revision$, $Date$ */ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { @@ -64,8 +62,9 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { /** * constructs a certificate subject name mapper with search base. - * @param searchBase the dn to start searching for the certificate - * subject name. + * + * @param searchBase the dn to start searching for the certificate subject + * name. */ public LdapCertSubjMap(String searchBase) { if (searchBase == null) @@ -82,10 +81,10 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { * @param certSubjNameAttr attribute for certificate subject names. * @param certAttr attribute to find certificate. */ - public LdapCertSubjMap(String searchBase, - String certSubjNameAttr, String certAttr) { - if (searchBase == null || - certSubjNameAttr == null || certAttr == null) + public LdapCertSubjMap(String searchBase, + String certSubjNameAttr, String certAttr) { + if (searchBase == null || + certSubjNameAttr == null || certAttr == null) throw new IllegalArgumentException( "a null argument to constructor " + this.getClass().getName()); mCertSubjNameAttr = certSubjNameAttr; @@ -93,10 +92,10 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { mInited = true; } - public LdapCertSubjMap(String searchBase, - String certSubjNameAttr, String certAttr, boolean useAllEntries) { - if (searchBase == null || - certSubjNameAttr == null || certAttr == null) + public LdapCertSubjMap(String searchBase, + String certSubjNameAttr, String certAttr, boolean useAllEntries) { + if (searchBase == null || + certSubjNameAttr == null || certAttr == null) throw new IllegalArgumentException( "a null argument to constructor " + this.getClass().getName()); mCertSubjNameAttr = certSubjNameAttr; @@ -128,15 +127,15 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { "searchBase;string;Base DN to search from", "useAllEntries;boolean;Use all entries for publishing", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-mapper-certsubjmapper", + ";configuration-ldappublish-mapper-certsubjmapper", IExtendedPluginInfo.HELP_TEXT + - ";This plugin assumes you want to publish to an LDAP entry which has " + - "an attribute whose contents are equal to the cert subject name" + ";This plugin assumes you want to publish to an LDAP entry which has " + + "an attribute whose contents are equal to the cert subject name" }; return params; } - + public Vector<String> getInstanceParams() { Vector<String> v = new Vector<String>(); @@ -159,7 +158,7 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { } public void init(IConfigStore config) - throws EBaseException { + throws EBaseException { if (mInited == true) return; mConfig = config; @@ -171,15 +170,15 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { } /** - * Finds the entry for the certificate by looking for the cert - * subject name in the subject name attribute. + * Finds the entry for the certificate by looking for the cert subject name + * in the subject name attribute. * * @param conn - the LDAP connection. * @param obj - the X509Certificate. - */ + */ public String - map(LDAPConnection conn, Object obj) - throws ELdapException { + map(LDAPConnection conn, Object obj) + throws ELdapException { if (conn == null) return null; X500Name subjectDN = null; @@ -187,7 +186,7 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { try { X509Certificate cert = (X509Certificate) obj; - subjectDN = + subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); CMS.debug("LdapCertSubjMap: cert subject dn:" + subjectDN.toString()); @@ -195,12 +194,12 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { try { X509CRLImpl crl = (X509CRLImpl) obj; - subjectDN = + subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN(); CMS.debug("LdapCertSubjMap: crl issuer dn: " + - subjectDN.toString()); - }catch (ClassCastException ex) { + subjectDN.toString()); + } catch (ClassCastException ex) { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); return null; } @@ -208,20 +207,20 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { try { boolean hasCert = false; boolean hasSubjectName = false; - String[] attrs = new String[] { LDAPv3.NO_ATTRS }; + String[] attrs = new String[] { LDAPv3.NO_ATTRS }; log(ILogger.LL_INFO, "search " + mSearchBase + - " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr); + " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr); + + LDAPSearchResults results = + conn.search(mSearchBase, LDAPv2.SCOPE_SUB, + "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false); - LDAPSearchResults results = - conn.search(mSearchBase, LDAPv2.SCOPE_SUB, - "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false); - LDAPEntry entry = results.next(); if (results.hasMoreElements()) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString())); } if (entry != null) { log(ILogger.LL_INFO, "entry found"); @@ -233,38 +232,32 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } /* - catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString())); - throw new ELdapException( - LdapResources.GET_CERT_SUBJECT_DN_FAILED, e); - } - catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString())); - throw new ELdapException( - LdapResources.GET_DER_ENCODED_CERT_FAILED, e); - } + * catch (IOException e) { log(ILogger.LL_FAILURE, + * CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString())); throw + * new ELdapException( LdapResources.GET_CERT_SUBJECT_DN_FAILED, e); } + * catch (CertificateEncodingException e) { log(ILogger.LL_FAILURE, + * CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString())); throw + * new ELdapException( LdapResources.GET_DER_ENCODED_CERT_FAILED, e); } */ } public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return map(conn, obj); } public Vector<String> mapAll(LDAPConnection conn, Object obj) - throws ELdapException { + throws ELdapException { Vector<String> v = new Vector<String>(); if (conn == null) @@ -282,20 +275,20 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { try { boolean hasCert = false; boolean hasSubjectName = false; - String[] attrs = new String[] { LDAPv3.NO_ATTRS }; + String[] attrs = new String[] { LDAPv3.NO_ATTRS }; log(ILogger.LL_INFO, "search " + mSearchBase + - " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr); + " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr); + + LDAPSearchResults results = + conn.search(mSearchBase, LDAPv2.SCOPE_SUB, + "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false); - LDAPSearchResults results = - conn.search(mSearchBase, LDAPv2.SCOPE_SUB, - "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false); - while (results.hasMoreElements()) { LDAPEntry entry = results.next(); String dn = entry.getDN(); v.addElement(dn); - CMS.debug("LdapCertSubjMap: dn="+dn); + CMS.debug("LdapCertSubjMap: dn=" + dn); } CMS.debug("LdapCertSubjMap: Number of entries: " + v.size()); } catch (LDAPException e) { @@ -303,11 +296,11 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } @@ -316,13 +309,13 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { } public Vector<String> mapAll(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return mapAll(conn, obj); } private void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCertSubjMap: " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, + "LdapCertSubjMap: " + msg); } /** @@ -344,4 +337,3 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java index 40283e98..4155cad4 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.security.cert.CRLException; import java.util.Vector; @@ -32,16 +31,14 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; - -/** - * Default crl mapper. - * maps the crl to a ldap entry by using components in the issuer name - * to find the CA's entry. - * +/** + * Default crl mapper. maps the crl to a ldap entry by using components in the + * issuer name to find the CA's entry. + * * @version $Revision$, $Date$ */ -public class LdapCrlIssuerCompsMap - extends LdapDNCompsMap implements ILdapMapper { +public class LdapCrlIssuerCompsMap + extends LdapDNCompsMap implements ILdapMapper { ILogger mLogger = CMS.getLogger(); public LdapCrlIssuerCompsMap() { @@ -49,31 +46,31 @@ public class LdapCrlIssuerCompsMap // via configuration } - /** + /** * Constructor. - * - * The DN comps are used to form a LDAP entry to begin a subtree search. - * The filter comps are used to form a search filter for the subtree. - * If none of the DN comps matched, baseDN is used for the subtree. - * If the baseDN is null and none of the DN comps matched, it is an error. - * If none of the DN comps and filter comps matched, it is an error. - * If just the filter comps is null, a base search is performed. * - * @param baseDN The base DN. + * The DN comps are used to form a LDAP entry to begin a subtree search. The + * filter comps are used to form a search filter for the subtree. If none of + * the DN comps matched, baseDN is used for the subtree. If the baseDN is + * null and none of the DN comps matched, it is an error. If none of the DN + * comps and filter comps matched, it is an error. If just the filter comps + * is null, a base search is performed. + * + * @param baseDN The base DN. * @param dnComps Components to form the LDAP base dn for search. * @param filterComps Components to form the LDAP search filter. */ public LdapCrlIssuerCompsMap(String baseDN, ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { + ObjectIdentifier[] filterComps) { init(baseDN, dnComps, filterComps); } /** * constructor using non-standard certificate attribute. */ - public LdapCrlIssuerCompsMap(String crlAttr, String baseDN, - ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { + public LdapCrlIssuerCompsMap(String crlAttr, String baseDN, + ObjectIdentifier[] dnComps, + ObjectIdentifier[] filterComps) { super(crlAttr, baseDN, dnComps, filterComps); } @@ -88,7 +85,7 @@ public class LdapCrlIssuerCompsMap public Vector getDefaultParams() { Vector v = super.getDefaultParams(); - //v.addElement("crlAttr=" + LdapCrlPublisher.LDAP_CRL_ATTR); + // v.addElement("crlAttr=" + LdapCrlPublisher.LDAP_CRL_ATTR); return v; } @@ -99,35 +96,33 @@ public class LdapCrlIssuerCompsMap } protected void init(String baseDN, ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { - //mLdapAttr = LdapCrlPublisher.LDAP_CRL_ATTR; + ObjectIdentifier[] filterComps) { + // mLdapAttr = LdapCrlPublisher.LDAP_CRL_ATTR; super.init(baseDN, dnComps, filterComps); } /** - * Maps a crl to LDAP entry. - * Uses issuer DN components and filter components to form a DN and - * filter for a LDAP search. - * If the formed DN is null the baseDN will be used. - * If the formed DN is null and baseDN is null an error is thrown. - * If the filter is null a base search is performed. - * If both are null an error is thrown. + * Maps a crl to LDAP entry. Uses issuer DN components and filter components + * to form a DN and filter for a LDAP search. If the formed DN is null the + * baseDN will be used. If the formed DN is null and baseDN is null an error + * is thrown. If the filter is null a base search is performed. If both are + * null an error is thrown. * * @param conn - the LDAP connection. * @param obj - the X509Certificate. * @return the result. LdapCertMapResult is also used for CRL. - */ + */ public String - map(LDAPConnection conn, Object obj) - throws ELdapException { + map(LDAPConnection conn, Object obj) + throws ELdapException { if (conn == null) return null; X509CRLImpl crl = (X509CRLImpl) obj; try { String result = null; - X500Name issuerDN = - (X500Name) ((X509CRLImpl) crl).getIssuerDN(); + X500Name issuerDN = + (X500Name) ((X509CRLImpl) crl).getIssuerDN(); CMS.debug("LdapCrlIssuerCompsMap: " + issuerDN.toString()); @@ -136,14 +131,14 @@ public class LdapCrlIssuerCompsMap result = super.map(conn, issuerDN, crlbytes); return result; } catch (CRLException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_DECODE_CRL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CANT_DECODE_CRL", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CRL_FAILED", e.toString())); } } public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return map(conn, obj); } @@ -152,8 +147,7 @@ public class LdapCrlIssuerCompsMap */ private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCrlCompsMap: " + msg); + "LdapCrlCompsMap: " + msg); } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java index a9df7dae..1d01b239 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -46,23 +45,21 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPlugin; - -/** - * Maps a Subject name to an entry in the LDAP server. - * subject name to form the ldap search dn and filter. - * Takes a optional root search dn. - * The DN comps are used to form a LDAP entry to begin a subtree search. - * The filter comps are used to form a search filter for the subtree. - * If none of the DN comps matched, baseDN is used for the subtree. - * If the baseDN is null and none of the DN comps matched, it is an error. - * If none of the DN comps and filter comps matched, it is an error. - * If just the filter comps is null, a base search is performed. - * +/** + * Maps a Subject name to an entry in the LDAP server. subject name to form the + * ldap search dn and filter. Takes a optional root search dn. The DN comps are + * used to form a LDAP entry to begin a subtree search. The filter comps are + * used to form a search filter for the subtree. If none of the DN comps + * matched, baseDN is used for the subtree. If the baseDN is null and none of + * the DN comps matched, it is an error. If none of the DN comps and filter + * comps matched, it is an error. If just the filter comps is null, a base + * search is performed. + * * @version $Revision$, $Date$ */ -public class LdapDNCompsMap - implements ILdapPlugin, IExtendedPluginInfo { - //protected String mLdapAttr = null; +public class LdapDNCompsMap + implements ILdapPlugin, IExtendedPluginInfo { + // protected String mLdapAttr = null; protected String mBaseDN = null; protected ObjectIdentifier[] mDnComps = null; protected ObjectIdentifier[] mFilterComps = null; @@ -71,24 +68,24 @@ public class LdapDNCompsMap private boolean mInited = false; protected IConfigStore mConfig = null; - /** + /** * Constructor. - * - * The DN comps are used to form a LDAP entry to begin a subtree search. - * The filter comps are used to form a search filter for the subtree. - * If none of the DN comps matched, baseDN is used for the subtree. - * If the baseDN is null and none of the DN comps matched, it is an error. - * If none of the DN comps and filter comps matched, it is an error. - * If just the filter comps is null, a base search is performed. * - * @param baseDN The base DN. + * The DN comps are used to form a LDAP entry to begin a subtree search. The + * filter comps are used to form a search filter for the subtree. If none of + * the DN comps matched, baseDN is used for the subtree. If the baseDN is + * null and none of the DN comps matched, it is an error. If none of the DN + * comps and filter comps matched, it is an error. If just the filter comps + * is null, a base search is performed. + * + * @param baseDN The base DN. * @param dnComps Components to form the LDAP base dn for search. * @param filterComps Components to form the LDAP search filter. */ - public LdapDNCompsMap(String ldapAttr, String baseDN, - ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { - //mLdapAttr = ldapAttr; + public LdapDNCompsMap(String ldapAttr, String baseDN, + ObjectIdentifier[] dnComps, + ObjectIdentifier[] filterComps) { + // mLdapAttr = ldapAttr; init(baseDN, dnComps, filterComps); } @@ -102,17 +99,17 @@ public class LdapDNCompsMap return mConfig; } - /** + /** * for initializing from config store. */ - public void init(IConfigStore config) - throws EBaseException { + public void init(IConfigStore config) + throws EBaseException { mConfig = config; String baseDN = mConfig.getString("baseDN"); - ObjectIdentifier[] dnComps = - getCompsFromString(mConfig.getString("dnComps")); - ObjectIdentifier[] filterComps = - getCompsFromString(mConfig.getString("filterComps")); + ObjectIdentifier[] dnComps = + getCompsFromString(mConfig.getString("dnComps")); + ObjectIdentifier[] filterComps = + getCompsFromString(mConfig.getString("filterComps")); init(baseDN, dnComps, filterComps); } @@ -131,12 +128,12 @@ public class LdapDNCompsMap "dnComps;string;Comma-separated list of attributes to put in the DN", "filterComps;string;Comma-separated list of attributes to form the filter", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-mapper-dncompsmapper", + ";configuration-ldappublish-mapper-dncompsmapper", IExtendedPluginInfo.HELP_TEXT + - ";More complex mapper. Used when there is not enough information " + - "in the cert request to form the complete LDAP DN. Using this " + - "plugin, you can specify additional LDAP filters to narrow down the " + - "search" + ";More complex mapper. Used when there is not enough information " + + "in the cert request to form the complete LDAP DN. Using this " + + "plugin, you can specify additional LDAP filters to narrow down the " + + "search" }; return s; @@ -163,14 +160,14 @@ public class LdapDNCompsMap if (mDnComps == null) { v.addElement("dnComps="); } else { - v.addElement("dnComps=" + - mConfig.getString("dnComps")); + v.addElement("dnComps=" + + mConfig.getString("dnComps")); } if (mFilterComps == null) { v.addElement("filterComps="); } else { - v.addElement("filterComps=" + - mConfig.getString("filterComps")); + v.addElement("filterComps=" + + mConfig.getString("filterComps")); } } catch (Exception e) { } @@ -181,8 +178,8 @@ public class LdapDNCompsMap * common initialization routine. */ protected void init(String baseDN, ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { - if (mInited) + ObjectIdentifier[] filterComps) { + if (mInited) return; mBaseDN = baseDN; @@ -191,36 +188,34 @@ public class LdapDNCompsMap if (filterComps != null) mFilterComps = (ObjectIdentifier[]) filterComps.clone(); - // log debug info. + // log debug info. for (int i = 0; i < mDnComps.length; i++) { CMS.debug( - "LdapDNCompsMap: dnComp " + X500NameAttrMap.getDefault().getName(mDnComps[i])); + "LdapDNCompsMap: dnComp " + X500NameAttrMap.getDefault().getName(mDnComps[i])); } for (int i = 0; i < mFilterComps.length; i++) { CMS.debug("LdapDNCompsMap: filterComp " + - X500NameAttrMap.getDefault().getName(mFilterComps[i])); + X500NameAttrMap.getDefault().getName(mFilterComps[i])); } mInited = true; } /** - * Maps a X500 subject name to LDAP entry. - * Uses DN components and filter components to form a DN and - * filter for a LDAP search. - * If the formed DN is null the baseDN will be used. - * If the formed DN is null and baseDN is null an error is thrown. - * If the filter is null a base search is performed. - * If both are null an error is thrown. + * Maps a X500 subject name to LDAP entry. Uses DN components and filter + * components to form a DN and filter for a LDAP search. If the formed DN is + * null the baseDN will be used. If the formed DN is null and baseDN is null + * an error is thrown. If the filter is null a base search is performed. If + * both are null an error is thrown. * - * @param conn the LDAP connection. - * @param x500name the dn to map. - * @param obj the object + * @param conn the LDAP connection. + * @param x500name the dn to map. + * @param obj the object * @exception ELdapException if any LDAP exceptions occured. * @return the DN of the entry. - */ - public String map(LDAPConnection conn, X500Name x500name, - byte[] obj) - throws ELdapException { + */ + public String map(LDAPConnection conn, X500Name x500name, + byte[] obj) + throws ELdapException { try { if (conn == null) return null; @@ -234,17 +229,17 @@ public class LdapDNCompsMap if (dn == null) { // #362332 // if (filter == null) { - // log(ILogger.LL_FAILURE, "No dn and filter formed"); - // throw new ELdapException( - // LdapResources.NO_DN_AND_FILTER_COMPS, - // x500name.toString()); + // log(ILogger.LL_FAILURE, "No dn and filter formed"); + // throw new ELdapException( + // LdapResources.NO_DN_AND_FILTER_COMPS, + // x500name.toString()); // } if (mBaseDN == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_BASE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_NO_BASE")); throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_NO_DN_COMPS_AND_BASEDN", - x500name.toString())); + CMS.getUserMessage("CMS_LDAP_NO_DN_COMPS_AND_BASEDN", + x500name.toString())); } dn = mBaseDN; } @@ -261,23 +256,23 @@ public class LdapDNCompsMap attrs = new String[] { LDAPv3.NO_ATTRS }; log(ILogger.LL_INFO, "searching for " + dn + " " + filter + " " + - ((scope == LDAPv2.SCOPE_SUB) ? "sub" : "base")); + ((scope == LDAPv2.SCOPE_SUB) ? "sub" : "base")); - LDAPSearchResults results = - conn.search(dn, scope, filter, attrs, false); + LDAPSearchResults results = + conn.search(dn, scope, filter, attrs, false); LDAPEntry entry = results.next(); if (results.hasMoreElements()) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", x500name.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", - x500name.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", x500name.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", + x500name.toString())); } if (entry != null) { return entry.getDN(); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", "", x500name.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", "", x500name.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", "null entry")); } @@ -286,11 +281,11 @@ public class LdapDNCompsMap // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } @@ -298,15 +293,16 @@ public class LdapDNCompsMap private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapDNCompsMap: " + msg); + "LdapDNCompsMap: " + msg); } /** * form a dn and filter from component in the cert subject name + * * @param subjName subject name */ public String[] formDNandFilter(X500Name subjName) - throws ELdapException { + throws ELdapException { Vector<RDN> dnRdns = new Vector<RDN>(); SearchFilter filter = new SearchFilter(); X500NameAttrMap attrMap = X500NameAttrMap.getDefault(); @@ -328,16 +324,16 @@ public class LdapDNCompsMap DerValue val = ava.getValue(); AVA newAVA = new AVA(mailOid, val); RDN newRDN = new RDN(new AVA[] { newAVA } - ); + ); - CMS.debug( - "LdapDNCompsMap: Converted " + rdn.toLdapDNString() + " to " + - newRDN.toLdapDNString() + " in DN"); + CMS.debug( + "LdapDNCompsMap: Converted " + rdn.toLdapDNString() + " to " + + newRDN.toLdapDNString() + " in DN"); rdn = newRDN; } dnRdns.addElement(rdn); CMS.debug( - "LdapDNCompsMap: adding dn comp " + rdn.toLdapDNString()); + "LdapDNCompsMap: adding dn comp " + rdn.toLdapDNString()); break; } } @@ -348,29 +344,29 @@ public class LdapDNCompsMap AVA newAVA = new AVA(mailOid, val); CMS.debug( - "LdapDNCompsMap: Converted " + ava.toLdapDNString() + " to " + - newAVA.toLdapDNString() + " in filter"); + "LdapDNCompsMap: Converted " + ava.toLdapDNString() + " to " + + newAVA.toLdapDNString() + " in filter"); ava = newAVA; } filter.addElement(ava.toLdapDNString()); CMS.debug( - "LdapDNCompsMap: adding filter comp " + ava.toLdapDNString()); + "LdapDNCompsMap: adding filter comp " + ava.toLdapDNString()); break; } } - // XXX should be an error when string is null? + // XXX should be an error when string is null? // return to caller to decide. if (dnRdns.size() != 0) { dnStr = new X500Name(dnRdns).toLdapDNString(); - } + } if (filter.size() != 0) { filterStr = filter.toFilterString(); } } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_FROM_SUBJ_TO_DN", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_FROM_SUBJ_TO_DN", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FORM_DN_COMPS_FAILED", e.toString())); } @@ -386,12 +382,13 @@ public class LdapDNCompsMap } /** - * class for forming search filters for ldap searching from - * name=value components. components are anded. + * class for forming search filters for ldap searching from name=value + * components. components are anded. */ public static class SearchFilter extends Vector<Object> { private static final long serialVersionUID = 4210302171279891828L; + public String toFilterString() { StringBuffer buf = new StringBuffer(); @@ -412,21 +409,22 @@ public class LdapDNCompsMap } /** - * useful routine for parsing components given as string to - * arrays of objectidentifiers. - * The string is expected to be comma separated AVA attribute names. - * For example, "uid,cn,o,ou". Attribute names are case insensitive. + * useful routine for parsing components given as string to arrays of + * objectidentifiers. The string is expected to be comma separated AVA + * attribute names. For example, "uid,cn,o,ou". Attribute names are case + * insensitive. + * * @param val the string specifying the comps * @exception ELdapException if any error occurs. */ public static ObjectIdentifier[] getCompsFromString(String val) - throws ELdapException { + throws ELdapException { StringTokenizer tokens; ObjectIdentifier[] comps; String attr; ObjectIdentifier oid; - if (val == null || val.length() == 0) + if (val == null || val.length() == 0) return new ObjectIdentifier[0]; tokens = new StringTokenizer(val, ", \t\n\r"); @@ -439,7 +437,7 @@ public class LdapDNCompsMap while (tokens.hasMoreTokens()) { attr = tokens.nextToken().trim(); // mail -> E hack to look for E in subject names. - if (attr.equalsIgnoreCase("mail")) + if (attr.equalsIgnoreCase("mail")) attr = "E"; oid = X500NameAttrMap.getDefault().getOid(attr); if (oid != null) { @@ -453,4 +451,3 @@ public class LdapDNCompsMap } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java index e3c2fa1b..c47a3647 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java @@ -20,7 +20,6 @@ package com.netscape.cms.publish.mappers; - /////////////////////// // import statements // /////////////////////// @@ -56,38 +55,30 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; - ////////////////////// // class definition // ////////////////////// -/** - * Maps a request to an entry in the LDAP server. - * Takes a dnPattern to form the baseDN from the - * request attributes and certificate subject name. - * Does a base search for the entry in the directory - * to publish the cert or crl. The restriction of - * this mapper is that the ldap dn components must - * be part of certificate subject name or request - * attributes or constant. The difference of this - * mapper and LdapSimpleMap is that if the ldap - * entry is not found, it has the option to create - * the ldap entry given the dn and attributes - * formulated. - * +/** + * Maps a request to an entry in the LDAP server. Takes a dnPattern to form the + * baseDN from the request attributes and certificate subject name. Does a base + * search for the entry in the directory to publish the cert or crl. The + * restriction of this mapper is that the ldap dn components must be part of + * certificate subject name or request attributes or constant. The difference of + * this mapper and LdapSimpleMap is that if the ldap entry is not found, it has + * the option to create the ldap entry given the dn and attributes formulated. + * * @version $Revision$, $Date$ */ public class LdapEnhancedMap - implements ILdapMapper, IExtendedPluginInfo { - //////////////////////// + implements ILdapMapper, IExtendedPluginInfo { + // ////////////////////// // default parameters // - //////////////////////// - + // ////////////////////// - - ////////////////////////////////////// + // //////////////////////////////////// // local LdapEnhancedMap parameters // - ////////////////////////////////////// + // //////////////////////////////////// private boolean mInited = false; @@ -102,14 +93,14 @@ public class LdapEnhancedMap protected String[] mLdapValues = null; - //////////////////////////// + // ////////////////////////// // ILdapMapper parameters // - //////////////////////////// + // ////////////////////////// /* mapper plug-in fields */ - protected static final String PROP_DNPATTERN = "dnPattern"; + protected static final String PROP_DNPATTERN = "dnPattern"; protected static final String PROP_CREATE = "createEntry"; - // the object class of the entry to be created. xxxx not done yet + // the object class of the entry to be created. xxxx not done yet protected static final String PROP_OBJCLASS = "objectClass"; // req/cert/ext attribute --> directory attribute table protected static final String PROP_ATTRNUM = "attrNum"; @@ -119,10 +110,10 @@ public class LdapEnhancedMap /* mapper plug-in fields initialization values */ private static final int DEFAULT_NUM_ATTRS = 1; - /* Holds mapper plug-in fields accepted by this implementation. - * This list is passed to the configuration console so configuration - * for instances of this implementation can be configured through the - * console. + /* + * Holds mapper plug-in fields accepted by this implementation. This list is + * passed to the configuration console so configuration for instances of + * this implementation can be configured through the console. */ private static Vector<String> defaultParams = new Vector<String>(); @@ -145,9 +136,9 @@ public class LdapEnhancedMap /* miscellaneous constants local to this mapper plug-in */ // default dn pattern if left blank or not set in the config - public static final String DEFAULT_DNPATTERN = - "UID=$req.HTTP_PARAMS.UID, " + - "OU=people, O=$subj.o, C=$subj.c"; + public static final String DEFAULT_DNPATTERN = + "UID=$req.HTTP_PARAMS.UID, " + + "OU=people, O=$subj.o, C=$subj.c"; private static final int MAX_ATTRS = 10; protected static final int DEFAULT_ATTRNUM = 1; @@ -155,21 +146,19 @@ public class LdapEnhancedMap protected IConfigStore mConfig = null; protected AVAPattern[] mPatterns = null; - //////////////////////////////////// + // ////////////////////////////////// // IExtendedPluginInfo parameters // - //////////////////////////////////// - - + // ////////////////////////////////// - /////////////////////// + // ///////////////////// // Logger parameters // - /////////////////////// + // ///////////////////// private ILogger mLogger = CMS.getLogger(); - ///////////////////// + // /////////////////// // default methods // - ///////////////////// + // /////////////////// /** * Default constructor, initialization must follow. @@ -177,22 +166,22 @@ public class LdapEnhancedMap public LdapEnhancedMap() { } - /////////////////////////////////// + // ///////////////////////////////// // local LdapEnhancedMap methods // - /////////////////////////////////// + // ///////////////////////////////// /** * common initialization routine. */ protected void init(String dnPattern) - throws EBaseException { + throws EBaseException { if (mInited) { return; } mDnPattern = dnPattern; if (mDnPattern == null || - mDnPattern.length() == 0) { + mDnPattern.length() == 0) { mDnPattern = DEFAULT_DNPATTERN; } @@ -202,11 +191,11 @@ public class LdapEnhancedMap String[] mCertAttrs = mPattern.getCertAttrs(); } catch (ELdapException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", - dnPattern, e.toString())); + CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", + dnPattern, e.toString())); throw new EBaseException( - "falied to init with pattern " + - dnPattern + " " + e); + "falied to init with pattern " + + dnPattern + " " + e); } mInited = true; @@ -214,43 +203,44 @@ public class LdapEnhancedMap /** * form a dn from component in the request and cert subject name + * * @param req The request * @param obj The certificate or crl */ private String formDN(IRequest req, Object obj) - throws EBaseException { + throws EBaseException { CertificateExtensions certExt = null; X500Name subjectDN = null; try { X509Certificate cert = (X509Certificate) obj; - subjectDN = + subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); CMS.debug( - "LdapEnhancedMap: cert subject dn:" + - subjectDN.toString()); + "LdapEnhancedMap: cert subject dn:" + + subjectDN.toString()); - //certExt = (CertificateExtensions) - // ((X509CertImpl)cert).get( - // X509CertInfo.EXTENSIONS); + // certExt = (CertificateExtensions) + // ((X509CertImpl)cert).get( + // X509CertInfo.EXTENSIONS); X509CertInfo info = (X509CertInfo) - ((X509CertImpl) cert).get( - X509CertImpl.NAME + - "." + - X509CertImpl.INFO); + ((X509CertImpl) cert).get( + X509CertImpl.NAME + + "." + + X509CertImpl.INFO); certExt = (CertificateExtensions) info.get(CertificateExtensions.NAME); } catch (java.security.cert.CertificateParsingException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); + CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); + CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); } catch (java.security.cert.CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); + CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); } catch (ClassCastException e) { try { @@ -260,14 +250,14 @@ public class LdapEnhancedMap ((X509CRLImpl) crl).getIssuerDN(); CMS.debug( - "LdapEnhancedMap: crl issuer dn: " + + "LdapEnhancedMap: crl issuer dn: " + - subjectDN.toString()); + subjectDN.toString()); } catch (ClassCastException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED", - ((req == null) ? "" - : req.getRequestId().toString()))); + CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED", + ((req == null) ? "" + : req.getRequestId().toString()))); return null; } } @@ -289,26 +279,26 @@ public class LdapEnhancedMap return dn; } catch (ELdapException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_FORM_DN", - ((req == null) ? "" - : req.getRequestId().toString()), e.toString())); + CMS.getLogMessage("PUBLISH_CANT_FORM_DN", + ((req == null) ? "" + : req.getRequestId().toString()), e.toString())); throw new EBaseException( "failed to form dn for request: " + - ((req == null) ? "" - : req.getRequestId().toString()) + - " " + e); + ((req == null) ? "" + : req.getRequestId().toString()) + + " " + e); } } private void createEntry(LDAPConnection conn, String dn) - throws LDAPException { + throws LDAPException { LDAPAttributeSet attrs = new LDAPAttributeSet(); // OID 2.5.6.16 - String caOc[] = { "top", - "person", - "organizationalPerson", + String caOc[] = { "top", + "person", + "organizationalPerson", "inetOrgPerson" }; DN dnobj = new DN(dn); @@ -319,10 +309,10 @@ public class LdapEnhancedMap attrs.add(new LDAPAttribute("objectclass", caOc)); for (int i = 0; i < mNumAttrs; i++) { - if (mLdapNames[i] != null && - !mLdapNames[i].trim().equals("") && - mLdapValues[i] != null && - !mLdapValues[i].trim().equals("")) { + if (mLdapNames[i] != null && + !mLdapNames[i].trim().equals("") && + mLdapValues[i] != null && + !mLdapValues[i].trim().equals("")) { attrs.add(new LDAPAttribute(mLdapNames[i], mLdapValues[i])); } @@ -333,18 +323,17 @@ public class LdapEnhancedMap conn.add(entry); } - ///////////////////////// + // /////////////////////// // ILdapMapper methods // - ///////////////////////// + // /////////////////////// - /** + /** * for initializing from config store. - * - * implementation for extended - * ILdapPlugin interface method + * + * implementation for extended ILdapPlugin interface method */ - public void init(IConfigStore config) - throws EBaseException { + public void init(IConfigStore config) + throws EBaseException { mConfig = config; mDnPattern = mConfig.getString(PROP_DNPATTERN, @@ -364,16 +353,16 @@ public class LdapEnhancedMap for (int i = 0; i < mNumAttrs; i++) { mLdapNames[i] = mConfig.getString(PROP_ATTR_NAME + - Integer.toString(i), - ""); + Integer.toString(i), + ""); mLdapPatterns[i] = mConfig.getString(PROP_ATTR_PATTERN + - Integer.toString(i), - ""); + Integer.toString(i), + ""); if (mLdapPatterns[i] != null && - !mLdapPatterns[i].trim().equals("")) { + !mLdapPatterns[i].trim().equals("")) { mPatterns[i] = new AVAPattern(mLdapPatterns[i]); } } @@ -381,9 +370,8 @@ public class LdapEnhancedMap init(mDnPattern); } - /** - * implementation for extended - * ILdapPlugin interface method + /** + * implementation for extended ILdapPlugin interface method */ public IConfigStore getConfigStore() { return mConfig; @@ -407,34 +395,34 @@ public class LdapEnhancedMap try { if (mDnPattern == null) { v.addElement(PROP_DNPATTERN + "="); - }else { + } else { v.addElement(PROP_DNPATTERN + "=" + - mConfig.getString(PROP_DNPATTERN)); + mConfig.getString(PROP_DNPATTERN)); } v.addElement(PROP_CREATE + "=" + - mConfig.getBoolean(PROP_CREATE, - true)); + mConfig.getBoolean(PROP_CREATE, + true)); v.addElement(PROP_ATTRNUM + "=" + - mConfig.getInteger(PROP_ATTRNUM, - DEFAULT_NUM_ATTRS)); + mConfig.getInteger(PROP_ATTRNUM, + DEFAULT_NUM_ATTRS)); for (int i = 0; i < mNumAttrs; i++) { if (mLdapNames[i] != null) { v.addElement(PROP_ATTR_NAME + i + - "=" + mLdapNames[i]); + "=" + mLdapNames[i]); } else { v.addElement(PROP_ATTR_NAME + i + - "="); + "="); } if (mLdapPatterns[i] != null) { v.addElement(PROP_ATTR_PATTERN + i + - "=" + mLdapPatterns[i]); + "=" + mLdapPatterns[i]); } else { v.addElement(PROP_ATTR_PATTERN + i + - "="); + "="); } } } catch (Exception e) { @@ -444,29 +432,29 @@ public class LdapEnhancedMap } /** - * Maps an X500 subject name to an LDAP entry. - * Uses DN pattern to form a DN for an LDAP base search. + * Maps an X500 subject name to an LDAP entry. Uses DN pattern to form a DN + * for an LDAP base search. * - * @param conn the LDAP connection. - * @param obj the object to map. - * @exception ELdapException if any LDAP exceptions occurred. - */ + * @param conn the LDAP connection. + * @param obj the object to map. + * @exception ELdapException if any LDAP exceptions occurred. + */ public String map(LDAPConnection conn, Object obj) - throws ELdapException { + throws ELdapException { return map(conn, null, obj); } /** - * Maps an X500 subject name to an LDAP entry. - * Uses DN pattern to form a DN for an LDAP base search. + * Maps an X500 subject name to an LDAP entry. Uses DN pattern to form a DN + * for an LDAP base search. * - * @param conn the LDAP connection. - * @param req the request to map. - * @param obj the object to map. - * @exception ELdapException if any LDAP exceptions occurred. - */ + * @param conn the LDAP connection. + * @param req the request to map. + * @param obj the object to map. + * @exception ELdapException if any LDAP exceptions occurred. + */ public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { if (conn == null) { return null; } @@ -477,7 +465,7 @@ public class LdapEnhancedMap dn = formDN(req, obj); if (dn == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_NOT_FORMED")); + CMS.getLogMessage("PUBLISH_DN_NOT_FORMED")); String s1 = ""; @@ -494,9 +482,9 @@ public class LdapEnhancedMap String[] attrs = new String[] { LDAPv3.NO_ATTRS }; log(ILogger.LL_INFO, - "searching for dn: " + - dn + " filter:" + - filter + " scope: base"); + "searching for dn: " + + dn + " filter:" + + filter + " scope: base"); LDAPSearchResults results = conn.search(dn, scope, @@ -508,27 +496,27 @@ public class LdapEnhancedMap if (results.hasMoreElements()) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", - dn + - ((req == null) ? "" - : req.getRequestId().toString()))); + CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", + dn + + ((req == null) ? "" + : req.getRequestId().toString()))); throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", - ((req == null) ? "" - : req.getRequestId().toString()))); + CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", + ((req == null) ? "" + : req.getRequestId().toString()))); } if (entry != null) { return entry.getDN(); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", - dn + - ((req == null) ? "" - : req.getRequestId().toString()))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", + dn + + ((req == null) ? "" + : req.getRequestId().toString()))); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", "null entry")); } } catch (LDAPException e) { @@ -536,112 +524,111 @@ public class LdapEnhancedMap // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else if (e.getLDAPResultCode() == - LDAPException.NO_SUCH_OBJECT && mCreateEntry) { + LDAPException.NO_SUCH_OBJECT && mCreateEntry) { try { createEntry(conn, dn); log(ILogger.LL_INFO, - "Entry " + - dn + - " Created"); + "Entry " + + dn + + " Created"); return dn; } catch (LDAPException e1) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", - dn, - e.toString())); + CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", + dn, + e.toString())); log(ILogger.LL_FAILURE, - "Entry is not created. " + - "This may because there are " + - "entries in the directory " + - "hierachy not exit."); + "Entry is not created. " + + "This may because there are " + + "entries in the directory " + + "hierachy not exit."); throw new ELdapException( CMS.getUserMessage("CMS_LDAP_CREATE_ENTRY", dn)); } } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", - dn, - e.toString())); + CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", + dn, + e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } catch (EBaseException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT", - e.toString())); + CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT", + e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } - ///////////////////////////////// + // /////////////////////////////// // IExtendedPluginInfo methods // - ///////////////////////////////// + // /////////////////////////////// public String[] getExtendedPluginInfo(Locale locale) { Vector<String> v = new Vector<String>(); v.addElement(PROP_DNPATTERN + - ";string;Describes how to form the Ldap " + - "Subject name in the directory. " + - "Example 1: 'uid=CertMgr, o=Fedora'. " + - "Example 2: 'uid=$req.HTTP_PARAMS.uid, " + - "E=$ext.SubjectAlternativeName.RFC822Name, " + - "ou=$subj.ou'. " + - "$req means: take the attribute from the " + - "request. " + - "$subj means: take the attribute from the " + - "certificate subject name. " + - "$ext means: take the attribute from the " + - "certificate extension"); + ";string;Describes how to form the Ldap " + + "Subject name in the directory. " + + "Example 1: 'uid=CertMgr, o=Fedora'. " + + "Example 2: 'uid=$req.HTTP_PARAMS.uid, " + + "E=$ext.SubjectAlternativeName.RFC822Name, " + + "ou=$subj.ou'. " + + "$req means: take the attribute from the " + + "request. " + + "$subj means: take the attribute from the " + + "certificate subject name. " + + "$ext means: take the attribute from the " + + "certificate extension"); v.addElement(PROP_CREATE + - ";boolean;If checked, An entry will be " + - "created automatically"); + ";boolean;If checked, An entry will be " + + "created automatically"); v.addElement(PROP_ATTRNUM + - ";string;How many attributes to add."); + ";string;How many attributes to add."); v.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-mapper-enhancedmapper"); + ";configuration-ldappublish-mapper-enhancedmapper"); v.addElement(IExtendedPluginInfo.HELP_TEXT + - ";Describes how to form the LDAP DN of the " + - "entry to publish to"); + ";Describes how to form the LDAP DN of the " + + "entry to publish to"); for (int i = 0; i < MAX_ATTRS; i++) { v.addElement(PROP_ATTR_NAME + - Integer.toString(i) + - ";string;" + - "The name of LDAP attribute " + - "to be added. e.g. mail"); + Integer.toString(i) + + ";string;" + + "The name of LDAP attribute " + + "to be added. e.g. mail"); v.addElement(PROP_ATTR_PATTERN + - Integer.toString(i) + - ";string;" + - "How to create the LDAP attribute value. " + - "e.g. $req.HTTP_PARAMS.csrRequestorEmail, " + - "$subj.E or " + - "$ext.SubjectAlternativeName.RFC822Name"); + Integer.toString(i) + + ";string;" + + "How to create the LDAP attribute value. " + + "e.g. $req.HTTP_PARAMS.csrRequestorEmail, " + + "$subj.E or " + + "$ext.SubjectAlternativeName.RFC822Name"); } String params[] = - com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); + com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); return params; } - //////////////////// + // ////////////////// // Logger methods // - //////////////////// + // ////////////////// private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapEnhancedMapper: " + msg); + "LdapEnhancedMapper: " + msg); } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java index 192b1d30..0ac56781 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Locale; @@ -45,19 +44,17 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; - -/** - * Maps a request to an entry in the LDAP server. - * Takes a dnPattern to form the baseDN from the request attributes - * and certificate subject name.Do a base search for the entry - * in the directory to publish the cert or crl. - * The restriction of this mapper is that the ldap dn components must - * be part of certificate subject name or request attributes or constant. - * +/** + * Maps a request to an entry in the LDAP server. Takes a dnPattern to form the + * baseDN from the request attributes and certificate subject name.Do a base + * search for the entry in the directory to publish the cert or crl. The + * restriction of this mapper is that the ldap dn components must be part of + * certificate subject name or request attributes or constant. + * * @version $Revision$, $Date$ */ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { - protected static final String PROP_DNPATTERN = "dnPattern"; + protected static final String PROP_DNPATTERN = "dnPattern"; protected String mDnPattern = null; private ILogger mLogger = CMS.getLogger(); @@ -67,20 +64,20 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { /* the subject DN pattern */ protected MapDNPattern mPattern = null; - /* the list of request attriubutes to retrieve*/ + /* the list of request attriubutes to retrieve */ protected String[] mReqAttrs = null; - /* the list of cert attriubutes to retrieve*/ + /* the list of cert attriubutes to retrieve */ protected String[] mCertAttrs = null; /* default dn pattern if left blank or not set in the config */ - public static final String DEFAULT_DNPATTERN = - "UID=$req.HTTP_PARAMS.UID, OU=people, O=$subj.o, C=$subj.c"; + public static final String DEFAULT_DNPATTERN = + "UID=$req.HTTP_PARAMS.UID, OU=people, O=$subj.o, C=$subj.c"; - /** + /** * Constructor. - * - * @param dnPattern The base DN. + * + * @param dnPattern The base DN. */ public LdapSimpleMap(String dnPattern) { try { @@ -88,7 +85,7 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); } - + } /** @@ -100,11 +97,11 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { String params[] = { "dnPattern;string;Describes how to form the Ldap Subject name in" + - " the directory. Example 1: 'uid=CertMgr, o=Fedora'. Example 2:" + - " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " + - "$req means: take the attribute from the request. " + - "$subj means: take the attribute from the certificate subject name. " + - "$ext means: take the attribute from the certificate extension", + " the directory. Example 1: 'uid=CertMgr, o=Fedora'. Example 2:" + + " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " + + "$req means: take the attribute from the request. " + + "$subj means: take the attribute from the certificate subject name. " + + "$ext means: take the attribute from the certificate extension", IExtendedPluginInfo.HELP_TOKEN + ";configuration-ldappublish-mapper-simplemapper", IExtendedPluginInfo.HELP_TEXT + ";Describes how to form the LDAP DN of the entry to publish to" }; @@ -116,11 +113,11 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { return mConfig; } - /** + /** * for initializing from config store. */ - public void init(IConfigStore config) - throws EBaseException { + public void init(IConfigStore config) + throws EBaseException { mConfig = config; String dnPattern = mConfig.getString(PROP_DNPATTERN); @@ -131,12 +128,12 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { * common initialization routine. */ protected void init(String dnPattern) - throws EBaseException { - if (mInited) + throws EBaseException { + if (mInited) return; mDnPattern = dnPattern; - if (mDnPattern == null || mDnPattern.length() == 0) + if (mDnPattern == null || mDnPattern.length() == 0) mDnPattern = DEFAULT_DNPATTERN; try { mPattern = new MapDNPattern(mDnPattern); @@ -145,7 +142,7 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { } catch (ELdapException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", dnPattern, e.toString())); - throw new EBaseException("falied to init with pattern " + + throw new EBaseException("falied to init with pattern " + dnPattern + " " + e); } @@ -153,29 +150,29 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { } /** - * Maps a X500 subject name to LDAP entry. - * Uses DN pattern to form a DN for a LDAP base search. + * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for + * a LDAP base search. * - * @param conn the LDAP connection. - * @param obj the object to map. + * @param conn the LDAP connection. + * @param obj the object to map. * @exception ELdapException if any LDAP exceptions occured. - */ + */ public String map(LDAPConnection conn, Object obj) - throws ELdapException { + throws ELdapException { return map(conn, null, obj); } /** - * Maps a X500 subject name to LDAP entry. - * Uses DN pattern to form a DN for a LDAP base search. + * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for + * a LDAP base search. * - * @param conn the LDAP connection. - * @param req the request to map. - * @param obj the object to map. + * @param conn the LDAP connection. + * @param req the request to map. + * @param obj the object to map. * @exception ELdapException if any LDAP exceptions occured. - */ + */ public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { if (conn == null) return null; String dn = null; @@ -198,22 +195,22 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { String[] attrs = new String[] { LDAPv3.NO_ATTRS }; log(ILogger.LL_INFO, "searching for dn: " + dn + " filter:" - + filter + " scope: base"); + + filter + " scope: base"); - LDAPSearchResults results = - conn.search(dn, scope, filter, attrs, false); + LDAPSearchResults results = + conn.search(dn, scope, filter, attrs, false); LDAPEntry entry = results.next(); if (results.hasMoreElements()) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn, ((req == null) ? "" : req.getRequestId().toString()))); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", - ((req == null) ? "" : req.getRequestId().toString()))); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn, ((req == null) ? "" : req.getRequestId().toString()))); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", + ((req == null) ? "" : req.getRequestId().toString()))); } if (entry != null) return entry.getDN(); else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn, ((req == null) ? "" : req.getRequestId().toString()))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn, ((req == null) ? "" : req.getRequestId().toString()))); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", "null entry")); } @@ -224,7 +221,7 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "", e.toString())); @@ -238,6 +235,7 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { /** * form a dn from component in the request and cert subject name + * * @param req The request * @param obj The certificate or crl */ @@ -249,15 +247,15 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { try { X509Certificate cert = (X509Certificate) obj; - subjectDN = + subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); CMS.debug("LdapSimpleMap: cert subject dn:" + subjectDN.toString()); - //certExt = (CertificateExtensions) - // ((X509CertImpl)cert).get(X509CertInfo.EXTENSIONS); + // certExt = (CertificateExtensions) + // ((X509CertImpl)cert).get(X509CertInfo.EXTENSIONS); X509CertInfo info = (X509CertInfo) - ((X509CertImpl) cert).get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + ((X509CertImpl) cert).get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); certExt = (CertificateExtensions) info.get( CertificateExtensions.NAME); @@ -271,15 +269,15 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { try { X509CRLImpl crl = (X509CRLImpl) obj; - subjectDN = + subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN(); CMS.debug("LdapSimpleMap: crl issuer dn: " + - subjectDN.toString()); - }catch (ClassCastException ex) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED", - ((req == null) ? "" : req.getRequestId().toString()))); + subjectDN.toString()); + } catch (ClassCastException ex) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED", + ((req == null) ? "" : req.getRequestId().toString()))); return null; } } @@ -315,9 +313,9 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { try { if (mDnPattern == null) { v.addElement(PROP_DNPATTERN + "="); - }else { + } else { v.addElement(PROP_DNPATTERN + "=" + - mConfig.getString(PROP_DNPATTERN)); + mConfig.getString(PROP_DNPATTERN)); } } catch (Exception e) { } @@ -326,8 +324,7 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapSimpleMapper: " + msg); + "LdapSimpleMapper: " + msg); } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java index 667a7c5a..7be61610 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.io.IOException; import java.io.PushbackReader; import java.io.StringReader; @@ -42,26 +41,28 @@ import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.publish.ECompSyntaxErr; import com.netscape.certsrv.request.IRequest; - /** - * class for parsing a DN pattern used to construct a ldap dn from - * request attributes and cert subject name.<p> + * class for parsing a DN pattern used to construct a ldap dn from request + * attributes and cert subject name. + * <p> + * + * dnpattern is a string representing a ldap dn pattern to formulate from the + * certificate subject name attributes and request attributes . If empty or not + * set, the certificate subject name will be used as the ldap dn. + * <p> * - * dnpattern is a string representing a ldap dn pattern to formulate from - * the certificate subject name attributes and request attributes . - * If empty or not set, the certificate subject name - * will be used as the ldap dn. <p> + * The syntax is * - * The syntax is * <pre> - * dnPattern := rdnPattern *[ "," rdnPattern ] - * rdnPattern := avaPattern *[ "+" avaPattern ] + * dnPattern := rdnPattern *[ "," rdnPattern ] + * rdnPattern := avaPattern *[ "+" avaPattern ] * avaPattern := name "=" value | - * name "=" "$subj" "." attrName [ "." attrNumber ] | - * name "=" "$ext" "." extName [ "." nameType ] [ "." attrNumber ] - * name "=" "$req" "." attrName [ "." attrNumber ] | - * "$rdn" "." number + * name "=" "$subj" "." attrName [ "." attrNumber ] | + * name "=" "$ext" "." extName [ "." nameType ] [ "." attrNumber ] + * name "=" "$req" "." attrName [ "." attrNumber ] | + * "$rdn" "." number * </pre> + * * <pre> * Example1: <i>cn=Certificate Manager,ou=people,o=mcom.com</i> * cert subject name: dn: CN=Certificate Manager, OU=people, O=mcom.com @@ -72,7 +73,7 @@ import com.netscape.certsrv.request.IRequest; * <p> * note: Subordinate ca enrollment will use ca mapper. Use predicate * to distinguish the ca itself and the subordinates. - * + * * Example2: <i>UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, OU=people, , O=mcom.com</i> * cert subject name: dn: UID=jjames, OU=IS, OU=people, , O=mcom.com * request attributes: uid: cmanager @@ -97,10 +98,10 @@ import com.netscape.certsrv.request.IRequest; * O = the string mcom.com. <br> * <p> * </pre> - * If an request attribute or subject DN component does not exist, - * the attribute is skipped. There is potential risk that a wrong dn - * will be mapped into. - * + * + * If an request attribute or subject DN component does not exist, the attribute + * is skipped. There is potential risk that a wrong dn will be mapped into. + * * @version $Revision$, $Date$ */ class MapAVAPattern { @@ -120,26 +121,28 @@ class MapAVAPattern { "EDIName", "URIName", "IPAddress", - "OIDName"}; + "OIDName" }; private static final char[] endChars = new char[] { '+', ',' }; - private static final LdapV3DNStrConverter mLdapDNStrConverter = - new LdapV3DNStrConverter(); + private static final LdapV3DNStrConverter mLdapDNStrConverter = + new LdapV3DNStrConverter(); - /* the list of request attributes needed by this AVA */ + /* the list of request attributes needed by this AVA */ protected String[] mReqAttrs = null; - /* the list of cert attributes needed by this AVA*/ + /* the list of cert attributes needed by this AVA */ protected String[] mCertAttrs = null; /* value type */ protected String mType = null; /* the attribute in the AVA pair */ - protected String mAttr = null; + protected String mAttr = null; - /* value - could be name of a request attribute or - * cert subject dn attribute. */ + /* + * value - could be name of a request attribute or cert subject dn + * attribute. + */ protected String mValue = null; /* value type - general name type of an extension attribute if any. */ @@ -154,47 +157,47 @@ class MapAVAPattern { protected String mTestDN = null; public MapAVAPattern(String component) - throws ELdapException { - if (component == null || component.length() == 0) + throws ELdapException { + if (component == null || component.length() == 0) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", component)); parse(new PushbackReader(new StringReader(component))); } - public MapAVAPattern(PushbackReader in) - throws ELdapException { + public MapAVAPattern(PushbackReader in) + throws ELdapException { parse(in); } private void parse(PushbackReader in) - throws ELdapException { + throws ELdapException { int c; // mark ava beginning. // skip spaces - //System.out.println("============ AVAPattern Begin ==========="); - //System.out.println("skip spaces"); + // System.out.println("============ AVAPattern Begin ==========="); + // System.out.println("skip spaces"); try { - while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces read "+(char)c); + while ((c = in.read()) == ' ' || c == '\t') {// System.out.println("spaces read "+(char)c); ; } } catch (IOException e) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); } - if (c == -1) + if (c == -1) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); - // $rdn "." number syntax. + // $rdn "." number syntax. if (c == '$') { - //System.out.println("$rdn syntax"); + // System.out.println("$rdn syntax"); mType = TYPE_RDN; try { - if (in.read() != 'r' || - in.read() != 'd' || - in.read() != 'n' || - in.read() != '.') + if (in.read() != 'r' || + in.read() != 'd' || + in.read() != 'n' || + in.read() != '.') throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn")); } catch (IOException e) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn")); @@ -204,7 +207,7 @@ class MapAVAPattern { try { while ((c = in.read()) != ',' && c != -1 && c != '+') { - //System.out.println("rdnNumber read "+(char)c); + // System.out.println("rdnNumber read "+(char)c); rdnNumberBuf.append((char) c); } if (c != -1) // either ',' or '+' @@ -216,7 +219,7 @@ class MapAVAPattern { String rdnNumber = rdnNumberBuf.toString().trim(); - if (rdnNumber.length() == 0) + if (rdnNumber.length() == 0) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "$rdn number not set in ava pattern")); try { mElement = Integer.parseInt(rdnNumber) - 1; @@ -226,20 +229,20 @@ class MapAVAPattern { return; } - // name "=" ... syntax. + // name "=" ... syntax. - // read name - //System.out.println("reading name"); + // read name + // System.out.println("reading name"); - StringBuffer attrBuf = new StringBuffer(); + StringBuffer attrBuf = new StringBuffer(); try { while (c != '=' && c != -1 && c != ',' && c != '+') { attrBuf.append((char) c); c = in.read(); - //System.out.println("name read "+(char)c); - } - if (c == ',' || c == '+') + // System.out.println("name read "+(char)c); + } + if (c == ',' || c == '+') in.unread(c); } catch (IOException e) { throw new ELdapException( @@ -248,39 +251,39 @@ class MapAVAPattern { if (c != '=') throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Missing \"=\" in ava pattern")); - // read value - //System.out.println("reading value"); + // read value + // System.out.println("reading value"); - // skip spaces - //System.out.println("skip spaces for value"); + // skip spaces + // System.out.println("skip spaces for value"); try { - while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces2 read "+(char)c); + while ((c = in.read()) == ' ' || c == '\t') {// System.out.println("spaces2 read "+(char)c); ; } } catch (IOException e) { throw new ELdapException( CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } - if (c == -1) + if (c == -1) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "no value after = in ava pattern")); if (c == '$') { - // check for $subj $ext or $req + // check for $subj $ext or $req try { c = in.read(); - //System.out.println("check $dn or $attr read "+(char)c); + // System.out.println("check $dn or $attr read "+(char)c); } catch (IOException e) { throw new ELdapException( CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } - if (c == -1) + if (c == -1) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "expecting $subj or $req in ava pattern")); if (c == 'r') { try { - if (in.read() != 'e' || - in.read() != 'q' || - in.read() != '.') + if (in.read() != 'e' || + in.read() != 'q' || + in.read() != '.') throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "expecting $req in ava pattern")); } catch (IOException e) { @@ -288,13 +291,13 @@ class MapAVAPattern { CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } mType = TYPE_REQ; - //System.out.println("---- mtype $req"); + // System.out.println("---- mtype $req"); } else if (c == 's') { try { - if (in.read() != 'u' || - in.read() != 'b' || - in.read() != 'j' || - in.read() != '.') + if (in.read() != 'u' || + in.read() != 'b' || + in.read() != 'j' || + in.read() != '.') throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "expecting $subj in ava pattern")); } catch (IOException e) { @@ -302,43 +305,40 @@ class MapAVAPattern { CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } mType = TYPE_SUBJ; - //System.out.println("----- mtype $subj"); + // System.out.println("----- mtype $subj"); } else if (c == 'e') { try { - if (in.read() != 'x' || - in.read() != 't' || - in.read() != '.') - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + if (in.read() != 'x' || + in.read() != 't' || + in.read() != '.') + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "expecting $ext in ava pattern")); } catch (IOException e) { throw new ELdapException( CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } mType = TYPE_EXT; - //System.out.println("----- mtype $ext"); + // System.out.println("----- mtype $ext"); } else { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "unknown keyword. expecting $subj $ext or $req.")); + "unknown keyword. expecting $subj $ext or $req.")); } - // get request attr name of subject dn pattern from above. + // get request attr name of subject dn pattern from above. String attrName = attrBuf.toString().trim(); - //System.out.println("----- attrName "+attrName); - if (attrName.length() == 0) + // System.out.println("----- attrName "+attrName); + if (attrName.length() == 0) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "attribute name expected")); - mAttr = attrName; + mAttr = attrName; /* - try { - ObjectIdentifier attrOid = - mLdapDNStrConverter.parseAVAKeyword(attrName); - mAttr = mLdapDNStrConverter.encodeOID(attrOid); - //System.out.println("----- mAttr "+mAttr); - } - catch (IOException e) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.toString())); - } + * try { ObjectIdentifier attrOid = + * mLdapDNStrConverter.parseAVAKeyword(attrName); mAttr = + * mLdapDNStrConverter.encodeOID(attrOid); + * //System.out.println("----- mAttr "+mAttr); } catch (IOException + * e) { throw new ECompSyntaxErr(CMS.getUserMessage( + * "CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.toString())); } */ // get request attribute or cert subject dn attribute @@ -346,44 +346,44 @@ class MapAVAPattern { StringBuffer valueBuf = new StringBuffer(); try { - while ((c = in.read()) != ',' && - c != -1 && c != '.' && c != '+') { - //System.out.println("mValue read "+(char)c); + while ((c = in.read()) != ',' && + c != -1 && c != '.' && c != '+') { + // System.out.println("mValue read "+(char)c); valueBuf.append((char) c); } if (c == '+' || c == ',') // either ',' or '+' - in.unread(c); // pushback last , or + + in.unread(c); // pushback last , or + } catch (IOException e) { throw new ELdapException( CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } mValue = valueBuf.toString().trim(); - if (mValue.length() == 0) + if (mValue.length() == 0) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "$subj or $req attribute name expected")); - //System.out.println("----- mValue "+mValue); + // System.out.println("----- mValue "+mValue); - // get nth dn xxx not nth request attribute . + // get nth dn xxx not nth request attribute . if (c == '.') { StringBuffer attrNumberBuf = new StringBuffer(); try { while ((c = in.read()) != ',' && c != -1 && c != '.' - && c != '+') { - //System.out.println("mElement read "+(char)c); + && c != '+') { + // System.out.println("mElement read "+(char)c); attrNumberBuf.append((char) c); } - if (c == ',' || c == '+') // either ',' or '+' - in.unread(c); // pushback last , or + + if (c == ',' || c == '+') // either ',' or '+' + in.unread(c); // pushback last , or + } catch (IOException e) { throw new ELdapException( CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } String attrNumber = attrNumberBuf.toString().trim(); - if (attrNumber.length() == 0) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + if (attrNumber.length() == 0) + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "nth element $req $ext or $subj expected")); try { mElement = Integer.parseInt(attrNumber) - 1; @@ -393,67 +393,67 @@ class MapAVAPattern { mValue = attrNumber; } else if (TYPE_EXT.equals(mType)) { mGNType = attrNumber; - } else - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + } else + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid format in nth element $req $ext or $subj")); - // get nth request attribute . + // get nth request attribute . if (c == '.') { StringBuffer attrNumberBuf1 = new StringBuffer(); try { while ((c = in.read()) != ',' && c != -1 && c != '+') { - //System.out.println("mElement read "+(char)c); + // System.out.println("mElement read "+(char)c); attrNumberBuf1.append((char) c); } if (c != -1) // either ',' or '+' - in.unread(c); // pushback last , or + + in.unread(c); // pushback last , or + } catch (IOException ex) { throw new ELdapException( CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", ex.toString())); } String attrNumber1 = attrNumberBuf1.toString().trim(); - if (attrNumber1.length() == 0) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + if (attrNumber1.length() == 0) + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "nth element $req expected")); - try { - mElement = Integer.parseInt(attrNumber1) - 1; + try { + mElement = Integer.parseInt(attrNumber1) - 1; } catch (NumberFormatException ex) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid format in nth element $req.")); - + } } } } - //System.out.println("----- mElement "+mElement); + // System.out.println("----- mElement "+mElement); } else { // value is constant. treat as regular ava. mType = TYPE_CONSTANT; - //System.out.println("----- mType constant"); - // parse ava value. + // System.out.println("----- mType constant"); + // parse ava value. StringBuffer valueBuf = new StringBuffer(); valueBuf.append((char) c); // read forward to get attribute value try { - while ((c = in.read()) != ',' && - c != -1) { + while ((c = in.read()) != ',' && + c != -1) { valueBuf.append((char) c); } if (c == '+' || c == ',') { // either ',' or '+' - in.unread(c); // pushback last , or + + in.unread(c); // pushback last , or + } } catch (IOException e) { throw new ELdapException( CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } - try { - AVA ava = mLdapDNStrConverter.parseAVA(attrBuf + "=" + valueBuf); + try { + AVA ava = mLdapDNStrConverter.parseAVA(attrBuf + "=" + valueBuf); mValue = ava.toLdapDNString(); - //System.out.println("----- mValue "+mValue); + // System.out.println("----- mValue "+mValue); } catch (IOException e) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.toString())); } @@ -461,19 +461,19 @@ class MapAVAPattern { } public String formAVA(IRequest req, X500Name subject, CertificateExtensions extensions) - throws ELdapException { + throws ELdapException { if (TYPE_CONSTANT.equals(mType)) return mValue; if (TYPE_RDN.equals(mType)) { String dn = subject.toString(); - if (mTestDN != null) + if (mTestDN != null) dn = mTestDN; - //System.out.println("AVAPattern Using dn "+mTestDN); + // System.out.println("AVAPattern Using dn "+mTestDN); String[] rdns = LDAPDN.explodeDN(dn, false); - if (mElement >= rdns.length) + if (mElement >= rdns.length) return null; return rdns[mElement]; } @@ -481,9 +481,9 @@ class MapAVAPattern { if (TYPE_SUBJ.equals(mType)) { String dn = subject.toString(); - if (mTestDN != null) + if (mTestDN != null) dn = mTestDN; - //System.out.println("AVAPattern Using dn "+mTestDN); + // System.out.println("AVAPattern Using dn "+mTestDN); String[] rdns = LDAPDN.explodeDN(dn, false); String value = null; int nFound = -1; @@ -494,8 +494,8 @@ class MapAVAPattern { for (int j = 0; j < avas.length; j++) { String[] exploded = explodeAVA(avas[j]); - if (exploded[0].equalsIgnoreCase(mValue) && - ++nFound == mElement) { + if (exploded[0].equalsIgnoreCase(mValue) && + ++nFound == mElement) { value = exploded[1]; break; } @@ -503,10 +503,10 @@ class MapAVAPattern { } if (value == null) { CMS.debug( - "MapAVAPattern: attr " + mAttr + - " not formed from: cert subject " + - dn + - "-- no subject component : " + mValue); + "MapAVAPattern: attr " + mAttr + + " not formed from: cert subject " + + dn + + "-- no subject component : " + mValue); return null; } return mAttr + "=" + value; @@ -516,21 +516,19 @@ class MapAVAPattern { if (extensions != null) { for (int i = 0; i < extensions.size(); i++) { Extension ext = (Extension) - extensions.elementAt(i); + extensions.elementAt(i); String extName = OIDMap.getName(ext.getExtensionId()); int index = extName.lastIndexOf("."); if (index != -1) extName = extName.substring(index + 1); - if ( - extName.equals(mValue)) { + if (extName.equals(mValue)) { // Check the extensions one by one. // For now, just give subjectAltName as an example. - if - (mValue.equalsIgnoreCase(SubjectAlternativeNameExtension.class.getSimpleName())) { + if (mValue.equalsIgnoreCase(SubjectAlternativeNameExtension.class.getSimpleName())) { try { GeneralNames subjectNames = (GeneralNames) - ((SubjectAlternativeNameExtension) ext).get(SubjectAlternativeNameExtension.SUBJECT_NAME); + ((SubjectAlternativeNameExtension) ext).get(SubjectAlternativeNameExtension.SUBJECT_NAME); if (subjectNames.size() == 0) break; @@ -541,7 +539,8 @@ class MapAVAPattern { String gname = gn.toString(); index = gname.indexOf(":"); - if (index == -1) break; + if (index == -1) + break; String gType = gname.substring(0, index); if (mGNType != null) { @@ -563,18 +562,18 @@ class MapAVAPattern { j++; } } - } catch (IOException e) { + } catch (IOException e) { CMS.debug( - "MapAVAPattern: Publishing attr not formed from extension." + - "-- no attr : " + mValue); + "MapAVAPattern: Publishing attr not formed from extension." + + "-- no attr : " + mValue); } } } } } CMS.debug( - "MapAVAPattern: Publishing:attr not formed from extension " + - "-- no attr : " + mValue); + "MapAVAPattern: Publishing:attr not formed from extension " + + "-- no attr : " + mValue); return null; } @@ -583,8 +582,7 @@ class MapAVAPattern { // mPrefix and mValue are looked up case-insensitive String reqAttr = req.getExtDataInString(mPrefix, mValue); if (reqAttr == null) { - throw new - ELdapException(CMS.getUserMessage("CMS_LDAP_NO_REQUEST", + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_REQUEST", mValue, mAttr)); } return mAttr + "=" + reqAttr; @@ -608,20 +606,19 @@ class MapAVAPattern { } /** - * Explode RDN into AVAs. - * Does not handle escaped '+' - * Java ldap library does not yet support multiple avas per rdn. - * If RDN is malformed returns empty array. + * Explode RDN into AVAs. Does not handle escaped '+' Java ldap library does + * not yet support multiple avas per rdn. If RDN is malformed returns empty + * array. */ public static String[] explodeRDN(String rdn) { int plus = rdn.indexOf('+'); - if (plus == -1) + if (plus == -1) return new String[] { rdn }; Vector<String> avas = new Vector<String>(); StringTokenizer token = new StringTokenizer(rdn, "+"); - while (token.hasMoreTokens()) + while (token.hasMoreTokens()) avas.addElement(token.nextToken()); String[] theAvas = new String[avas.size()]; @@ -630,17 +627,15 @@ class MapAVAPattern { } /** - * Explode AVA into name and value. - * Does not handle escaped '=' - * If AVA is malformed empty array is returned. + * Explode AVA into name and value. Does not handle escaped '=' If AVA is + * malformed empty array is returned. */ public static String[] explodeAVA(String ava) { int equals = ava.indexOf('='); - if (equals == -1) + if (equals == -1) return null; return new String[] { - ava.substring(0, equals).trim(), ava.substring(equals + 1).trim()}; + ava.substring(0, equals).trim(), ava.substring(equals + 1).trim() }; } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java index 5de5e3dd..07405443 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.io.IOException; import java.io.PushbackReader; import java.io.StringReader; @@ -31,25 +30,27 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.request.IRequest; - /** - * class for parsing a DN pattern used to construct a ldap dn from - * request attributes and cert subject name.<p> + * class for parsing a DN pattern used to construct a ldap dn from request + * attributes and cert subject name. + * <p> * - * dnpattern is a string representing a ldap dn pattern to formulate from - * the certificate subject name attributes and request attributes . - * If empty or not set, the certificate subject name - * will be used as the ldap dn. <p> + * dnpattern is a string representing a ldap dn pattern to formulate from the + * certificate subject name attributes and request attributes . If empty or not + * set, the certificate subject name will be used as the ldap dn. + * <p> + * + * The syntax is * - * The syntax is * <pre> - * dnPattern := rdnPattern *[ "," rdnPattern ] - * rdnPattern := avaPattern *[ "+" avaPattern ] + * dnPattern := rdnPattern *[ "," rdnPattern ] + * rdnPattern := avaPattern *[ "+" avaPattern ] * avaPattern := name "=" value | - * name "=" "$subj" "." attrName [ "." attrNumber ] | - * name "=" "$req" "." attrName [ "." attrNumber ] | - * "$rdn" "." number + * name "=" "$subj" "." attrName [ "." attrNumber ] | + * name "=" "$req" "." attrName [ "." attrNumber ] | + * "$rdn" "." number * </pre> + * * <pre> * Example1: <i>cn=Certificate Manager,ou=people,o=mcom.com</i> * cert subject name: dn: CN=Certificate Manager, OU=people, O=mcom.com @@ -60,7 +61,7 @@ import com.netscape.certsrv.request.IRequest; * <p> * note: Subordinate ca enrollment will use ca mapper. Use predicate * to distinguish the ca itself and the subordinates. - * + * * Example2: <i>UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, O=people, , O=mcom.com</i> * cert subject name: dn: UID=jjames, OU=IS, O=people, , O=mcom.com * request attributes: uid: cmanager @@ -73,18 +74,18 @@ import com.netscape.certsrv.request.IRequest; * O = the string people, mcom.com. <br> * <p> * </pre> - * If an request attribute or subject DN component does not exist, - * the attribute is skipped. There is potential risk that a wrong dn - * will be mapped into. - * + * + * If an request attribute or subject DN component does not exist, the attribute + * is skipped. There is potential risk that a wrong dn will be mapped into. + * * @version $Revision$, $Date$ */ public class MapDNPattern { - /* the list of request attriubutes to retrieve*/ + /* the list of request attriubutes to retrieve */ protected String[] mReqAttrs = null; - /* the list of cert attriubutes to retrieve*/ + /* the list of cert attriubutes to retrieve */ protected String[] mCertAttrs = null; /* rdn patterns */ @@ -95,16 +96,17 @@ public class MapDNPattern { protected String mTestDN = null; - /** + /** * Construct a DN pattern by parsing a pattern string. + * * @param pattern the DN pattern - * @exception EBaseException If parsing error occurs. + * @exception EBaseException If parsing error occurs. */ public MapDNPattern(String pattern) - throws ELdapException { + throws ELdapException { if (pattern == null || pattern.equals("")) { CMS.debug( - "MapDNPattern: null pattern"); + "MapDNPattern: null pattern"); } else { mPatternString = pattern; PushbackReader in = new PushbackReader(new StringReader(pattern)); @@ -113,13 +115,13 @@ public class MapDNPattern { } } - public MapDNPattern(PushbackReader in) - throws ELdapException { + public MapDNPattern(PushbackReader in) + throws ELdapException { parse(in); } private void parse(PushbackReader in) - throws ELdapException { + throws ELdapException { Vector<MapRDNPattern> rdnPatterns = new Vector<MapRDNPattern>(); MapRDNPattern rdnPattern = null; int lastChar = -1; @@ -133,8 +135,7 @@ public class MapDNPattern { throw new ELdapException( CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } - } - while (lastChar == ','); + } while (lastChar == ','); mRDNPatterns = new MapRDNPattern[rdnPatterns.size()]; rdnPatterns.copyInto(mRDNPatterns); @@ -144,8 +145,8 @@ public class MapDNPattern { for (int i = 0; i < mRDNPatterns.length; i++) { String[] rdnAttrs = mRDNPatterns[i].getReqAttrs(); - if (rdnAttrs != null && rdnAttrs.length > 0) - for (int j = 0; j < rdnAttrs.length; j++) + if (rdnAttrs != null && rdnAttrs.length > 0) + for (int j = 0; j < rdnAttrs.length; j++) reqAttrs.addElement(rdnAttrs[j]); } mReqAttrs = new String[reqAttrs.size()]; @@ -156,8 +157,8 @@ public class MapDNPattern { for (int i = 0; i < mRDNPatterns.length; i++) { String[] rdnAttrs = mRDNPatterns[i].getCertAttrs(); - if (rdnAttrs != null && rdnAttrs.length > 0) - for (int j = 0; j < rdnAttrs.length; j++) + if (rdnAttrs != null && rdnAttrs.length > 0) + for (int j = 0; j < rdnAttrs.length; j++) certAttrs.addElement(rdnAttrs[j]); } mCertAttrs = new String[certAttrs.size()]; @@ -166,12 +167,13 @@ public class MapDNPattern { /** * Form a Ldap v3 DN string from a request and a cert subject name. + * * @param req the request for (un)publish * @param subject the subjectDN of the certificate - * @return Ldap v3 DN string to use for base ldap search. + * @return Ldap v3 DN string to use for base ldap search. */ public String formDN(IRequest req, X500Name subject, CertificateExtensions ext) - throws ELdapException { + throws ELdapException { StringBuffer formedDN = new StringBuffer(); for (int i = 0; i < mRDNPatterns.length; i++) { @@ -180,11 +182,11 @@ public class MapDNPattern { String rdn = mRDNPatterns[i].formRDN(req, subject, ext); if (rdn != null && rdn.length() != 0) { - if (formedDN.length() != 0) - formedDN.append(","); - formedDN.append(rdn); + if (formedDN.length() != 0) + formedDN.append(","); + formedDN.append(rdn); } else { - throw new ELdapException("pattern not matched"); + throw new ELdapException("pattern not matched"); } } return formedDN.toString(); @@ -198,4 +200,3 @@ public class MapDNPattern { return (String[]) mCertAttrs.clone(); } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java index 65091000..55e25ab2 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.io.IOException; import java.io.PushbackReader; import java.io.StringReader; @@ -30,25 +29,27 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.request.IRequest; - /** - * class for parsing a DN pattern used to construct a ldap dn from - * request attributes and cert subject name.<p> + * class for parsing a DN pattern used to construct a ldap dn from request + * attributes and cert subject name. + * <p> * - * dnpattern is a string representing a ldap dn pattern to formulate from - * the certificate subject name attributes and request attributes . - * If empty or not set, the certificate subject name - * will be used as the ldap dn. <p> + * dnpattern is a string representing a ldap dn pattern to formulate from the + * certificate subject name attributes and request attributes . If empty or not + * set, the certificate subject name will be used as the ldap dn. + * <p> + * + * The syntax is * - * The syntax is * <pre> - * dnPattern := rdnPattern *[ "," rdnPattern ] - * rdnPattern := avaPattern *[ "+" avaPattern ] + * dnPattern := rdnPattern *[ "," rdnPattern ] + * rdnPattern := avaPattern *[ "+" avaPattern ] * avaPattern := name "=" value | - * name "=" "$subj" "." attrName [ "." attrNumber ] | - * name "=" "$req" "." attrName [ "." attrNumber ] | - * "$rdn" "." number + * name "=" "$subj" "." attrName [ "." attrNumber ] | + * name "=" "$req" "." attrName [ "." attrNumber ] | + * "$rdn" "." number * </pre> + * * <pre> * Example1: <i>cn=Certificate Manager,ou=people,o=mcom.com</i> * cert subject name: dn: CN=Certificate Manager, OU=people, O=mcom.com @@ -59,7 +60,7 @@ import com.netscape.certsrv.request.IRequest; * <p> * note: Subordinate ca enrollment will use ca mapper. Use predicate * to distinguish the ca itself and the subordinates. - * + * * Example2: <i>UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, O=people, , O=mcom.com</i> * cert subject name: dn: UID=jjames, OU=IS, O=people, , O=mcom.com * request attributes: uid: cmanager @@ -72,18 +73,18 @@ import com.netscape.certsrv.request.IRequest; * O = the string people, mcom.com. <br> * <p> * </pre> - * If an request attribute or subject DN component does not exist, - * the attribute is skipped.There is potential risk that a wrong dn - * will be mapped into. - * + * + * If an request attribute or subject DN component does not exist, the attribute + * is skipped.There is potential risk that a wrong dn will be mapped into. + * * @version $Revision$, $Date$ */ class MapRDNPattern { - /* the list of request attributes needed by this RDN */ + /* the list of request attributes needed by this RDN */ protected String[] mReqAttrs = null; - /* the list of cert attributes needed by this RDN */ + /* the list of cert attributes needed by this RDN */ protected String[] mCertAttrs = null; /* AVA patterns */ @@ -94,16 +95,17 @@ class MapRDNPattern { protected String mTestDN = null; - /** + /** * Construct a DN pattern by parsing a pattern string. + * * @param pattenr the DN pattern - * @exception ELdapException If parsing error occurs. + * @exception ELdapException If parsing error occurs. */ public MapRDNPattern(String pattern) - throws ELdapException { + throws ELdapException { if (pattern == null || pattern.equals("")) { CMS.debug( - "MapDNPattern: null pattern"); + "MapDNPattern: null pattern"); } else { mPatternString = pattern; PushbackReader in = new PushbackReader(new StringReader(pattern)); @@ -113,16 +115,16 @@ class MapRDNPattern { } /** - * Construct a DN pattern from a input stream of pattern + * Construct a DN pattern from a input stream of pattern */ - public MapRDNPattern(PushbackReader in) - throws ELdapException { + public MapRDNPattern(PushbackReader in) + throws ELdapException { parse(in); } private void parse(PushbackReader in) - throws ELdapException { - //System.out.println("_________ begin rdn _________"); + throws ELdapException { + // System.out.println("_________ begin rdn _________"); Vector<MapAVAPattern> avaPatterns = new Vector<MapAVAPattern>(); MapAVAPattern avaPattern = null; int lastChar; @@ -130,23 +132,22 @@ class MapRDNPattern { do { avaPattern = new MapAVAPattern(in); avaPatterns.addElement(avaPattern); - //System.out.println("added AVAPattern"+ - //" mType "+avaPattern.mType+ - //" mAttr "+avaPattern.mAttr+ - //" mValue "+avaPattern.mValue+ - //" mElement "+avaPattern.mElement); - try { - lastChar = in.read(); + // System.out.println("added AVAPattern"+ + // " mType "+avaPattern.mType+ + // " mAttr "+avaPattern.mAttr+ + // " mValue "+avaPattern.mValue+ + // " mElement "+avaPattern.mElement); + try { + lastChar = in.read(); } catch (IOException e) { throw new ELdapException( CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } - } - while (lastChar == '+'); + } while (lastChar == '+'); if (lastChar != -1) { try { - in.unread(lastChar); // pushback last , + in.unread(lastChar); // pushback last , } catch (IOException e) { throw new ELdapException( CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); @@ -161,7 +162,7 @@ class MapRDNPattern { for (int i = 0; i < mAVAPatterns.length; i++) { String avaAttr = mAVAPatterns[i].getReqAttr(); - if (avaAttr == null || avaAttr.length() == 0) + if (avaAttr == null || avaAttr.length() == 0) continue; reqAttrs.addElement(avaAttr); } @@ -173,7 +174,7 @@ class MapRDNPattern { for (int i = 0; i < mAVAPatterns.length; i++) { String avaAttr = mAVAPatterns[i].getCertAttr(); - if (avaAttr == null || avaAttr.length() == 0) + if (avaAttr == null || avaAttr.length() == 0) continue; certAttrs.addElement(avaAttr); } @@ -183,16 +184,17 @@ class MapRDNPattern { /** * Form a Ldap v3 DN string from a request and a cert subject name. + * * @param req the request for (un)publish * @param subject the subjectDN of the certificate - * @return Ldap v3 DN string to use for base ldap search. + * @return Ldap v3 DN string to use for base ldap search. */ public String formRDN(IRequest req, X500Name subject, CertificateExtensions ext) - throws ELdapException { + throws ELdapException { StringBuffer formedRDN = new StringBuffer(); for (int i = 0; i < mAVAPatterns.length; i++) { - if (mTestDN != null) + if (mTestDN != null) mAVAPatterns[i].mTestDN = mTestDN; String ava = mAVAPatterns[i].formAVA(req, subject, ext); @@ -202,7 +204,7 @@ class MapRDNPattern { formedRDN.append(ava); } } - //System.out.println("formed RDN "+formedRDN.toString()); + // System.out.println("formed RDN "+formedRDN.toString()); return formedRDN.toString(); } diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java index b1d10902..db1747d4 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.util.Locale; import java.util.Vector; @@ -30,10 +29,9 @@ import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; - -/** +/** * No Map - * + * * @version $Revision$, $Date$ */ public class NoMap implements ILdapMapper, IExtendedPluginInfo { @@ -56,32 +54,32 @@ public class NoMap implements ILdapMapper, IExtendedPluginInfo { } public IConfigStore getConfigStore() { - return mConfig; + return mConfig; } - /** + /** * for initializing from config store. */ - public void init(IConfigStore config) - throws EBaseException { + public void init(IConfigStore config) + throws EBaseException { mConfig = config; } /** - * Maps a X500 subject name to LDAP entry. - * Uses DN pattern to form a DN for a LDAP base search. + * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for + * a LDAP base search. * - * @param conn the LDAP connection. - * @param obj the object to map. + * @param conn the LDAP connection. + * @param obj the object to map. * @exception ELdapException if any LDAP exceptions occured. - */ + */ public String map(LDAPConnection conn, Object obj) - throws ELdapException { + throws ELdapException { return null; } public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return null; } diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java index f0154e44..ab5f2785 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileOutputStream; @@ -47,10 +46,9 @@ import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; -/** - * This publisher writes certificate and CRL into - * a directory. - * +/** + * This publisher writes certificate and CRL into a directory. + * * @version $Revision$, $Date$ */ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { @@ -74,10 +72,10 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { protected String mLinkExt = null; protected int mZipLevel = 9; - public void setIssuingPointId(String crlIssuingPointId) - { + public void setIssuingPointId(String crlIssuingPointId) { mCrlIssuingPointId = crlIssuingPointId; } + /** * Returns the implementation name. */ @@ -99,14 +97,14 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { PROP_DER + ";boolean;Store certificates or CRLs into *.der files.", PROP_B64 + ";boolean;Store certificates or CRLs into *.b64 files.", PROP_GMT + ";choice(LocalTime,GMT);Use local time or GMT to time stamp CRL file name with CRL's 'thisUpdate' field.", - PROP_LNK + ";boolean;Generate link to the latest binary CRL. It requires '"+PROP_DER+"' to be enabled.", + PROP_LNK + ";boolean;Generate link to the latest binary CRL. It requires '" + PROP_DER + "' to be enabled.", PROP_EXT + ";string;Name extension used by link to the latest CRL. Default name extension is 'der'.", PROP_ZIP + ";boolean;Generate compressed CRLs.", PROP_LEV + ";choice(0,1,2,3,4,5,6,7,8,9);Set compression level from 0 to 9.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-publisher-filepublisher", + ";configuration-ldappublish-publisher-filepublisher", IExtendedPluginInfo.HELP_TEXT + - ";Stores the certificates or CRLs into files. Certificate is named as cert-<serialno>.der or *.b64, and CRL is named as <IssuingPoint>-<thisUpdate-time>.der or *.b64." + ";Stores the certificates or CRLs into files. Certificate is named as cert-<serialno>.der or *.b64, and CRL is named as <IssuingPoint>-<thisUpdate-time>.der or *.b64." }; return params; @@ -139,14 +137,14 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { try { if (mTimeStamp == null || (!mTimeStamp.equals("GMT"))) mTimeStamp = "LocalTime"; - v.addElement(PROP_DIR+"=" + dir); - v.addElement(PROP_DER+"=" + mConfig.getBoolean(PROP_DER,true)); - v.addElement(PROP_B64+"=" + mConfig.getBoolean(PROP_B64,false)); - v.addElement(PROP_GMT+"=" + mTimeStamp); - v.addElement(PROP_LNK+"=" + mConfig.getBoolean(PROP_LNK,false)); - v.addElement(PROP_EXT+"=" + ext); - v.addElement(PROP_ZIP+"=" + mConfig.getBoolean(PROP_ZIP,false)); - v.addElement(PROP_LEV+"=" + mZipLevel); + v.addElement(PROP_DIR + "=" + dir); + v.addElement(PROP_DER + "=" + mConfig.getBoolean(PROP_DER, true)); + v.addElement(PROP_B64 + "=" + mConfig.getBoolean(PROP_B64, false)); + v.addElement(PROP_GMT + "=" + mTimeStamp); + v.addElement(PROP_LNK + "=" + mConfig.getBoolean(PROP_LNK, false)); + v.addElement(PROP_EXT + "=" + ext); + v.addElement(PROP_ZIP + "=" + mConfig.getBoolean(PROP_ZIP, false)); + v.addElement(PROP_LEV + "=" + mZipLevel); } catch (Exception e) { } return v; @@ -158,14 +156,14 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { public Vector<String> getDefaultParams() { Vector<String> v = new Vector<String>(); - v.addElement(PROP_DIR+"="); - v.addElement(PROP_DER+"=true"); - v.addElement(PROP_B64+"=false"); - v.addElement(PROP_GMT+"=LocalTime"); - v.addElement(PROP_LNK+"=false"); - v.addElement(PROP_EXT+"="); - v.addElement(PROP_ZIP+"=false"); - v.addElement(PROP_LEV+"=9"); + v.addElement(PROP_DIR + "="); + v.addElement(PROP_DER + "=true"); + v.addElement(PROP_B64 + "=false"); + v.addElement(PROP_GMT + "=LocalTime"); + v.addElement(PROP_LNK + "=false"); + v.addElement(PROP_EXT + "="); + v.addElement(PROP_ZIP + "=false"); + v.addElement(PROP_LEV + "=9"); return v; } @@ -193,7 +191,7 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { } // convert to forward slash - dir = dir.replace('\\', '/'); + dir = dir.replace('\\', '/'); config.putString(PROP_DIR, dir); File dirCheck = new File(dir); @@ -209,7 +207,7 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { } catch (Exception e) { throw new RuntimeException("Invalid Instance Dir " + e); } - dirCheck = new File(mInstanceRoot + + dirCheck = new File(mInstanceRoot + File.separator + dir); if (dirCheck.isDirectory()) { mDir = mInstanceRoot + File.separator + dir; @@ -224,7 +222,7 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { } private String[] getCrlNamePrefix(X509CRL crl, boolean useGMT) { - String[] namePrefix = {"crl", "crl"}; + String[] namePrefix = { "crl", "crl" }; if (mCrlIssuingPointId != null && mCrlIssuingPointId.length() != 0) { namePrefix[0] = mCrlIssuingPointId; @@ -232,10 +230,11 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { } java.text.SimpleDateFormat format = new java.text.SimpleDateFormat("yyyyMMdd-HHmmss"); TimeZone tz = TimeZone.getTimeZone("GMT"); - if (useGMT) format.setTimeZone(tz); + if (useGMT) + format.setTimeZone(tz); String timeStamp = format.format(crl.getThisUpdate()).toString(); namePrefix[0] += "-" + timeStamp; - if (((netscape.security.x509.X509CRLImpl)crl).isDeltaCRL()) { + if (((netscape.security.x509.X509CRLImpl) crl).isDeltaCRL()) { namePrefix[0] += "-delta"; namePrefix[1] += "-delta"; } @@ -243,23 +242,23 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { return namePrefix; } - private void createLink(String linkName, String fileName) { + private void createLink(String linkName, String fileName) { String cmd = "ln -s " + fileName + " " + linkName + ".new"; if (com.netscape.cmsutil.util.Utils.exec(cmd)) { File oldLink = new File(linkName + ".old"); - if (oldLink.exists()) { // remove old link if exists + if (oldLink.exists()) { // remove old link if exists oldLink.delete(); } File link = new File(linkName); - if (link.exists()) { // current link becomes an old link + if (link.exists()) { // current link becomes an old link link.renameTo(new File(linkName + ".old")); } File newLink = new File(linkName + ".new"); - if (newLink.exists()) { // new link becomes current link + if (newLink.exists()) { // new link becomes current link newLink.renameTo(new File(linkName)); } oldLink = new File(linkName + ".old"); - if (oldLink.exists()) { // remove a new old link + if (oldLink.exists()) { // remove a new old link oldLink.delete(); } } else { @@ -270,38 +269,34 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { /** * Publishs a object to the ldap directory. * - * @param conn a Ldap connection - * (null if LDAP publishing is not enabled) - * @param dn dn of the ldap entry to publish cert - * (null if LDAP publishing is not enabled) - * @param object object to publish - * (java.security.cert.X509Certificate or, - * java.security.cert.X509CRL) + * @param conn a Ldap connection (null if LDAP publishing is not enabled) + * @param dn dn of the ldap entry to publish cert (null if LDAP publishing + * is not enabled) + * @param object object to publish (java.security.cert.X509Certificate or, + * java.security.cert.X509CRL) */ public void publish(LDAPConnection conn, String dn, Object object) - throws ELdapException { + throws ELdapException { CMS.debug("FileBasedPublisher: publish"); try { if (object instanceof X509Certificate) { X509Certificate cert = (X509Certificate) object; BigInteger sno = cert.getSerialNumber(); String name = mDir + - File.separator + "cert-" + - sno.toString(); - if (mDerAttr) - { + File.separator + "cert-" + + sno.toString(); + if (mDerAttr) { String fileName = name + ".der"; FileOutputStream fos = new FileOutputStream(fileName); fos.write(cert.getEncoded()); fos.close(); } - if (mB64Attr) - { + if (mB64Attr) { String fileName = name + ".b64"; FileOutputStream fos = new FileOutputStream(fileName); ByteArrayOutputStream output = new ByteArrayOutputStream(); Base64OutputStream b64 = - new Base64OutputStream(new PrintStream(new FilterOutputStream(output))); + new Base64OutputStream(new PrintStream(new FilterOutputStream(output))); b64.write(cert.getEncoded()); b64.flush(); (new PrintStream(fos)).print(output.toString("8859_1")); @@ -314,7 +309,7 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { String tempFile = baseName + ".temp"; FileOutputStream fos; ZipOutputStream zos; - byte [] encodedArray = null; + byte[] encodedArray = null; File destFile = null; String destName = null; File renameFile = null; @@ -325,16 +320,16 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { fos.write(encodedArray); fos.close(); if (mZipCRL) { - zos = new ZipOutputStream(new FileOutputStream(baseName+".zip")); + zos = new ZipOutputStream(new FileOutputStream(baseName + ".zip")); zos.setLevel(mZipLevel); - zos.putNextEntry(new ZipEntry(baseName+".der")); + zos.putNextEntry(new ZipEntry(baseName + ".der")); zos.write(encodedArray, 0, encodedArray.length); zos.closeEntry(); zos.close(); } destName = baseName + ".der"; destFile = new File(destName); - + if (destFile.exists()) destFile.delete(); renameFile = new File(tempFile); @@ -348,58 +343,55 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { linkExt += "der"; } String linkName = mDir + File.separator + namePrefix[1] + linkExt; - createLink(linkName, destName); + createLink(linkName, destName); if (mZipCRL) { linkName = mDir + File.separator + namePrefix[1] + ".zip"; - createLink(linkName, baseName+".zip"); + createLink(linkName, baseName + ".zip"); } } } - + // output base64 file - if(mB64Attr==true) - { - if (encodedArray ==null) - encodedArray = crl.getEncoded(); - - ByteArrayOutputStream os = new ByteArrayOutputStream(); - - fos = new FileOutputStream(tempFile); - fos.write(com.netscape.osutil.OSUtil.BtoA(encodedArray).getBytes()); - fos.close(); - destName = baseName + ".b64"; - destFile = new File(destName); - - if(destFile.exists()) - destFile.delete(); - renameFile = new File(tempFile); - renameFile.renameTo(destFile); - } + if (mB64Attr == true) { + if (encodedArray == null) + encodedArray = crl.getEncoded(); + + ByteArrayOutputStream os = new ByteArrayOutputStream(); + + fos = new FileOutputStream(tempFile); + fos.write(com.netscape.osutil.OSUtil.BtoA(encodedArray).getBytes()); + fos.close(); + destName = baseName + ".b64"; + destFile = new File(destName); + + if (destFile.exists()) + destFile.delete(); + renameFile = new File(tempFile); + renameFile.renameTo(destFile); + } } } catch (IOException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString())); } catch (CertificateEncodingException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString())); } catch (CRLException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString())); } } /** * Unpublishs a object to the ldap directory. - * - * @param conn the Ldap connection - * (null if LDAP publishing is not enabled) - * @param dn dn of the ldap entry to unpublish cert - * (null if LDAP publishing is not enabled) - * @param object object to unpublish - * (java.security.cert.X509Certificate) + * + * @param conn the Ldap connection (null if LDAP publishing is not enabled) + * @param dn dn of the ldap entry to unpublish cert (null if LDAP publishing + * is not enabled) + * @param object object to unpublish (java.security.cert.X509Certificate) */ public void unpublish(LDAPConnection conn, String dn, Object object) - throws ELdapException { + throws ELdapException { CMS.debug("FileBasedPublisher: unpublish"); String name = mDir + File.separator; String fileName; @@ -425,13 +417,15 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { f = new File(fileName); f.delete(); } - /** + + /** * returns the Der attribute where it'll be published. */ public boolean getDerAttr() { return mDerAttr; } - /** + + /** * returns the B64 attribute where it'll be published. */ public boolean getB64Attr() { diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java index 4727a690..746d9118 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Locale; @@ -42,14 +41,13 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; - -/** - * Interface for publishing a CA certificate to - * +/** + * Interface for publishing a CA certificate to + * * @version $Revision$, $Date$ */ -public class LdapCaCertPublisher - implements ILdapPublisher, IExtendedPluginInfo { +public class LdapCaCertPublisher + implements ILdapPublisher, IExtendedPluginInfo { public static final String LDAP_CACERT_ATTR = "caCertificate;binary"; public static final String LDAP_CA_OBJECTCLASS = "pkiCA"; public static final String LDAP_ARL_ATTR = "authorityRevocationList;binary"; @@ -64,7 +62,6 @@ public class LdapCaCertPublisher private boolean mInited = false; protected IConfigStore mConfig = null; private String mcrlIssuingPointId; - /** * constructor constructs default values. @@ -76,13 +73,13 @@ public class LdapCaCertPublisher String s[] = { "caCertAttr;string;Name of Ldap attribute in which to store certificate", "caObjectClass;string;The name of the objectclasses which should be " + - "added to this entry, if they do not already exist. This can be " + - "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)", + "added to this entry, if they do not already exist. This can be " + + "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-publisher-cacertpublisher", + ";configuration-ldappublish-publisher-cacertpublisher", IExtendedPluginInfo.HELP_TEXT + - ";This plugin knows how to publish the CA cert to " + - "'certificateAuthority' and 'pkiCA' -type entries" + ";This plugin knows how to publish the CA cert to " + + "'certificateAuthority' and 'pkiCA' -type entries" }; return s; @@ -117,12 +114,12 @@ public class LdapCaCertPublisher } public void init(IConfigStore config) - throws EBaseException { - if (mInited) + throws EBaseException { + if (mInited) return; mConfig = config; mCaCertAttr = mConfig.getString("caCertAttr", LDAP_CACERT_ATTR); - mCaObjectclass = mConfig.getString("caObjectClass", + mCaObjectclass = mConfig.getString("caObjectClass", LDAP_CA_OBJECTCLASS); mObjAdded = mConfig.getString("caObjectClassAdded", ""); mObjDeleted = mConfig.getString("caObjectClassDeleted", ""); @@ -151,16 +148,16 @@ public class LdapCaCertPublisher } /** - * publish a CA certificate - * Adds the cert to the multi-valued certificate attribute as a - * DER encoded binary blob. Does not check if cert already exists. - * Converts the class to certificateAuthority. + * publish a CA certificate Adds the cert to the multi-valued certificate + * attribute as a DER encoded binary blob. Does not check if cert already + * exists. Converts the class to certificateAuthority. + * * @param conn the LDAP connection * @param dn dn of the entry to publish the certificate - * @param certObj the certificate object. + * @param certObj the certificate object. */ public void publish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (conn == null) { log(ILogger.LL_INFO, "LdapCaCertPublisher: no LDAP connection"); return; @@ -176,31 +173,30 @@ public class LdapCaCertPublisher // see if we should create local connection LDAPConnection altConn = null; try { - String host = mConfig.getString("host", null); - String port = mConfig.getString("port", null); - if (host != null && port != null) { - int portVal = Integer.parseInt(port); - int version = Integer.parseInt(mConfig.getString("version", "2")); - String cert_nick = mConfig.getString("clientCertNickname", null); - LDAPSSLSocketFactoryExt sslSocket = null; - if (cert_nick != null) { - sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); + String host = mConfig.getString("host", null); + String port = mConfig.getString("port", null); + if (host != null && port != null) { + int portVal = Integer.parseInt(port); + int version = Integer.parseInt(mConfig.getString("version", "2")); + String cert_nick = mConfig.getString("clientCertNickname", null); + LDAPSSLSocketFactoryExt sslSocket = null; + if (cert_nick != null) { + sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); + } + String mgr_dn = mConfig.getString("bindDN", null); + String mgr_pwd = mConfig.getString("bindPWD", null); + + altConn = CMS.getBoundConnection(host, portVal, + version, + sslSocket, mgr_dn, mgr_pwd); + conn = altConn; } - String mgr_dn = mConfig.getString("bindDN", null); - String mgr_pwd = mConfig.getString("bindPWD", null); - - altConn = CMS.getBoundConnection(host, portVal, - version, - sslSocket, mgr_dn, mgr_pwd); - conn = altConn; - } } catch (LDAPException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } catch (EBaseException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } - if (!(certObj instanceof X509Certificate)) throw new IllegalArgumentException("Illegal arg to publish"); @@ -210,40 +206,40 @@ public class LdapCaCertPublisher byte[] certEnc = cert.getEncoded(); /* search for attribute names to determine existence of attributes */ - LDAPSearchResults res = - conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true); + LDAPSearchResults res = + conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", + new String[] { LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true); LDAPEntry entry = res.next(); LDAPAttribute arls = entry.getAttribute(LDAP_ARL_ATTR); LDAPAttribute crls = entry.getAttribute(LDAP_CRL_ATTR); /* search for objectclass and caCert values */ - LDAPSearchResults res1 = - conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { "objectclass", mCaCertAttr }, false); + LDAPSearchResults res1 = + conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", + new String[] { "objectclass", mCaCertAttr }, false); LDAPEntry entry1 = res1.next(); LDAPAttribute ocs = entry1.getAttribute("objectclass"); LDAPAttribute certs = entry1.getAttribute(mCaCertAttr); - boolean hasCert = - LdapUserCertPublisher.ByteValueExists(certs, certEnc); + boolean hasCert = + LdapUserCertPublisher.ByteValueExists(certs, certEnc); LDAPModificationSet modSet = new LDAPModificationSet(); if (hasCert) { log(ILogger.LL_INFO, "publish: CA " + dn + " already has Cert"); - } else { + } else { /* - fix for 360458 - if no cert, use add, if has cert but - not equal, use replace + * fix for 360458 - if no cert, use add, if has cert but not + * equal, use replace */ if (certs == null) { - modSet.add(LDAPModification.ADD, - new LDAPAttribute(mCaCertAttr, certEnc)); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(mCaCertAttr, certEnc)); log(ILogger.LL_INFO, "CA cert added"); } else { - modSet.add(LDAPModification.REPLACE, - new LDAPAttribute(mCaCertAttr, certEnc)); + modSet.add(LDAPModification.REPLACE, + new LDAPAttribute(mCaCertAttr, certEnc)); log(ILogger.LL_INFO, "CA cert replaced"); } } @@ -251,22 +247,22 @@ public class LdapCaCertPublisher String[] oclist = mCaObjectclass.split(","); boolean attrsAdded = false; - for (int i=0; i < oclist.length; i++) { + for (int i = 0; i < oclist.length; i++) { String oc = oclist[i].trim(); boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc); if (!hasoc) { log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to " + dn); modSet.add(LDAPModification.ADD, - new LDAPAttribute("objectclass", oc)); + new LDAPAttribute("objectclass", oc)); if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) { // add MUST attributes - if (arls == null) + if (arls == null) modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_ARL_ATTR, "")); + new LDAPAttribute(LDAP_ARL_ATTR, "")); if (crls == null) modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_CRL_ATTR, "")); + new LDAPAttribute(LDAP_CRL_ATTR, "")); attrsAdded = true; } } @@ -275,15 +271,15 @@ public class LdapCaCertPublisher // delete objectclasses that have been deleted from config String[] delList = mObjDeleted.split(","); if (delList.length > 0) { - for (int i=0; i< delList.length; i++) { + for (int i = 0; i < delList.length; i++) { String deloc = delList[i].trim(); boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc); boolean match = false; - for (int j=0; j< oclist.length; j++) { + for (int j = 0; j < oclist.length; j++) { if ((oclist[j].trim()).equals(deloc)) { match = true; break; - } + } } if (!match && hasoc) { log(ILogger.LL_INFO, "deleting CA objectclass " + deloc + " from " + dn); @@ -294,7 +290,7 @@ public class LdapCaCertPublisher } // reset mObjAdded and mObjDeleted, if needed - if ((!mObjAdded.equals("")) || (!mObjDeleted.equals(""))) { + if ((!mObjAdded.equals("")) || (!mObjDeleted.equals(""))) { mObjAdded = ""; mObjDeleted = ""; mConfig.putString("caObjectClassAdded", ""); @@ -305,8 +301,9 @@ public class LdapCaCertPublisher log(ILogger.LL_INFO, "Failure in updating mObjAdded and mObjDeleted"); } } - - if (modSet.size() > 0) conn.modify(dn, modSet); + + if (modSet.size() > 0) + conn.modify(dn, modSet); } catch (CertificateEncodingException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", dn)); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); @@ -315,32 +312,31 @@ public class LdapCaCertPublisher // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CACERT_ERROR", e.toString())); } } finally { - if (altConn != null) { - try { - altConn.disconnect(); - } catch (LDAPException e) { - // safely ignored - } - } + if (altConn != null) { + try { + altConn.disconnect(); + } catch (LDAPException e) { + // safely ignored + } + } } return; } /** - * deletes the certificate from CA's certificate attribute. - * if it's the last cert will also remove the certificateAuthority - * objectclass. + * deletes the certificate from CA's certificate attribute. if it's the last + * cert will also remove the certificateAuthority objectclass. */ public void unpublish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (!(certObj instanceof X509Certificate)) throw new IllegalArgumentException("Illegal arg to publish"); @@ -355,43 +351,43 @@ public class LdapCaCertPublisher try { byte[] certEnc = cert.getEncoded(); - LDAPSearchResults res = - conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { mCaCertAttr, "objectclass" }, false); + LDAPSearchResults res = + conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", + new String[] { mCaCertAttr, "objectclass" }, false); LDAPEntry entry = res.next(); LDAPAttribute certs = entry.getAttribute(mCaCertAttr); LDAPAttribute ocs = entry.getAttribute("objectclass"); - boolean hasCert = - LdapUserCertPublisher.ByteValueExists(certs, certEnc); + boolean hasCert = + LdapUserCertPublisher.ByteValueExists(certs, certEnc); if (!hasCert) { log(ILogger.LL_INFO, "unpublish: " + dn + " has not cert already"); - //throw new ELdapException( - // LdapResources.ALREADY_UNPUBLISHED_1, dn); + // throw new ELdapException( + // LdapResources.ALREADY_UNPUBLISHED_1, dn); return; } LDAPModificationSet modSet = new LDAPModificationSet(); modSet.add(LDAPModification.DELETE, - new LDAPAttribute(mCaCertAttr, certEnc)); + new LDAPAttribute(mCaCertAttr, certEnc)); if (certs.size() == 1) { // if last ca cert, remove oc also. - String[] oclist = mCaObjectclass.split(","); - for (int i =0 ; i < oclist.length; i++) { + String[] oclist = mCaObjectclass.split(","); + for (int i = 0; i < oclist.length; i++) { String oc = oclist[i].trim(); - boolean hasOC = LdapUserCertPublisher.StringValueExists(ocs, oc); + boolean hasOC = LdapUserCertPublisher.StringValueExists(ocs, oc); if (hasOC) { log(ILogger.LL_INFO, "unpublish: deleting CA oc" + oc + " from " + dn); modSet.add(LDAPModification.DELETE, - new LDAPAttribute("objectclass", oc)); + new LDAPAttribute("objectclass", oc)); } - } + } } - conn.modify(dn, modSet); + conn.modify(dn, modSet); } catch (CertificateEncodingException e) { CMS.debug("LdapCaCertPublisher: unpublish: Cannot decode cert for " + dn); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); @@ -400,7 +396,7 @@ public class LdapCaCertPublisher // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); @@ -415,7 +411,7 @@ public class LdapCaCertPublisher */ private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCaPublisher: " + msg); + "LdapCaPublisher: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java index 50cfd7c5..2abb9e0a 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.io.IOException; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; @@ -44,12 +43,11 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; - -/** - * Interface for mapping a X509 certificate to a LDAP entry - * Publishes a certificate as binary and its subject name. - * there is one subject name value for each certificate. - * +/** + * Interface for mapping a X509 certificate to a LDAP entry Publishes a + * certificate as binary and its subject name. there is one subject name value + * for each certificate. + * * @version $Revision$, $Date$ */ public class LdapCertSubjPublisher implements ILdapPublisher { @@ -97,20 +95,20 @@ public class LdapCertSubjPublisher implements ILdapPublisher { } public void init(IConfigStore config) - throws EBaseException { + throws EBaseException { if (mInited) return; mConfig = config; - mCertAttr = mConfig.getString("certAttr", + mCertAttr = mConfig.getString("certAttr", LdapUserCertPublisher.LDAP_USERCERT_ATTR); - mSubjNameAttr = mConfig.getString("certSubjectName", + mSubjNameAttr = mConfig.getString("certSubjectName", LDAP_CERTSUBJNAME_ATTR); mInited = true; } /** - * constrcutor using specified certificate attribute and - * certificate subject name attribute. + * constrcutor using specified certificate attribute and certificate subject + * name attribute. */ public LdapCertSubjPublisher(String certAttr, String subjNameAttr) { mCertAttr = certAttr; @@ -134,19 +132,21 @@ public class LdapCertSubjPublisher implements ILdapPublisher { } /** - * publish a user certificate - * Adds the cert to the multi-valued certificate attribute as a - * DER encoded binary blob. Does not check if cert already exists. - * Then adds the subject name of the cert to the subject name attribute. + * publish a user certificate Adds the cert to the multi-valued certificate + * attribute as a DER encoded binary blob. Does not check if cert already + * exists. Then adds the subject name of the cert to the subject name + * attribute. + * * @param conn the LDAP connection * @param dn dn of the entry to publish the certificate - * @param certObj the certificate object. - * @exception ELdapException if cert or subject name already exists, - * if cert encoding fails, if getting cert subject name fails. - * Use ELdapException.getException() to find underlying exception. + * @param certObj the certificate object. + * @exception ELdapException if cert or subject name already exists, if cert + * encoding fails, if getting cert subject name fails. Use + * ELdapException.getException() to find underlying + * exception. */ public void publish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (conn == null) { log(ILogger.LL_INFO, "LdapCertSubjPublisher: no LDAP connection"); return; @@ -162,9 +162,9 @@ public class LdapCertSubjPublisher implements ILdapPublisher { byte[] certEnc = cert.getEncoded(); String subjName = ((X500Name) cert.getSubjectDN()).toLdapDNString(); - LDAPSearchResults res = - conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { mCertAttr, mSubjNameAttr }, false); + LDAPSearchResults res = + conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", + new String[] { mCertAttr, mSubjNameAttr }, false); LDAPEntry entry = res.next(); LDAPAttribute certs = entry.getAttribute(mCertAttr); @@ -177,14 +177,14 @@ public class LdapCertSubjPublisher implements ILdapPublisher { // check if has subject name already. if (subjnames != null) { - hasSubjname = + hasSubjname = LdapUserCertPublisher.StringValueExists(subjnames, subjName); } // if has both, done. if (hasCert && hasSubjname) { - log(ILogger.LL_INFO, - "publish: " + subjName + " already has cert & subject name"); + log(ILogger.LL_INFO, + "publish: " + subjName + " already has cert & subject name"); return; } @@ -193,14 +193,14 @@ public class LdapCertSubjPublisher implements ILdapPublisher { if (!hasCert) { log(ILogger.LL_INFO, "publish: adding cert to " + subjName); - modSet.add(LDAPModification.ADD, - new LDAPAttribute(mCertAttr, certEnc)); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(mCertAttr, certEnc)); } // add subject name if not already there. if (!hasSubjname) { log(ILogger.LL_INFO, "publish: adding " + subjName + " to " + dn); - modSet.add(LDAPModification.ADD, - new LDAPAttribute(mSubjNameAttr, subjName)); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(mSubjNameAttr, subjName)); } conn.modify(dn, modSet); } catch (CertificateEncodingException e) { @@ -211,7 +211,7 @@ public class LdapCertSubjPublisher implements ILdapPublisher { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString())); @@ -224,13 +224,12 @@ public class LdapCertSubjPublisher implements ILdapPublisher { } /** - * deletes the certificate from the list of certificates. - * does not check if certificate is already there. - * also takes out the subject name if no other certificate remain - * with the same subject name. + * deletes the certificate from the list of certificates. does not check if + * certificate is already there. also takes out the subject name if no other + * certificate remain with the same subject name. */ public void unpublish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (!(certObj instanceof X509Certificate)) throw new IllegalArgumentException("Illegal arg to publish"); @@ -242,9 +241,9 @@ public class LdapCertSubjPublisher implements ILdapPublisher { byte[] certEnc = cert.getEncoded(); - LDAPSearchResults res = - conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { mCertAttr, mSubjNameAttr }, false); + LDAPSearchResults res = + conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", + new String[] { mCertAttr, mSubjNameAttr }, false); LDAPEntry entry = res.next(); LDAPAttribute certs = entry.getAttribute(mCertAttr); @@ -266,8 +265,8 @@ public class LdapCertSubjPublisher implements ILdapPublisher { try { X509CertImpl certval = new X509CertImpl(val); // XXX use some sort of X500name equals function here. - String subjnam = - ((X500Name) certval.getSubjectDN()).toLdapDNString(); + String subjnam = + ((X500Name) certval.getSubjectDN()).toLdapDNString(); if (subjnam.equalsIgnoreCase(subjName)) { hasAnotherCert = true; @@ -275,45 +274,45 @@ public class LdapCertSubjPublisher implements ILdapPublisher { } catch (CertificateEncodingException e) { // ignore this certificate. CMS.debug( - "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered"); + "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered"); } catch (CertificateException e) { // ignore this certificate. CMS.debug( - "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered"); + "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered"); } } } // check if doesn't have subject name already. if (subjnames != null) { - hasSubjname = + hasSubjname = LdapUserCertPublisher.StringValueExists(subjnames, subjName); } // if doesn't have both, done. if (!hasCert && !hasSubjname) { - log(ILogger.LL_INFO, - "unpublish: " + subjName + " already has not cert & subjname"); + log(ILogger.LL_INFO, + "unpublish: " + subjName + " already has not cert & subjname"); return; } - // delete cert if there. + // delete cert if there. LDAPModificationSet modSet = new LDAPModificationSet(); if (hasCert) { - log(ILogger.LL_INFO, - "unpublish: deleting cert " + subjName + " from " + dn); + log(ILogger.LL_INFO, + "unpublish: deleting cert " + subjName + " from " + dn); modSet.add(LDAPModification.DELETE, - new LDAPAttribute(mCertAttr, certEnc)); + new LDAPAttribute(mCertAttr, certEnc)); } // delete subject name if no other cert has the same name. if (hasSubjname && !hasAnotherCert) { - log(ILogger.LL_INFO, - "unpublish: deleting subject name " + subjName + " from " + dn); + log(ILogger.LL_INFO, + "unpublish: deleting subject name " + subjName + " from " + dn); modSet.add(LDAPModification.DELETE, - new LDAPAttribute(mSubjNameAttr, subjName)); + new LDAPAttribute(mSubjNameAttr, subjName)); } - conn.modify(dn, modSet); + conn.modify(dn, modSet); } catch (CertificateEncodingException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); @@ -325,7 +324,7 @@ public class LdapCertSubjPublisher implements ILdapPublisher { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); @@ -337,7 +336,7 @@ public class LdapCertSubjPublisher implements ILdapPublisher { private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCertSubjPublisher: " + msg); + "LdapCertSubjPublisher: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java index e4a7e0b7..60c07570 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.util.Locale; import java.util.Vector; @@ -39,15 +38,14 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; - -/** - * module for publishing a cross certificate pair to ldap - * crossCertificatePair attribute - * +/** + * module for publishing a cross certificate pair to ldap crossCertificatePair + * attribute + * * @version $Revision$, $Date$ */ -public class LdapCertificatePairPublisher - implements ILdapPublisher, IExtendedPluginInfo { +public class LdapCertificatePairPublisher + implements ILdapPublisher, IExtendedPluginInfo { public static final String LDAP_CROSS_CERT_PAIR_ATTR = "crossCertificatePair;binary"; public static final String LDAP_CA_OBJECTCLASS = "pkiCA"; public static final String LDAP_ARL_ATTR = "authorityRevocationList;binary"; @@ -73,13 +71,13 @@ public class LdapCertificatePairPublisher String s[] = { "crossCertPairAttr;string;Name of Ldap attribute in which to store cross certificates", "caObjectClass;string;The name of the objectclasses which should be " + - "added to this entry, if they do not already exist. This can be " + - "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)", + "added to this entry, if they do not already exist. This can be " + + "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-publisher-crosscertpairpublisher", + ";configuration-ldappublish-publisher-crosscertpairpublisher", IExtendedPluginInfo.HELP_TEXT + - ";This plugin knows how to publish the CA cert to " + - "'certificateAuthority' and 'pkiCA' -type entries" + ";This plugin knows how to publish the CA cert to " + + "'certificateAuthority' and 'pkiCA' -type entries" }; return s; @@ -118,12 +116,12 @@ public class LdapCertificatePairPublisher } public void init(IConfigStore config) - throws EBaseException { - if (mInited) + throws EBaseException { + if (mInited) return; mConfig = config; mCrossCertPairAttr = mConfig.getString("crossCertPairAttr", LDAP_CROSS_CERT_PAIR_ATTR); - mCaObjectclass = mConfig.getString("caObjectClass", + mCaObjectclass = mConfig.getString("caObjectClass", LDAP_CA_OBJECTCLASS); mObjAdded = mConfig.getString("caObjectClassAdded", ""); mObjDeleted = mConfig.getString("caObjectClassDeleted", ""); @@ -153,27 +151,27 @@ public class LdapCertificatePairPublisher } /** - * publish a certificatePair - * -should not be called from listeners. + * publish a certificatePair -should not be called from listeners. + * * @param conn the LDAP connection * @param dn dn of the entry to publish the XcertificatePair - * @param pair the Xcertificate bytes object. + * @param pair the Xcertificate bytes object. */ public synchronized void publish(LDAPConnection conn, String dn, Object pair) - throws ELdapException { + throws ELdapException { publish(conn, dn, (byte[]) pair); } /** - * publish a certificatePair - * -should not be called from listeners. + * publish a certificatePair -should not be called from listeners. + * * @param conn the LDAP connection * @param dn dn of the entry to publish the XcertificatePair * @param pair the cross cert bytes */ public synchronized void publish(LDAPConnection conn, String dn, - byte[] pair) - throws ELdapException { + byte[] pair) + throws ELdapException { if (conn == null) { log(ILogger.LL_INFO, "LdapCertificatePairPublisher: no LDAP connection"); @@ -189,17 +187,17 @@ public class LdapCertificatePairPublisher try { // search for attributes to determine if they exist LDAPSearchResults res = - conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { LDAP_CACERT_ATTR, LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true); + conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", + new String[] { LDAP_CACERT_ATTR, LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true); LDAPEntry entry = res.next(); LDAPAttribute certs = entry.getAttribute(LDAP_CACERT_ATTR); LDAPAttribute arls = entry.getAttribute(LDAP_ARL_ATTR); LDAPAttribute crls = entry.getAttribute(LDAP_CRL_ATTR); // search for objectclass and crosscertpair attributes and values - LDAPSearchResults res1 = - conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { "objectclass", mCrossCertPairAttr }, false); + LDAPSearchResults res1 = + conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", + new String[] { "objectclass", mCrossCertPairAttr }, false); LDAPEntry entry1 = res1.next(); LDAPAttribute ocs = entry1.getAttribute("objectclass"); LDAPAttribute certPairs = entry1.getAttribute("crosscertificatepair;binary"); @@ -207,53 +205,53 @@ public class LdapCertificatePairPublisher LDAPModificationSet modSet = new LDAPModificationSet(); boolean hasCert = LdapUserCertPublisher.ByteValueExists(certPairs, pair); - if (LdapUserCertPublisher.ByteValueExists(certPairs, pair)) { + if (LdapUserCertPublisher.ByteValueExists(certPairs, pair)) { CMS.debug("LdapCertificatePairPublisher: cross cert pair bytes exist in publishing directory, do not publish again."); return; } if (hasCert) { log(ILogger.LL_INFO, "publish: CA " + dn + " already has cross cert pair bytes"); } else { - modSet.add(LDAPModification.ADD, - new LDAPAttribute(mCrossCertPairAttr, pair)); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(mCrossCertPairAttr, pair)); log(ILogger.LL_INFO, "cross cert pair published with dn=" + dn); } String[] oclist = mCaObjectclass.split(","); boolean attrsAdded = false; - for (int i=0; i < oclist.length; i++) { + for (int i = 0; i < oclist.length; i++) { String oc = oclist[i].trim(); boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc); if (!hasoc) { log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to " + dn); modSet.add(LDAPModification.ADD, - new LDAPAttribute("objectclass", oc)); + new LDAPAttribute("objectclass", oc)); if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) { // add MUST attributes - if (arls == null) + if (arls == null) modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_ARL_ATTR, "")); + new LDAPAttribute(LDAP_ARL_ATTR, "")); if (crls == null) modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_CRL_ATTR, "")); + new LDAPAttribute(LDAP_CRL_ATTR, "")); if (certs == null) - modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_CACERT_ATTR, "")); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(LDAP_CACERT_ATTR, "")); attrsAdded = true; } } - } + } // delete objectclasses that have been deleted from config String[] delList = mObjDeleted.split(","); if (delList.length > 0) { - for (int i=0; i< delList.length; i++) { + for (int i = 0; i < delList.length; i++) { String deloc = delList[i].trim(); boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc); boolean match = false; - for (int j=0; j< oclist.length; j++) { + for (int j = 0; j < oclist.length; j++) { if ((oclist[j].trim()).equals(deloc)) { match = true; break; @@ -280,14 +278,15 @@ public class LdapCertificatePairPublisher } } - if (modSet.size() > 0) conn.modify(dn, modSet); + if (modSet.size() > 0) + conn.modify(dn, modSet); CMS.debug("LdapCertificatePairPublisher: in publish() just published"); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString())); @@ -301,7 +300,7 @@ public class LdapCertificatePairPublisher * unsupported */ public void unpublish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { CMS.debug("LdapCertificatePairPublisher: unpublish() is unsupported in this revision"); } @@ -310,7 +309,7 @@ public class LdapCertificatePairPublisher */ private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCertificatePairPublisher: " + msg); + "LdapCertificatePairPublisher: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java index 22dc1294..a87791d3 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.security.cert.CRLException; import java.security.cert.X509CRL; import java.util.Locale; @@ -42,10 +41,9 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; - /** - * For publishing master or global CRL. - * Publishes (replaces) the CRL in the CA's LDAP entry. + * For publishing master or global CRL. Publishes (replaces) the CRL in the CA's + * LDAP entry. * * @version $Revision$, $Date$ */ @@ -82,14 +80,14 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { String[] params = { "crlAttr;string;Name of Ldap attribute in which to store the CRL", "crlObjectClass;string;The name of the objectclasses which should be " + - "added to this entry, if they do not already exist. This can be a comma-" + - "separated list such as 'certificationAuthority,certificationAuthority-V2' " + - "(if using RFC 2256) or 'pkiCA, deltaCRL' (if using RFC 4523)", + "added to this entry, if they do not already exist. This can be a comma-" + + "separated list such as 'certificationAuthority,certificationAuthority-V2' " + + "(if using RFC 2256) or 'pkiCA, deltaCRL' (if using RFC 4523)", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-publisher-crlpublisher", + ";configuration-ldappublish-publisher-crlpublisher", IExtendedPluginInfo.HELP_TEXT + - ";This plugin knows how to publish CRL's to " + - "'certificateAuthority' and 'pkiCA' -type entries" + ";This plugin knows how to publish CRL's to " + + "'certificateAuthority' and 'pkiCA' -type entries" }; return params; @@ -115,14 +113,14 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { return mConfig; } - public void init(IConfigStore config) - throws EBaseException { + public void init(IConfigStore config) + throws EBaseException { if (mInited) return; mConfig = config; mCrlAttr = mConfig.getString("crlAttr", LDAP_CRL_ATTR); mCrlObjectClass = mConfig.getString("crlObjectClass", - LDAP_CRL_OBJECTCLASS); + LDAP_CRL_OBJECTCLASS); mObjAdded = mConfig.getString("crlObjectClassAdded", ""); mObjDeleted = mConfig.getString("crlObjectClassDeleted", ""); @@ -142,11 +140,11 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { } /** - * Replaces the CRL in the certificateRevocationList attribute. - * CRL's are published as a DER encoded blob. + * Replaces the CRL in the certificateRevocationList attribute. CRL's are + * published as a DER encoded blob. */ public void publish(LDAPConnection conn, String dn, Object crlObj) - throws ELdapException { + throws ELdapException { if (conn == null) { log(ILogger.LL_INFO, "publish CRL: no LDAP connection"); return; @@ -162,28 +160,28 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { // see if we should create local connection LDAPConnection altConn = null; try { - String host = mConfig.getString("host", null); - String port = mConfig.getString("port", null); - if (host != null && port != null) { - int portVal = Integer.parseInt(port); - int version = Integer.parseInt(mConfig.getString("version", "2")); - String cert_nick = mConfig.getString("clientCertNickname", null); - LDAPSSLSocketFactoryExt sslSocket = null; - if (cert_nick != null) { - sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); + String host = mConfig.getString("host", null); + String port = mConfig.getString("port", null); + if (host != null && port != null) { + int portVal = Integer.parseInt(port); + int version = Integer.parseInt(mConfig.getString("version", "2")); + String cert_nick = mConfig.getString("clientCertNickname", null); + LDAPSSLSocketFactoryExt sslSocket = null; + if (cert_nick != null) { + sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); + } + String mgr_dn = mConfig.getString("bindDN", null); + String mgr_pwd = mConfig.getString("bindPWD", null); + + altConn = CMS.getBoundConnection(host, portVal, + version, + sslSocket, mgr_dn, mgr_pwd); + conn = altConn; } - String mgr_dn = mConfig.getString("bindDN", null); - String mgr_pwd = mConfig.getString("bindPWD", null); - - altConn = CMS.getBoundConnection(host, portVal, - version, - sslSocket, mgr_dn, mgr_pwd); - conn = altConn; - } } catch (LDAPException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } catch (EBaseException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } try { @@ -194,10 +192,10 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { LDAPSearchResults res = null; if (mCrlAttr.equals(LDAP_CRL_ATTR)) { res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true); + new String[] { LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true); } else { res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { LDAP_CRL_ATTR, LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true); + new String[] { LDAP_CRL_ATTR, LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true); } LDAPEntry entry = res.next(); @@ -216,26 +214,26 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { String[] oclist = mCrlObjectClass.split(","); boolean attrsAdded = false; - for (int i=0; i < oclist.length; i++) { + for (int i = 0; i < oclist.length; i++) { String oc = oclist[i].trim(); boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc); if (!hasoc) { log(ILogger.LL_INFO, "adding CRL objectclass " + oc + " to " + dn); modSet.add(LDAPModification.ADD, - new LDAPAttribute("objectclass", oc)); + new LDAPAttribute("objectclass", oc)); if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) { // add MUST attributes if (arls == null) modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_ARL_ATTR, "")); + new LDAPAttribute(LDAP_ARL_ATTR, "")); if (certs == null) modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_CACERT_ATTR, "")); + new LDAPAttribute(LDAP_CACERT_ATTR, "")); - if ((crls == null) && (!mCrlAttr.equals(LDAP_CRL_ATTR))) + if ((crls == null) && (!mCrlAttr.equals(LDAP_CRL_ATTR))) modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_CRL_ATTR, "")); + new LDAPAttribute(LDAP_CRL_ATTR, "")); attrsAdded = true; } } @@ -246,11 +244,11 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { // delete objectclasses that have been deleted from config String[] delList = mObjDeleted.split(","); if (delList.length > 0) { - for (int i=0; i< delList.length; i++) { + for (int i = 0; i < delList.length; i++) { String deloc = delList[i].trim(); boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc); boolean match = false; - for (int j=0; j< oclist.length; j++) { + for (int j = 0; j < oclist.length; j++) { if ((oclist[j].trim()).equals(deloc)) { match = true; break; @@ -275,7 +273,7 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { } catch (Exception e) { log(ILogger.LL_INFO, "Failure in updating mObjAdded and mObjDeleted"); } - } + } conn.modify(dn, modSet); } catch (CRLException e) { @@ -286,31 +284,31 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CRL_ERROR", e.toString())); } } finally { - if (altConn != null) { - try { - altConn.disconnect(); - } catch (LDAPException e) { - // safely ignored - } - } + if (altConn != null) { + try { + altConn.disconnect(); + } catch (LDAPException e) { + // safely ignored + } + } } } /** - * There shouldn't be a need to call this. - * CRLs are always replaced but this is implemented anyway in case - * there is ever a reason to remove a global CRL. + * There shouldn't be a need to call this. CRLs are always replaced but this + * is implemented anyway in case there is ever a reason to remove a global + * CRL. */ public void unpublish(LDAPConnection conn, String dn, Object crlObj) - throws ELdapException { + throws ELdapException { try { byte[] crlEnc = ((X509CRL) crlObj).getEncoded(); @@ -320,7 +318,6 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { } catch (EBaseException e) { } - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", new String[] { mCrlAttr, "objectclass" }, false); LDAPEntry e = res.next(); @@ -330,21 +327,21 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { LDAPModificationSet modSet = new LDAPModificationSet(); boolean hasOC = false; - boolean hasCRL = - LdapUserCertPublisher.ByteValueExists(crls, crlEnc); + boolean hasCRL = + LdapUserCertPublisher.ByteValueExists(crls, crlEnc); if (hasCRL) { - modSet.add(LDAPModification.DELETE, - new LDAPAttribute(mCrlAttr, crlEnc)); + modSet.add(LDAPModification.DELETE, + new LDAPAttribute(mCrlAttr, crlEnc)); } - + String[] oclist = mCrlObjectClass.split(","); - for (int i=0; i < oclist.length; i++) { + for (int i = 0; i < oclist.length; i++) { String oc = oclist[i].trim(); if (LdapUserCertPublisher.StringValueExists(ocs, oc)) { log(ILogger.LL_INFO, "unpublish: deleting CRL object class " + oc + " from " + dn); - modSet.add(LDAPModification.DELETE, - new LDAPAttribute("objectClass", oc)); + modSet.add(LDAPModification.DELETE, + new LDAPAttribute("objectClass", oc)); hasOC = true; } } @@ -353,7 +350,7 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { conn.modify(dn, modSet); } else { log(ILogger.LL_INFO, - "unpublish: " + dn + " already has not CRL"); + "unpublish: " + dn + " already has not CRL"); } } catch (CRLException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); @@ -363,7 +360,7 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); @@ -375,6 +372,6 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCrlPublisher: " + msg); + "LdapCrlPublisher: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java index f4dcbb3c..d9e60df4 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateEncodingException; @@ -51,10 +50,9 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; - -/** - * Interface for mapping a X509 certificate to a LDAP entry - * +/** + * Interface for mapping a X509 certificate to a LDAP entry + * * @version $Revision$, $Date$ */ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPluginInfo { @@ -82,9 +80,9 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin String[] params = { "certAttr;string;LDAP attribute in which to store the certificate", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-publisher-usercertpublisher", + ";configuration-ldappublish-publisher-usercertpublisher", IExtendedPluginInfo.HELP_TEXT + - ";This plugin knows how to publish user certificates" + ";This plugin knows how to publish user certificates" }; return params; @@ -110,7 +108,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin } public void init(IConfigStore config) - throws EBaseException { + throws EBaseException { if (mInited) return; mConfig = config; @@ -124,16 +122,16 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin } /** - * publish a user certificate - * Adds the cert to the multi-valued certificate attribute as a - * DER encoded binary blob. Does not check if cert already exists. + * publish a user certificate Adds the cert to the multi-valued certificate + * attribute as a DER encoded binary blob. Does not check if cert already + * exists. * * @param conn the LDAP connection * @param dn dn of the entry to publish the certificate - * @param certObj the certificate object. + * @param certObj the certificate object. */ public void publish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (conn == null) return; @@ -147,7 +145,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin byte[] certEnc = cert.getEncoded(); // check if cert already exists. - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, + LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", new String[] { mCertAttr }, false); LDAPEntry entry = res.next(); LDAPAttribute attr = getModificationAttribute(entry.getAttribute(mCertAttr), certEnc); @@ -157,10 +155,10 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin return; } - // publish + // publish LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr); - conn.modify(dn, mod); + conn.modify(dn, mod); } catch (CertificateEncodingException e) { CMS.debug("LdapEncryptCertPublisher: error in publish: " + e.toString()); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); @@ -169,7 +167,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); @@ -180,12 +178,11 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin } /** - * unpublish a user certificate - * deletes the certificate from the list of certificates. - * does not check if certificate is already there. + * unpublish a user certificate deletes the certificate from the list of + * certificates. does not check if certificate is already there. */ public void unpublish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (!(certObj instanceof X509Certificate)) throw new IllegalArgumentException("Illegal arg to publish"); @@ -195,7 +192,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin byte[] certEnc = cert.getEncoded(); // check if cert already deleted. - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, + LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", new String[] { mCertAttr }, false); LDAPEntry entry = res.next(); @@ -207,7 +204,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin LDAPModification mod = new LDAPModification(LDAPModification.DELETE, new LDAPAttribute(mCertAttr, certEnc)); - conn.modify(dn, mod); + conn.modify(dn, mod); } catch (CertificateEncodingException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); @@ -216,7 +213,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); @@ -228,11 +225,11 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapUserCertPublisher: " + msg); + "LdapUserCertPublisher: " + msg); } public LDAPAttribute getModificationAttribute( - LDAPAttribute attr, byte[] bval) { + LDAPAttribute attr, byte[] bval) { LDAPAttribute at = new LDAPAttribute(attr.getName(), bval); // determine if the given cert is a signing or an encryption @@ -248,7 +245,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin } @SuppressWarnings("unchecked") - Enumeration<byte[]> vals = attr.getByteValues(); + Enumeration<byte[]> vals = attr.getByteValues(); byte[] val = null; while (vals.hasMoreElements()) { @@ -258,12 +255,12 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin log(ILogger.LL_INFO, "Checking " + cert); if (CMS.isEncryptionCert(thisCert) && - CMS.isEncryptionCert(cert)) { + CMS.isEncryptionCert(cert)) { // skip log(ILogger.LL_INFO, "SKIP ENCRYPTION " + cert); revokeCert(cert); } else if (CMS.isSigningCert(thisCert) && - CMS.isSigningCert(cert)) { + CMS.isSigningCert(cert)) { // skip log(ILogger.LL_INFO, "SKIP SIGNING " + cert); revokeCert(cert); @@ -278,8 +275,8 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin } private RevokedCertImpl formCRLEntry( - BigInteger serialNo, RevocationReason reason) - throws EBaseException { + BigInteger serialNo, RevocationReason reason) + throws EBaseException { CRLReasonExtension reasonExt = new CRLReasonExtension(reason); CRLExtensions crlentryexts = new CRLExtensions(); @@ -291,13 +288,13 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin throw new ELdapException(CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } RevokedCertImpl crlentry = - new RevokedCertImpl(serialNo, new Date(), crlentryexts); + new RevokedCertImpl(serialNo, new Date(), crlentryexts); return crlentry; } private void revokeCert(X509CertImpl cert) - throws EBaseException { + throws EBaseException { try { if (mConfig.getBoolean(PROP_REVOKE_CERT, true) == false) { return; @@ -308,7 +305,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin BigInteger serialNum = cert.getSerialNumber(); // need to revoke certificate also ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem("ca"); + CMS.getSubsystem("ca"); ICAService service = (ICAService) ca.getCAService(); RevokedCertImpl crlEntry = formCRLEntry( serialNum, RevocationReason.KEY_COMPROMISE); @@ -324,7 +321,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin return false; } @SuppressWarnings("unchecked") - Enumeration<byte[]> vals = attr.getByteValues(); + Enumeration<byte[]> vals = attr.getByteValues(); byte[] val = null; while (vals.hasMoreElements()) { @@ -344,7 +341,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin return false; } @SuppressWarnings("unchecked") - Enumeration<String> vals = attr.getStringValues(); + Enumeration<String> vals = attr.getStringValues(); String val = null; while (vals.hasMoreElements()) { @@ -357,4 +354,3 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java index f612d005..f904c102 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Enumeration; @@ -43,10 +42,9 @@ import com.netscape.certsrv.logging.AuditFormat; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; - -/** - * Interface for mapping a X509 certificate to a LDAP entry - * +/** + * Interface for mapping a X509 certificate to a LDAP entry + * * @version $Revision$, $Date$ */ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInfo { @@ -72,9 +70,9 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf String[] params = { "certAttr;string;LDAP attribute in which to store the certificate", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-publisher-usercertpublisher", + ";configuration-ldappublish-publisher-usercertpublisher", IExtendedPluginInfo.HELP_TEXT + - ";This plugin knows how to publish user certificates" + ";This plugin knows how to publish user certificates" }; return params; @@ -100,7 +98,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf } public void init(IConfigStore config) - throws EBaseException { + throws EBaseException { if (mInited) return; mConfig = config; @@ -113,16 +111,16 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf } /** - * publish a user certificate - * Adds the cert to the multi-valued certificate attribute as a - * DER encoded binary blob. Does not check if cert already exists. + * publish a user certificate Adds the cert to the multi-valued certificate + * attribute as a DER encoded binary blob. Does not check if cert already + * exists. * * @param conn the LDAP connection * @param dn dn of the entry to publish the certificate - * @param certObj the certificate object. + * @param certObj the certificate object. */ public void publish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (conn == null) return; @@ -130,28 +128,28 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf // see if we should create local connection LDAPConnection altConn = null; try { - String host = mConfig.getString("host", null); - String port = mConfig.getString("port", null); - if (host != null && port != null) { - int portVal = Integer.parseInt(port); - int version = Integer.parseInt(mConfig.getString("version", "2")); - String cert_nick = mConfig.getString("clientCertNickname", null); - LDAPSSLSocketFactoryExt sslSocket = null; - if (cert_nick != null) { - sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); + String host = mConfig.getString("host", null); + String port = mConfig.getString("port", null); + if (host != null && port != null) { + int portVal = Integer.parseInt(port); + int version = Integer.parseInt(mConfig.getString("version", "2")); + String cert_nick = mConfig.getString("clientCertNickname", null); + LDAPSSLSocketFactoryExt sslSocket = null; + if (cert_nick != null) { + sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); + } + String mgr_dn = mConfig.getString("bindDN", null); + String mgr_pwd = mConfig.getString("bindPWD", null); + + altConn = CMS.getBoundConnection(host, portVal, + version, + sslSocket, mgr_dn, mgr_pwd); + conn = altConn; } - String mgr_dn = mConfig.getString("bindDN", null); - String mgr_pwd = mConfig.getString("bindPWD", null); - - altConn = CMS.getBoundConnection(host, portVal, - version, - sslSocket, mgr_dn, mgr_pwd); - conn = altConn; - } } catch (LDAPException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } catch (EBaseException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } if (!(certObj instanceof X509Certificate)) @@ -169,7 +167,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf byte[] certEnc = cert.getEncoded(); // check if cert already exists. - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, + LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", new String[] { mCertAttr }, false); LDAPEntry entry = res.next(); @@ -178,26 +176,26 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf return; } - // publish + // publish LDAPModification mod = null; if (deleteCert) { - mod = new LDAPModification(LDAPModification.REPLACE, - new LDAPAttribute(mCertAttr, certEnc)); + mod = new LDAPModification(LDAPModification.REPLACE, + new LDAPAttribute(mCertAttr, certEnc)); } else { - mod = new LDAPModification(LDAPModification.ADD, - new LDAPAttribute(mCertAttr, certEnc)); + mod = new LDAPModification(LDAPModification.ADD, + new LDAPAttribute(mCertAttr, certEnc)); } - conn.modify(dn, mod); + conn.modify(dn, mod); // log a successful message to the "transactions" log - mLogger.log( ILogger.EV_AUDIT, + mLogger.log(ILogger.EV_AUDIT, ILogger.S_LDAP, ILogger.LL_INFO, AuditFormat.LDAP_PUBLISHED_FORMAT, new Object[] { "LdapUserCertPublisher", cert.getSerialNumber().toString(16), - cert.getSubjectDN() } ); + cert.getSubjectDN() }); } catch (CertificateEncodingException e) { CMS.debug("LdapUserCertPublisher: error in publish: " + e.toString()); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); @@ -206,31 +204,30 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); } } finally { - if (altConn != null) { - try { - altConn.disconnect(); - } catch (LDAPException e) { - // safely ignored - } - } + if (altConn != null) { + try { + altConn.disconnect(); + } catch (LDAPException e) { + // safely ignored + } + } } return; } /** - * unpublish a user certificate - * deletes the certificate from the list of certificates. - * does not check if certificate is already there. + * unpublish a user certificate deletes the certificate from the list of + * certificates. does not check if certificate is already there. */ public void unpublish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { boolean disableUnpublish = false; try { @@ -239,8 +236,8 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf } if (disableUnpublish) { - CMS.debug("UserCertPublisher: disable unpublish"); - return; + CMS.debug("UserCertPublisher: disable unpublish"); + return; } if (!(certObj instanceof X509Certificate)) @@ -252,7 +249,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf byte[] certEnc = cert.getEncoded(); // check if cert already deleted. - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, + LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", new String[] { mCertAttr }, false); LDAPEntry entry = res.next(); @@ -264,7 +261,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf LDAPModification mod = new LDAPModification(LDAPModification.DELETE, new LDAPAttribute(mCertAttr, certEnc)); - conn.modify(dn, mod); + conn.modify(dn, mod); } catch (CertificateEncodingException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); @@ -273,7 +270,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR")); @@ -285,7 +282,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapUserCertPublisher: " + msg); + "LdapUserCertPublisher: " + msg); } /** diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java index ad37a666..feca23ff 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.io.DataInputStream; import java.io.IOException; import java.io.OutputStream; @@ -42,11 +41,9 @@ import com.netscape.certsrv.publish.ILdapPublisher; import com.netscape.cmsutil.http.HttpRequest; import com.netscape.cmsutil.http.JssSSLSocketFactory; - -/** - * This publisher writes certificate and CRL into - * a directory. - * +/** + * This publisher writes certificate and CRL into a directory. + * * @version $Revision$, $Date$ */ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { @@ -86,9 +83,9 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { PROP_NICK + ";string;Nickname of cert used for client authentication", PROP_CLIENT_AUTH_ENABLE + ";boolean;Client Authentication enabled", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-publisher-ocsppublisher", + ";configuration-ldappublish-publisher-ocsppublisher", IExtendedPluginInfo.HELP_TEXT + - ";Publishes CRLs to a Online Certificate Status Manager, an OCSP responder provided by CMS." + ";Publishes CRLs to a Online Certificate Status Manager, an OCSP responder provided by CMS." }; return params; @@ -146,11 +143,10 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { nickname = config.getString("ca.subsystem.nickname", ""); String tokenname = config.getString("ca.subsystem.tokenname", ""); if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) - nickname = tokenname+":"+nickname; + nickname = tokenname + ":" + nickname; } catch (Exception e) { } - v.addElement(PROP_HOST + "="); v.addElement(PROP_PORT + "="); v.addElement(PROP_PATH + "=/ocsp/agent/ocsp/addCRL"); @@ -178,45 +174,42 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { return mConfig; } - protected Socket Connect(String host, boolean secure, JssSSLSocketFactory factory) - { - Socket socket = null; - StringTokenizer st = new StringTokenizer(host, " "); - while (st.hasMoreTokens()) { - String hp = st.nextToken(); // host:port - StringTokenizer st1 = new StringTokenizer(hp, ":"); - String h = st1.nextToken(); - int p = Integer.parseInt(st1.nextToken()); - try { - if (secure) { - socket = factory.makeSocket(h, p); - } else { - socket = new Socket(h, p); - } - return socket; - } catch (Exception e) { - } - try { - Thread.sleep(5000); // 5 seconds delay - } catch (Exception e) { - } - } - return null; + protected Socket Connect(String host, boolean secure, JssSSLSocketFactory factory) { + Socket socket = null; + StringTokenizer st = new StringTokenizer(host, " "); + while (st.hasMoreTokens()) { + String hp = st.nextToken(); // host:port + StringTokenizer st1 = new StringTokenizer(hp, ":"); + String h = st1.nextToken(); + int p = Integer.parseInt(st1.nextToken()); + try { + if (secure) { + socket = factory.makeSocket(h, p); + } else { + socket = new Socket(h, p); + } + return socket; + } catch (Exception e) { + } + try { + Thread.sleep(5000); // 5 seconds delay + } catch (Exception e) { + } + } + return null; } /** * Publishs a object to the ldap directory. * - * @param conn a Ldap connection - * (null if LDAP publishing is not enabled) - * @param dn dn of the ldap entry to publish cert - * (null if LDAP publishing is not enabled) - * @param object object to publish - * (java.security.cert.X509Certificate or, - * java.security.cert.X509CRL) + * @param conn a Ldap connection (null if LDAP publishing is not enabled) + * @param dn dn of the ldap entry to publish cert (null if LDAP publishing + * is not enabled) + * @param object object to publish (java.security.cert.X509Certificate or, + * java.security.cert.X509CRL) */ public synchronized void publish(LDAPConnection conn, String dn, Object object) - throws ELdapException { + throws ELdapException { try { if (!(object instanceof X509CRL)) return; @@ -226,18 +219,18 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { // open the connection and prepare it to POST boolean secure = true; - + String host = mHost; int port = Integer.parseInt(mPort); String path = mPath; - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_INFO, "OCSPPublisher: " + - "Host='" + host + "' Port='" + port + - "' URL='" + path + "'"); - CMS.debug("OCSPPublisher: " + - "Host='" + host + "' Port='" + port + - "' URL='" + path + "'"); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_INFO, "OCSPPublisher: " + + "Host='" + host + "' Port='" + port + + "' URL='" + path + "'"); + CMS.debug("OCSPPublisher: " + + "Host='" + host + "' Port='" + port + + "' URL='" + path + "'"); StringBuffer query = new StringBuffer(); query.append("crl="); @@ -256,23 +249,23 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { } if (mHost != null && mHost.indexOf(' ') != -1) { - // support failover hosts configuration - // host parameter can be - // "directory.knowledge.com:1050 people.catalog.com 199.254.1.2" - do { - socket = Connect(mHost, secure, factory); - } while (socket == null); + // support failover hosts configuration + // host parameter can be + // "directory.knowledge.com:1050 people.catalog.com 199.254.1.2" + do { + socket = Connect(mHost, secure, factory); + } while (socket == null); } else { - if (secure) { - socket = factory.makeSocket(host, port); - } else { - socket = new Socket(host, port); - } + if (secure) { + socket = factory.makeSocket(host, port); + } else { + socket = new Socket(host, port); + } } - if( socket == null ) { - CMS.debug( "OCSPPublisher::publish() - socket is null!" ); - throw new ELdapException( "socket is null" ); + if (socket == null) { + CMS.debug("OCSPPublisher::publish() - socket is null!"); + throw new ELdapException("socket is null"); } // use HttpRequest and POST @@ -283,17 +276,17 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { httpReq.setHeader("Connection", "Keep-Alive"); httpReq.setHeader("Content-Type", - "application/x-www-form-urlencoded"); + "application/x-www-form-urlencoded"); httpReq.setHeader("Content-Transfer-Encoding", "7bit"); - httpReq.setHeader("Content-Length", - Integer.toString(query.length())); + httpReq.setHeader("Content-Length", + Integer.toString(query.length())); httpReq.setContent(query.toString()); OutputStream os = socket.getOutputStream(); OutputStreamWriter outputStreamWriter = new OutputStreamWriter(os, "UTF8"); - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_INFO, "OCSPPublisher: start sending CRL"); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_INFO, "OCSPPublisher: start sending CRL"); long startTime = CMS.getCurrentDate().getTime(); CMS.debug("OCSPPublisher: start CRL sending startTime=" + startTime); httpReq.write(outputStreamWriter); @@ -301,8 +294,8 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { CMS.debug("OCSPPublisher: done CRL sending endTime=" + endTime + " diff=" + (endTime - startTime)); // Read the response - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_INFO, "OCSPPublisher: start getting response"); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_INFO, "OCSPPublisher: start getting response"); DataInputStream dis = new DataInputStream(socket.getInputStream()); String nextline; String line = ""; @@ -321,40 +314,38 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { } dis.close(); if (status) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_INFO, "OCSPPublisher: successful"); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_INFO, "OCSPPublisher: successful"); } else { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_INFO, "OCSPPublisher: failed - " + error); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_INFO, "OCSPPublisher: failed - " + error); } - + } catch (IOException e) { CMS.debug("OCSPPublisher: publish failed " + e.toString()); - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString())); } catch (CRLException e) { CMS.debug("OCSPPublisher: publish failed " + e.toString()); - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString())); } catch (Exception e) { CMS.debug("OCSPPublisher: publish failed " + e.toString()); - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString())); } } /** * Unpublishs a object to the ldap directory. - * - * @param conn the Ldap connection - * (null if LDAP publishing is not enabled) - * @param dn dn of the ldap entry to unpublish cert - * (null if LDAP publishing is not enabled) - * @param object object to unpublish - * (java.security.cert.X509Certificate) + * + * @param conn the Ldap connection (null if LDAP publishing is not enabled) + * @param dn dn of the ldap entry to unpublish cert (null if LDAP publishing + * is not enabled) + * @param object object to unpublish (java.security.cert.X509Certificate) */ public void unpublish(LDAPConnection conn, String dn, Object object) - throws ELdapException { + throws ELdapException { // NOT USED } } diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java b/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java index d5717aad..6232fa23 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; @@ -29,10 +28,9 @@ import java.text.SimpleDateFormat; import java.util.Date; import java.util.Vector; - /** * Publisher utility class. - * + * * @version $Revision$, $Date$ */ public class Utils { @@ -58,8 +56,8 @@ public class Utils { } } - /// Sorts an array of Strings. - // Java currently has no general sort function. Sorting Strings is + // / Sorts an array of Strings. + // Java currently has no general sort function. Sorting Strings is // common enough that it's worth making a special case. public static void sortStrings(String[] strings) { // Just does a bubblesort. @@ -75,8 +73,8 @@ public class Utils { } } - /// Returns a date string formatted in Unix ls style - if it's within - // six months of now, Mmm dd hh:ss, else Mmm dd yyyy. + // / Returns a date string formatted in Unix ls style - if it's within + // six months of now, Mmm dd hh:ss, else Mmm dd yyyy. public static String lsDateStr(Date date) { long dateTime = date.getTime(); @@ -104,9 +102,10 @@ public class Utils { } return true; } - + /** * strips out double quotes around String parameter + * * @param s the string potentially bracketed with double quotes * @return string stripped of surrounding double quotes */ @@ -123,9 +122,8 @@ public class Utils { } /** - * returns an array of strings from a vector of Strings - * there'll be trouble if the Vector contains something other - * than just Strings + * returns an array of strings from a vector of Strings there'll be trouble + * if the Vector contains something other than just Strings */ public static String[] getStringArrayFromVector(Vector v) { String s[] = new String[v.size()]; diff --git a/pki/base/common/src/com/netscape/cms/request/RequestScheduler.java b/pki/base/common/src/com/netscape/cms/request/RequestScheduler.java index b48af995..ad4672a6 100644 --- a/pki/base/common/src/com/netscape/cms/request/RequestScheduler.java +++ b/pki/base/common/src/com/netscape/cms/request/RequestScheduler.java @@ -17,18 +17,15 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.request; - import java.util.Vector; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestScheduler; - /** - * This class represents a request scheduler that prioritizes - * the threads based on the request processing order. - * The request that enters the request queue first should - * be processed first. + * This class represents a request scheduler that prioritizes the threads based + * on the request processing order. The request that enters the request queue + * first should be processed first. * * @version $Revision$, $Date$ */ @@ -37,7 +34,7 @@ public class RequestScheduler implements IRequestScheduler { /** * Request entered the request queue processing. - * + * * @param r request */ public synchronized void requestIn(IRequest r) { @@ -51,10 +48,10 @@ public class RequestScheduler implements IRequestScheduler { /** * Request exited the request queue processing. - * + * * @param r request */ - public synchronized void requestOut(IRequest r) { + public synchronized void requestOut(IRequest r) { Thread current = Thread.currentThread(); Thread first = (Thread) mRequestThreads.elementAt(0); diff --git a/pki/base/common/src/com/netscape/cms/selftests/ASelfTest.java b/pki/base/common/src/com/netscape/cms/selftests/ASelfTest.java index df7f02bc..bda3fd51 100644 --- a/pki/base/common/src/com/netscape/cms/selftests/ASelfTest.java +++ b/pki/base/common/src/com/netscape/cms/selftests/ASelfTest.java @@ -20,7 +20,6 @@ package com.netscape.cms.selftests; - /////////////////////// // import statements // /////////////////////// @@ -37,7 +36,6 @@ import com.netscape.certsrv.selftests.ESelfTestException; import com.netscape.certsrv.selftests.ISelfTest; import com.netscape.certsrv.selftests.ISelfTestSubsystem; - ////////////////////// // class definition // ////////////////////// @@ -51,16 +49,14 @@ import com.netscape.certsrv.selftests.ISelfTestSubsystem; * @version $Revision$, $Date$ */ public abstract class ASelfTest - implements ISelfTest { - //////////////////////// + implements ISelfTest { + // ////////////////////// // default parameters // - //////////////////////// - - + // ////////////////////// - ////////////////////////// + // //////////////////////// // ISelfTest parameters // - ////////////////////////// + // //////////////////////// // parameter information private static final String SELF_TEST_NAME = "ASelfTest"; @@ -71,32 +67,30 @@ public abstract class ASelfTest protected IConfigStore mConfig = null; protected String mPrefix = null; - ///////////////////// + // /////////////////// // default methods // - ///////////////////// + // /////////////////// - - - /////////////////////// + // ///////////////////// // ISelfTest methods // - /////////////////////// + // ///////////////////// /** - * Initializes this subsystem with the configuration store - * associated with this instance name. + * Initializes this subsystem with the configuration store associated with + * this instance name. * <P> - * + * * @param subsystem the associated subsystem - * @param instanceName the name of this self test instance + * @param instanceName the name of this self test instance * @param parameters configuration store (self test parameters) * @exception EDuplicateSelfTestException subsystem has duplicate name/value * @exception EInvalidSelfTestException subsystem has invalid name/value * @exception EMissingSelfTestException subsystem has missing name/value */ public void initSelfTest(ISelfTestSubsystem subsystem, - String instanceName, - IConfigStore parameters) - throws EDuplicateSelfTestException, + String instanceName, + IConfigStore parameters) + throws EDuplicateSelfTestException, EInvalidSelfTestException, EMissingSelfTestException { // store individual self test class values for this instance @@ -108,9 +102,9 @@ public abstract class ASelfTest instanceName = instanceName.trim(); } else { mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - CMS.getLogMessage( - "SELFTESTS_PARAMETER_WAS_NULL", - SELF_TEST_NAME)); + CMS.getLogMessage( + "SELFTESTS_PARAMETER_WAS_NULL", + SELF_TEST_NAME)); throw new EMissingSelfTestException(); } @@ -124,14 +118,14 @@ public abstract class ASelfTest mConfig = parameters.getSubStore(pluginPath); if ((mConfig != null) && - (mConfig.getName() != null) && - (mConfig.getName() != "")) { + (mConfig.getName() != null) && + (mConfig.getName() != "")) { mPrefix = mConfig.getName().trim(); } else { mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - CMS.getLogMessage( - "SELFTESTS_PARAMETER_WAS_NULL", - SELF_TEST_NAME)); + CMS.getLogMessage( + "SELFTESTS_PARAMETER_WAS_NULL", + SELF_TEST_NAME)); throw new EMissingSelfTestException(); } @@ -142,24 +136,24 @@ public abstract class ASelfTest /** * Notifies this subsystem if it is in execution mode. * <P> - * + * * @exception ESelfTestException failed to start */ public abstract void startupSelfTest() - throws ESelfTestException; + throws ESelfTestException; /** - * Stops this subsystem. The subsystem may call shutdownSelfTest - * anytime after initialization. + * Stops this subsystem. The subsystem may call shutdownSelfTest anytime + * after initialization. * <P> */ public abstract void shutdownSelfTest(); /** - * Returns the name associated with this self test. This method may - * return null if the self test has not been intialized. + * Returns the name associated with this self test. This method may return + * null if the self test has not been intialized. * <P> - * + * * @return instanceName of this self test */ public String getSelfTestName() { @@ -167,10 +161,10 @@ public abstract class ASelfTest } /** - * Returns the root configuration storage (self test parameters) - * associated with this subsystem. + * Returns the root configuration storage (self test parameters) associated + * with this subsystem. * <P> - * + * * @return configuration store (self test parameters) of this subsystem */ public IConfigStore getSelfTestConfigStore() { @@ -178,10 +172,10 @@ public abstract class ASelfTest } /** - * Retrieves description associated with an individual self test. - * This method may return null. + * Retrieves description associated with an individual self test. This + * method may return null. * <P> - * + * * @param locale locale of the client that requests the description * @return description of self test */ @@ -190,11 +184,10 @@ public abstract class ASelfTest /** * Execute an individual self test. * <P> - * + * * @param logger specifies logging subsystem * @exception ESelfTestException self test exception */ public abstract void runSelfTest(ILogEventListener logger) - throws ESelfTestException; + throws ESelfTestException; } - diff --git a/pki/base/common/src/com/netscape/cms/selftests/ca/CAPresence.java b/pki/base/common/src/com/netscape/cms/selftests/ca/CAPresence.java index cf3338ef..6d7a8de7 100644 --- a/pki/base/common/src/com/netscape/cms/selftests/ca/CAPresence.java +++ b/pki/base/common/src/com/netscape/cms/selftests/ca/CAPresence.java @@ -20,8 +20,6 @@ package com.netscape.cms.selftests.ca; - - /////////////////////// // import statements // /////////////////////// @@ -44,8 +42,6 @@ import com.netscape.certsrv.selftests.ESelfTestException; import com.netscape.certsrv.selftests.ISelfTestSubsystem; import com.netscape.cms.selftests.ASelfTest; - - ////////////////////// // class definition // ////////////////////// @@ -59,83 +55,75 @@ import com.netscape.cms.selftests.ASelfTest; * @version $Revision$, $Date$ */ public class CAPresence -extends ASelfTest -{ - //////////////////////// + extends ASelfTest { + // ////////////////////// // default parameters // - //////////////////////// - + // ////////////////////// - - /////////////////////////// + // ///////////////////////// // CAPresence parameters // - /////////////////////////// + // ///////////////////////// // parameter information public static final String PROP_CA_SUB_ID = "CaSubId"; - private String mCaSubId = null; - + private String mCaSubId = null; - - ///////////////////// + // /////////////////// // default methods // - ///////////////////// - + // /////////////////// - - //////////////////////// + // ////////////////////// // CAPresence methods // - //////////////////////// + // ////////////////////// /** - * Initializes this subsystem with the configuration store - * associated with this instance name. + * Initializes this subsystem with the configuration store associated with + * this instance name. * <P> - * + * * @param subsystem the associated subsystem - * @param instanceName the name of this self test instance + * @param instanceName the name of this self test instance * @param parameters configuration store (self test parameters) * @exception EDuplicateSelfTestException subsystem has duplicate name/value * @exception EInvalidSelfTestException subsystem has invalid name/value * @exception EMissingSelfTestException subsystem has missing name/value */ - public void initSelfTest( ISelfTestSubsystem subsystem, + public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName, - IConfigStore parameters ) - throws EDuplicateSelfTestException, - EInvalidSelfTestException, - EMissingSelfTestException - { - super.initSelfTest( subsystem, instanceName, parameters ); + IConfigStore parameters) + throws EDuplicateSelfTestException, + EInvalidSelfTestException, + EMissingSelfTestException { + super.initSelfTest(subsystem, instanceName, parameters); // retrieve mandatory parameter(s) try { - mCaSubId = mConfig.getString( PROP_CA_SUB_ID ); - if( mCaSubId != null ) { + mCaSubId = mConfig.getString(PROP_CA_SUB_ID); + if (mCaSubId != null) { mCaSubId = mCaSubId.trim(); } else { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_VALUES", - getSelfTestName(), - mPrefix - + "." - + PROP_CA_SUB_ID ) ); + "SELFTESTS_MISSING_VALUES", + getSelfTestName(), + mPrefix + + "." + + PROP_CA_SUB_ID)); - throw new EMissingSelfTestException( PROP_CA_SUB_ID ); + throw new EMissingSelfTestException(PROP_CA_SUB_ID); } - } catch( EBaseException e ) { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + } catch (EBaseException e) { + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_NAME", - getSelfTestName(), - mPrefix - + "." - + PROP_CA_SUB_ID ) ); + "SELFTESTS_MISSING_NAME", + getSelfTestName(), + mPrefix + + "." + + PROP_CA_SUB_ID)); - throw new EMissingSelfTestException( mPrefix, + throw new EMissingSelfTestException(mPrefix, PROP_CA_SUB_ID, - null ); + null); } // retrieve optional parameter(s) @@ -143,145 +131,132 @@ extends ASelfTest return; } - /** * Notifies this subsystem if it is in execution mode. * <P> - * + * * @exception ESelfTestException failed to start */ public void startupSelfTest() - throws ESelfTestException - { + throws ESelfTestException { return; } - /** - * Stops this subsystem. The subsystem may call shutdownSelfTest - * anytime after initialization. + * Stops this subsystem. The subsystem may call shutdownSelfTest anytime + * after initialization. * <P> */ - public void shutdownSelfTest() - { + public void shutdownSelfTest() { return; } - /** - * Returns the name associated with this self test. This method may - * return null if the self test has not been intialized. + * Returns the name associated with this self test. This method may return + * null if the self test has not been intialized. * <P> - * + * * @return instanceName of this self test */ - public String getSelfTestName() - { + public String getSelfTestName() { return super.getSelfTestName(); } - /** - * Returns the root configuration storage (self test parameters) - * associated with this subsystem. + * Returns the root configuration storage (self test parameters) associated + * with this subsystem. * <P> - * + * * @return configuration store (self test parameters) of this subsystem */ - public IConfigStore getSelfTestConfigStore() - { + public IConfigStore getSelfTestConfigStore() { return super.getSelfTestConfigStore(); } - /** - * Retrieves description associated with an individual self test. - * This method may return null. + * Retrieves description associated with an individual self test. This + * method may return null. * <P> - * + * * @param locale locale of the client that requests the description * @return description of self test */ - public String getSelfTestDescription( Locale locale ) - { - return CMS.getUserMessage( locale, - "CMS_SELFTESTS_CA_PRESENCE_DESCRIPTION" ); + public String getSelfTestDescription(Locale locale) { + return CMS.getUserMessage(locale, + "CMS_SELFTESTS_CA_PRESENCE_DESCRIPTION"); } - /** * Execute an individual self test. * <P> - * + * * @param logger specifies logging subsystem * @exception ESelfTestException self test exception */ - public void runSelfTest( ILogEventListener logger ) - throws ESelfTestException - { + public void runSelfTest(ILogEventListener logger) + throws ESelfTestException { String logMessage = null; ICertificateAuthority ca = null; X509CertImpl caCert = null; X509Key caPubKey = null; - ca = ( ICertificateAuthority ) CMS.getSubsystem( mCaSubId ); + ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId); - if( ca == null ) { + if (ca == null) { // log that the CA is not installed - logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_NOT_PRESENT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_PRESENT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } else { // Retrieve the CA certificate caCert = ca.getCACert(); - if( caCert == null ) { + if (caCert == null) { // log that the CA is not yet initialized - logMessage = CMS.getLogMessage( + logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_NOT_INITIALIZED", - getSelfTestName() ); + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } // Retrieve the CA certificate public key try { - caPubKey = ( X509Key ) caCert.get( X509CertImpl.PUBLIC_KEY ); + caPubKey = (X509Key) caCert.get(X509CertImpl.PUBLIC_KEY); - if( caPubKey == null ) { + if (caPubKey == null) { // log that something is seriously wrong with the CA - logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_CORRUPT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_CORRUPT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } - } catch( CertificateParsingException e ) { + } catch (CertificateParsingException e) { // log that something is seriously wrong with the CA - mSelfTestSubsystem.log( logger, - e.toString() ); + mSelfTestSubsystem.log(logger, + e.toString()); - throw new ESelfTestException( e.toString() ); + throw new ESelfTestException(e.toString()); } // log that the CA is present - logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_PRESENT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_PRESENT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); } return; } } - diff --git a/pki/base/common/src/com/netscape/cms/selftests/ca/CAValidity.java b/pki/base/common/src/com/netscape/cms/selftests/ca/CAValidity.java index cff35ce5..cdda0a0d 100644 --- a/pki/base/common/src/com/netscape/cms/selftests/ca/CAValidity.java +++ b/pki/base/common/src/com/netscape/cms/selftests/ca/CAValidity.java @@ -20,8 +20,6 @@ package com.netscape.cms.selftests.ca; - - /////////////////////// // import statements // /////////////////////// @@ -44,14 +42,12 @@ import com.netscape.certsrv.selftests.ESelfTestException; import com.netscape.certsrv.selftests.ISelfTestSubsystem; import com.netscape.cms.selftests.ASelfTest; - - ////////////////////// // class definition // ////////////////////// /** - * This class implements a self test to check the validity of the CA. + * This class implements a self test to check the validity of the CA. * <P> * * @author mharmsen @@ -59,83 +55,75 @@ import com.netscape.cms.selftests.ASelfTest; * @version $Revision$, $Date$ */ public class CAValidity -extends ASelfTest -{ - //////////////////////// + extends ASelfTest { + // ////////////////////// // default parameters // - //////////////////////// - + // ////////////////////// - - /////////////////////////// + // ///////////////////////// // CAValidity parameters // - /////////////////////////// + // ///////////////////////// // parameter information public static final String PROP_CA_SUB_ID = "CaSubId"; - private String mCaSubId = null; - + private String mCaSubId = null; - - ///////////////////// + // /////////////////// // default methods // - ///////////////////// - + // /////////////////// - - //////////////////////// + // ////////////////////// // CAValidity methods // - //////////////////////// + // ////////////////////// /** - * Initializes this subsystem with the configuration store - * associated with this instance name. + * Initializes this subsystem with the configuration store associated with + * this instance name. * <P> - * + * * @param subsystem the associated subsystem - * @param instanceName the name of this self test instance + * @param instanceName the name of this self test instance * @param parameters configuration store (self test parameters) * @exception EDuplicateSelfTestException subsystem has duplicate name/value * @exception EInvalidSelfTestException subsystem has invalid name/value * @exception EMissingSelfTestException subsystem has missing name/value */ - public void initSelfTest( ISelfTestSubsystem subsystem, + public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName, - IConfigStore parameters ) - throws EDuplicateSelfTestException, - EInvalidSelfTestException, - EMissingSelfTestException - { - super.initSelfTest( subsystem, instanceName, parameters ); + IConfigStore parameters) + throws EDuplicateSelfTestException, + EInvalidSelfTestException, + EMissingSelfTestException { + super.initSelfTest(subsystem, instanceName, parameters); // retrieve mandatory parameter(s) try { - mCaSubId = mConfig.getString( PROP_CA_SUB_ID ); - if( mCaSubId != null ) { + mCaSubId = mConfig.getString(PROP_CA_SUB_ID); + if (mCaSubId != null) { mCaSubId = mCaSubId.trim(); } else { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_VALUES", - getSelfTestName(), - mPrefix - + "." - + PROP_CA_SUB_ID ) ); + "SELFTESTS_MISSING_VALUES", + getSelfTestName(), + mPrefix + + "." + + PROP_CA_SUB_ID)); - throw new EMissingSelfTestException( PROP_CA_SUB_ID ); + throw new EMissingSelfTestException(PROP_CA_SUB_ID); } - } catch( EBaseException e ) { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + } catch (EBaseException e) { + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_NAME", - getSelfTestName(), - mPrefix - + "." - + PROP_CA_SUB_ID ) ); + "SELFTESTS_MISSING_NAME", + getSelfTestName(), + mPrefix + + "." + + PROP_CA_SUB_ID)); - throw new EMissingSelfTestException( mPrefix, + throw new EMissingSelfTestException(mPrefix, PROP_CA_SUB_ID, - null ); + null); } // retrieve optional parameter(s) @@ -143,145 +131,132 @@ extends ASelfTest return; } - /** * Notifies this subsystem if it is in execution mode. * <P> - * + * * @exception ESelfTestException failed to start */ public void startupSelfTest() - throws ESelfTestException - { + throws ESelfTestException { return; } - /** - * Stops this subsystem. The subsystem may call shutdownSelfTest - * anytime after initialization. + * Stops this subsystem. The subsystem may call shutdownSelfTest anytime + * after initialization. * <P> */ - public void shutdownSelfTest() - { + public void shutdownSelfTest() { return; } - /** - * Returns the name associated with this self test. This method may - * return null if the self test has not been intialized. + * Returns the name associated with this self test. This method may return + * null if the self test has not been intialized. * <P> - * + * * @return instanceName of this self test */ - public String getSelfTestName() - { + public String getSelfTestName() { return super.getSelfTestName(); } - /** - * Returns the root configuration storage (self test parameters) - * associated with this subsystem. + * Returns the root configuration storage (self test parameters) associated + * with this subsystem. * <P> - * + * * @return configuration store (self test parameters) of this subsystem */ - public IConfigStore getSelfTestConfigStore() - { + public IConfigStore getSelfTestConfigStore() { return super.getSelfTestConfigStore(); } - /** - * Retrieves description associated with an individual self test. - * This method may return null. + * Retrieves description associated with an individual self test. This + * method may return null. * <P> - * + * * @param locale locale of the client that requests the description * @return description of self test */ - public String getSelfTestDescription( Locale locale ) - { - return CMS.getUserMessage( locale, - "CMS_SELFTESTS_CA_VALIDITY_DESCRIPTION" ); + public String getSelfTestDescription(Locale locale) { + return CMS.getUserMessage(locale, + "CMS_SELFTESTS_CA_VALIDITY_DESCRIPTION"); } - /** * Execute an individual self test. * <P> - * + * * @param logger specifies logging subsystem * @exception ESelfTestException self test exception */ - public void runSelfTest( ILogEventListener logger ) - throws ESelfTestException - { + public void runSelfTest(ILogEventListener logger) + throws ESelfTestException { String logMessage = null; ICertificateAuthority ca = null; X509CertImpl caCert = null; - ca = ( ICertificateAuthority ) CMS.getSubsystem( mCaSubId ); + ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId); - if( ca == null ) { + if (ca == null) { // log that the CA is not installed - logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_NOT_PRESENT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_PRESENT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } else { // Retrieve the CA certificate caCert = ca.getCACert(); - if( caCert == null ) { + if (caCert == null) { // log that the CA is not yet initialized - logMessage = CMS.getLogMessage( + logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_NOT_INITIALIZED", - getSelfTestName() ); + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } // Retrieve the CA validity period try { caCert.checkValidity(); - } catch( CertificateNotYetValidException e ) { + } catch (CertificateNotYetValidException e) { // log that the CA is not yet valid - logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_NOT_YET_VALID", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_YET_VALID", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); - } catch( CertificateExpiredException e ) { + throw new ESelfTestException(logMessage); + } catch (CertificateExpiredException e) { // log that the CA is expired - logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_EXPIRED", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_EXPIRED", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } // log that the CA is valid - logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_VALID", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_VALID", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); } return; } } - diff --git a/pki/base/common/src/com/netscape/cms/selftests/common/SystemCertsVerification.java b/pki/base/common/src/com/netscape/cms/selftests/common/SystemCertsVerification.java index b3388d9e..a85d5ba4 100644 --- a/pki/base/common/src/com/netscape/cms/selftests/common/SystemCertsVerification.java +++ b/pki/base/common/src/com/netscape/cms/selftests/common/SystemCertsVerification.java @@ -20,8 +20,6 @@ package com.netscape.cms.selftests.common; - - /////////////////////// // import statements // /////////////////////// @@ -39,97 +37,86 @@ import com.netscape.certsrv.selftests.ESelfTestException; import com.netscape.certsrv.selftests.ISelfTestSubsystem; import com.netscape.cms.selftests.ASelfTest; - - ////////////////////// // class definition // ////////////////////// /** - * This class implements a self test to check the system certs - * of the subsystem + * This class implements a self test to check the system certs of the subsystem * <P> * - * @version $Revision: $, $Date: $ + * @version $Revision: $, $Date: $ */ public class SystemCertsVerification -extends ASelfTest -{ - //////////////////////// + extends ASelfTest { + // ////////////////////// // default parameters // - //////////////////////// - + // ////////////////////// - - /////////////////////////// + // ///////////////////////// // SystemCertsVerification parameters // - /////////////////////////// + // ///////////////////////// // parameter information public static final String PROP_SUB_ID = "SubId"; - private String mSubId = null; - + private String mSubId = null; - - ///////////////////// + // /////////////////// // default methods // - ///////////////////// - + // /////////////////// - - //////////////////////// + // ////////////////////// // SystemCertsVerification methods // - //////////////////////// + // ////////////////////// /** - * Initializes this subsystem with the configuration store - * associated with this instance name. + * Initializes this subsystem with the configuration store associated with + * this instance name. * <P> - * + * * @param subsystem the associated subsystem - * @param instanceName the name of this self test instance + * @param instanceName the name of this self test instance * @param parameters configuration store (self test parameters) * @exception EDuplicateSelfTestException subsystem has duplicate name/value * @exception EInvalidSelfTestException subsystem has invalid name/value * @exception EMissingSelfTestException subsystem has missing name/value */ - public void initSelfTest( ISelfTestSubsystem subsystem, + public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName, - IConfigStore parameters ) - throws EDuplicateSelfTestException, - EInvalidSelfTestException, - EMissingSelfTestException - { - super.initSelfTest( subsystem, instanceName, parameters ); + IConfigStore parameters) + throws EDuplicateSelfTestException, + EInvalidSelfTestException, + EMissingSelfTestException { + super.initSelfTest(subsystem, instanceName, parameters); // retrieve mandatory parameter(s) try { - mSubId = mConfig.getString( PROP_SUB_ID ); - if( mSubId != null ) { + mSubId = mConfig.getString(PROP_SUB_ID); + if (mSubId != null) { mSubId = mSubId.trim(); } else { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_VALUES", - getSelfTestName(), - mPrefix - + "." - + PROP_SUB_ID ) ); + "SELFTESTS_MISSING_VALUES", + getSelfTestName(), + mPrefix + + "." + + PROP_SUB_ID)); - throw new EMissingSelfTestException( PROP_SUB_ID ); + throw new EMissingSelfTestException(PROP_SUB_ID); } - } catch( EBaseException e ) { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + } catch (EBaseException e) { + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_NAME", - getSelfTestName(), - mPrefix - + "." - + PROP_SUB_ID ) ); + "SELFTESTS_MISSING_NAME", + getSelfTestName(), + mPrefix + + "." + + PROP_SUB_ID)); - throw new EMissingSelfTestException( mPrefix, + throw new EMissingSelfTestException(mPrefix, PROP_SUB_ID, - null ); + null); } // retrieve optional parameter(s) @@ -137,102 +124,89 @@ extends ASelfTest return; } - /** * Notifies this subsystem if it is in execution mode. * <P> - * + * * @exception ESelfTestException failed to start */ public void startupSelfTest() - throws ESelfTestException - { + throws ESelfTestException { return; } - /** - * Stops this subsystem. The subsystem may call shutdownSelfTest - * anytime after initialization. + * Stops this subsystem. The subsystem may call shutdownSelfTest anytime + * after initialization. * <P> */ - public void shutdownSelfTest() - { + public void shutdownSelfTest() { return; } - /** - * Returns the name associated with this self test. This method may - * return null if the self test has not been intialized. + * Returns the name associated with this self test. This method may return + * null if the self test has not been intialized. * <P> - * + * * @return instanceName of this self test */ - public String getSelfTestName() - { + public String getSelfTestName() { return super.getSelfTestName(); } - /** - * Returns the root configuration storage (self test parameters) - * associated with this subsystem. + * Returns the root configuration storage (self test parameters) associated + * with this subsystem. * <P> - * + * * @return configuration store (self test parameters) of this subsystem */ - public IConfigStore getSelfTestConfigStore() - { + public IConfigStore getSelfTestConfigStore() { return super.getSelfTestConfigStore(); } - /** - * Retrieves description associated with an individual self test. - * This method may return null. + * Retrieves description associated with an individual self test. This + * method may return null. * <P> - * + * * @param locale locale of the client that requests the description * @return description of self test */ - public String getSelfTestDescription( Locale locale ) - { - return CMS.getUserMessage( locale, - "CMS_SELFTESTS_SYSTEM_CERTS_VERIFICATION_DESCRIPTION" ); + public String getSelfTestDescription(Locale locale) { + return CMS.getUserMessage(locale, + "CMS_SELFTESTS_SYSTEM_CERTS_VERIFICATION_DESCRIPTION"); } - /** * Execute an individual self test. * <P> - * + * * @param logger specifies logging subsystem * @exception ESelfTestException self test exception */ - public void runSelfTest( ILogEventListener logger ) - throws ESelfTestException - { + public void runSelfTest(ILogEventListener logger) + throws ESelfTestException { String logMessage = null; boolean rc = false; rc = CMS.verifySystemCerts(); if (rc == true) { - logMessage = CMS.getLogMessage( "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); } else { - logMessage = CMS.getLogMessage( "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); - throw new ESelfTestException( logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); + throw new ESelfTestException(logMessage); } return; } } - diff --git a/pki/base/common/src/com/netscape/cms/selftests/kra/KRAPresence.java b/pki/base/common/src/com/netscape/cms/selftests/kra/KRAPresence.java index 52255e24..1c86bb5c 100644 --- a/pki/base/common/src/com/netscape/cms/selftests/kra/KRAPresence.java +++ b/pki/base/common/src/com/netscape/cms/selftests/kra/KRAPresence.java @@ -20,8 +20,6 @@ package com.netscape.cms.selftests.kra; - - /////////////////////// // import statements // /////////////////////// @@ -41,8 +39,6 @@ import com.netscape.certsrv.selftests.ESelfTestException; import com.netscape.certsrv.selftests.ISelfTestSubsystem; import com.netscape.cms.selftests.ASelfTest; - - ////////////////////// // class definition // ////////////////////// @@ -56,83 +52,75 @@ import com.netscape.cms.selftests.ASelfTest; * @version $Revision$, $Date$ */ public class KRAPresence -extends ASelfTest -{ - //////////////////////// + extends ASelfTest { + // ////////////////////// // default parameters // - //////////////////////// - + // ////////////////////// - - /////////////////////////// + // ///////////////////////// // KRAPresence parameters // - /////////////////////////// + // ///////////////////////// // parameter information public static final String PROP_KRA_SUB_ID = "SubId"; - private String mSubId = null; - + private String mSubId = null; - - ///////////////////// + // /////////////////// // default methods // - ///////////////////// - + // /////////////////// - - //////////////////////// + // ////////////////////// // KRAPresence methods // - //////////////////////// + // ////////////////////// /** - * Initializes this subsystem with the configuration store - * associated with this instance name. + * Initializes this subsystem with the configuration store associated with + * this instance name. * <P> - * + * * @param subsystem the associated subsystem - * @param instanceName the name of this self test instance + * @param instanceName the name of this self test instance * @param parameters configuration store (self test parameters) * @exception EDuplicateSelfTestException subsystem has duplicate name/value * @exception EInvalidSelfTestException subsystem has invalid name/value * @exception EMissingSelfTestException subsystem has missing name/value */ - public void initSelfTest( ISelfTestSubsystem subsystem, + public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName, - IConfigStore parameters ) - throws EDuplicateSelfTestException, - EInvalidSelfTestException, - EMissingSelfTestException - { - super.initSelfTest( subsystem, instanceName, parameters ); + IConfigStore parameters) + throws EDuplicateSelfTestException, + EInvalidSelfTestException, + EMissingSelfTestException { + super.initSelfTest(subsystem, instanceName, parameters); // retrieve mandatory parameter(s) try { - mSubId = mConfig.getString( PROP_KRA_SUB_ID ); - if( mSubId != null ) { + mSubId = mConfig.getString(PROP_KRA_SUB_ID); + if (mSubId != null) { mSubId = mSubId.trim(); } else { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_VALUES", - getSelfTestName(), - mPrefix - + "." - + PROP_KRA_SUB_ID ) ); + "SELFTESTS_MISSING_VALUES", + getSelfTestName(), + mPrefix + + "." + + PROP_KRA_SUB_ID)); - throw new EMissingSelfTestException( PROP_KRA_SUB_ID ); + throw new EMissingSelfTestException(PROP_KRA_SUB_ID); } - } catch( EBaseException e ) { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + } catch (EBaseException e) { + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_NAME", - getSelfTestName(), - mPrefix - + "." - + PROP_KRA_SUB_ID ) ); + "SELFTESTS_MISSING_NAME", + getSelfTestName(), + mPrefix + + "." + + PROP_KRA_SUB_ID)); - throw new EMissingSelfTestException( mPrefix, + throw new EMissingSelfTestException(mPrefix, PROP_KRA_SUB_ID, - null ); + null); } // retrieve optional parameter(s) @@ -140,137 +128,124 @@ extends ASelfTest return; } - /** * Notifies this subsystem if it is in execution mode. * <P> - * + * * @exception ESelfTestException failed to start */ public void startupSelfTest() - throws ESelfTestException - { + throws ESelfTestException { return; } - /** - * Stops this subsystem. The subsystem may call shutdownSelfTest - * anytime after initialization. + * Stops this subsystem. The subsystem may call shutdownSelfTest anytime + * after initialization. * <P> */ - public void shutdownSelfTest() - { + public void shutdownSelfTest() { return; } - /** - * Returns the name associated with this self test. This method may - * return null if the self test has not been intialized. + * Returns the name associated with this self test. This method may return + * null if the self test has not been intialized. * <P> - * + * * @return instanceName of this self test */ - public String getSelfTestName() - { + public String getSelfTestName() { return super.getSelfTestName(); } - /** - * Returns the root configuration storage (self test parameters) - * associated with this subsystem. + * Returns the root configuration storage (self test parameters) associated + * with this subsystem. * <P> - * + * * @return configuration store (self test parameters) of this subsystem */ - public IConfigStore getSelfTestConfigStore() - { + public IConfigStore getSelfTestConfigStore() { return super.getSelfTestConfigStore(); } - /** - * Retrieves description associated with an individual self test. - * This method may return null. + * Retrieves description associated with an individual self test. This + * method may return null. * <P> - * + * * @param locale locale of the client that requests the description * @return description of self test */ - public String getSelfTestDescription( Locale locale ) - { - return CMS.getUserMessage( locale, - "CMS_SELFTESTS_KRA_PRESENCE_DESCRIPTION" ); + public String getSelfTestDescription(Locale locale) { + return CMS.getUserMessage(locale, + "CMS_SELFTESTS_KRA_PRESENCE_DESCRIPTION"); } - /** * Execute an individual self test. * <P> - * + * * @param logger specifies logging subsystem * @exception ESelfTestException self test exception */ - public void runSelfTest( ILogEventListener logger ) - throws ESelfTestException - { + public void runSelfTest(ILogEventListener logger) + throws ESelfTestException { String logMessage = null; IKeyRecoveryAuthority kra = null; org.mozilla.jss.crypto.X509Certificate kraCert = null; PublicKey kraPubKey = null; - kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( mSubId ); + kra = (IKeyRecoveryAuthority) CMS.getSubsystem(mSubId); - if( kra == null ) { + if (kra == null) { // log that the KRA is not installed - logMessage = CMS.getLogMessage( "SELFTESTS_KRA_IS_NOT_PRESENT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_NOT_PRESENT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } else { // Retrieve the KRA certificate kraCert = kra.getTransportCert(); - if( kraCert == null ) { + if (kraCert == null) { // log that the RA is not yet initialized - logMessage = CMS.getLogMessage( + logMessage = CMS.getLogMessage( "SELFTESTS_KRA_IS_NOT_INITIALIZED", - getSelfTestName() ); + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } // Retrieve the KRA certificate public key - kraPubKey = ( PublicKey ) kraCert.getPublicKey(); + kraPubKey = (PublicKey) kraCert.getPublicKey(); - if( kraPubKey == null ) { + if (kraPubKey == null) { // log that something is seriously wrong with the KRA - logMessage = CMS.getLogMessage( "SELFTESTS_KRA_IS_CORRUPT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_CORRUPT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } // log that the KRA is present - logMessage = CMS.getLogMessage( "SELFTESTS_KRA_IS_PRESENT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_PRESENT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); } return; } } - diff --git a/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java b/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java index 507148bd..cfdb20af 100644 --- a/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java +++ b/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java @@ -20,8 +20,6 @@ package com.netscape.cms.selftests.ocsp; - - /////////////////////// // import statements // /////////////////////// @@ -45,8 +43,6 @@ import com.netscape.certsrv.selftests.ESelfTestException; import com.netscape.certsrv.selftests.ISelfTestSubsystem; import com.netscape.cms.selftests.ASelfTest; - - ////////////////////// // class definition // ////////////////////// @@ -60,83 +56,75 @@ import com.netscape.cms.selftests.ASelfTest; * @version $Revision$, $Date$ */ public class OCSPPresence -extends ASelfTest -{ - //////////////////////// + extends ASelfTest { + // ////////////////////// // default parameters // - //////////////////////// - - + // ////////////////////// - ///////////////////////////// + // /////////////////////////// // OCSPPresence parameters // - ///////////////////////////// + // /////////////////////////// // parameter information public static final String PROP_OCSP_SUB_ID = "OcspSubId"; - private String mOcspSubId = null; + private String mOcspSubId = null; - - - ///////////////////// + // /////////////////// // default methods // - ///////////////////// - + // /////////////////// - - ////////////////////////// + // //////////////////////// // OCSPPresence methods // - ////////////////////////// + // //////////////////////// /** - * Initializes this subsystem with the configuration store - * associated with this instance name. + * Initializes this subsystem with the configuration store associated with + * this instance name. * <P> - * + * * @param subsystem the associated subsystem - * @param instanceName the name of this self test instance + * @param instanceName the name of this self test instance * @param parameters configuration store (self test parameters) * @exception EDuplicateSelfTestException subsystem has duplicate name/value * @exception EInvalidSelfTestException subsystem has invalid name/value * @exception EMissingSelfTestException subsystem has missing name/value */ - public void initSelfTest( ISelfTestSubsystem subsystem, + public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName, - IConfigStore parameters ) - throws EDuplicateSelfTestException, - EInvalidSelfTestException, - EMissingSelfTestException - { - super.initSelfTest( subsystem, instanceName, parameters ); + IConfigStore parameters) + throws EDuplicateSelfTestException, + EInvalidSelfTestException, + EMissingSelfTestException { + super.initSelfTest(subsystem, instanceName, parameters); // retrieve mandatory parameter(s) try { - mOcspSubId = mConfig.getString( PROP_OCSP_SUB_ID ); - if( mOcspSubId != null ) { + mOcspSubId = mConfig.getString(PROP_OCSP_SUB_ID); + if (mOcspSubId != null) { mOcspSubId = mOcspSubId.trim(); } else { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_VALUES", - getSelfTestName(), - mPrefix - + "." - + PROP_OCSP_SUB_ID ) ); + "SELFTESTS_MISSING_VALUES", + getSelfTestName(), + mPrefix + + "." + + PROP_OCSP_SUB_ID)); - throw new EMissingSelfTestException( PROP_OCSP_SUB_ID ); + throw new EMissingSelfTestException(PROP_OCSP_SUB_ID); } - } catch( EBaseException e ) { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + } catch (EBaseException e) { + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_NAME", - getSelfTestName(), - mPrefix - + "." - + PROP_OCSP_SUB_ID ) ); + "SELFTESTS_MISSING_NAME", + getSelfTestName(), + mPrefix + + "." + + PROP_OCSP_SUB_ID)); - throw new EMissingSelfTestException( mPrefix, + throw new EMissingSelfTestException(mPrefix, PROP_OCSP_SUB_ID, - null ); + null); } // retrieve optional parameter(s) @@ -144,162 +132,149 @@ extends ASelfTest return; } - /** * Notifies this subsystem if it is in execution mode. * <P> - * + * * @exception ESelfTestException failed to start */ public void startupSelfTest() - throws ESelfTestException - { + throws ESelfTestException { return; } - /** - * Stops this subsystem. The subsystem may call shutdownSelfTest - * anytime after initialization. + * Stops this subsystem. The subsystem may call shutdownSelfTest anytime + * after initialization. * <P> */ - public void shutdownSelfTest() - { + public void shutdownSelfTest() { return; } - /** - * Returns the name associated with this self test. This method may - * return null if the self test has not been intialized. + * Returns the name associated with this self test. This method may return + * null if the self test has not been intialized. * <P> - * + * * @return instanceName of this self test */ - public String getSelfTestName() - { + public String getSelfTestName() { return super.getSelfTestName(); } - /** - * Returns the root configuration storage (self test parameters) - * associated with this subsystem. + * Returns the root configuration storage (self test parameters) associated + * with this subsystem. * <P> - * + * * @return configuration store (self test parameters) of this subsystem */ - public IConfigStore getSelfTestConfigStore() - { + public IConfigStore getSelfTestConfigStore() { return super.getSelfTestConfigStore(); } - /** - * Retrieves description associated with an individual self test. - * This method may return null. + * Retrieves description associated with an individual self test. This + * method may return null. * <P> - * + * * @param locale locale of the client that requests the description * @return description of self test */ - public String getSelfTestDescription( Locale locale ) - { - return CMS.getUserMessage( locale, - "CMS_SELFTESTS_OCSP_PRESENCE_DESCRIPTION" ); + public String getSelfTestDescription(Locale locale) { + return CMS.getUserMessage(locale, + "CMS_SELFTESTS_OCSP_PRESENCE_DESCRIPTION"); } - /** * Execute an individual self test. * <P> - * + * * @param logger specifies logging subsystem * @exception ESelfTestException self test exception */ - public void runSelfTest( ILogEventListener logger ) - throws ESelfTestException - { + public void runSelfTest(ILogEventListener logger) + throws ESelfTestException { String logMessage = null; IOCSPAuthority ocsp = null; ISigningUnit ocspSigningUnit = null; X509CertImpl ocspCert = null; X509Key ocspPubKey = null; - ocsp = ( IOCSPAuthority ) CMS.getSubsystem( mOcspSubId ); + ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId); - if( ocsp == null ) { + if (ocsp == null) { // log that the OCSP is not installed - logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_NOT_PRESENT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_NOT_PRESENT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } else { // Retrieve the OCSP signing unit ocspSigningUnit = ocsp.getSigningUnit(); - if( ocspSigningUnit == null ) { + if (ocspSigningUnit == null) { // log that the OCSP is not yet initialized - logMessage = CMS.getLogMessage( + logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_NOT_INITIALIZED", - getSelfTestName() ); - - mSelfTestSubsystem.log( logger, - logMessage ); - - throw new ESelfTestException( logMessage ); + getSelfTestName()); + + mSelfTestSubsystem.log(logger, + logMessage); + + throw new ESelfTestException(logMessage); } // Retrieve the OCSP certificate ocspCert = ocspSigningUnit.getCertImpl(); - if( ocspCert == null ) { + if (ocspCert == null) { // log that the OCSP is not yet initialized - logMessage = CMS.getLogMessage( + logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_NOT_INITIALIZED", - getSelfTestName() ); - - mSelfTestSubsystem.log( logger, - logMessage ); - - throw new ESelfTestException( logMessage ); + getSelfTestName()); + + mSelfTestSubsystem.log(logger, + logMessage); + + throw new ESelfTestException(logMessage); } // Retrieve the OCSP certificate public key try { - ocspPubKey = ( X509Key ) - ocspCert.get( X509CertImpl.PUBLIC_KEY ); + ocspPubKey = (X509Key) + ocspCert.get(X509CertImpl.PUBLIC_KEY); - if( ocspPubKey == null ) { + if (ocspPubKey == null) { // log that something is seriously wrong with the OCSP - logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_CORRUPT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_CORRUPT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } - } catch( CertificateParsingException e ) { + } catch (CertificateParsingException e) { // log that something is seriously wrong with the OCSP - mSelfTestSubsystem.log( logger, - e.toString() ); + mSelfTestSubsystem.log(logger, + e.toString()); - throw new ESelfTestException( e.toString() ); + throw new ESelfTestException(e.toString()); } // log that the OCSP is present - logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_PRESENT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_PRESENT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); } return; } } - diff --git a/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java b/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java index e6516b2a..e1ff529b 100644 --- a/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java +++ b/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java @@ -20,8 +20,6 @@ package com.netscape.cms.selftests.ocsp; - - /////////////////////// // import statements // /////////////////////// @@ -45,14 +43,12 @@ import com.netscape.certsrv.selftests.ESelfTestException; import com.netscape.certsrv.selftests.ISelfTestSubsystem; import com.netscape.cms.selftests.ASelfTest; - - ////////////////////// // class definition // ////////////////////// /** - * This class implements a self test to check the validity of the OCSP. + * This class implements a self test to check the validity of the OCSP. * <P> * * @author mharmsen @@ -60,83 +56,75 @@ import com.netscape.cms.selftests.ASelfTest; * @version $Revision$, $Date$ */ public class OCSPValidity -extends ASelfTest -{ - //////////////////////// + extends ASelfTest { + // ////////////////////// // default parameters // - //////////////////////// - - + // ////////////////////// - ///////////////////////////// + // /////////////////////////// // OCSPValidity parameters // - ///////////////////////////// + // /////////////////////////// // parameter information public static final String PROP_OCSP_SUB_ID = "OcspSubId"; - private String mOcspSubId = null; + private String mOcspSubId = null; - - - ///////////////////// + // /////////////////// // default methods // - ///////////////////// - + // /////////////////// - - ////////////////////////// + // //////////////////////// // OCSPValidity methods // - ////////////////////////// + // //////////////////////// /** - * Initializes this subsystem with the configuration store - * associated with this instance name. + * Initializes this subsystem with the configuration store associated with + * this instance name. * <P> - * + * * @param subsystem the associated subsystem - * @param instanceName the name of this self test instance + * @param instanceName the name of this self test instance * @param parameters configuration store (self test parameters) * @exception EDuplicateSelfTestException subsystem has duplicate name/value * @exception EInvalidSelfTestException subsystem has invalid name/value * @exception EMissingSelfTestException subsystem has missing name/value */ - public void initSelfTest( ISelfTestSubsystem subsystem, + public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName, - IConfigStore parameters ) - throws EDuplicateSelfTestException, - EInvalidSelfTestException, - EMissingSelfTestException - { - super.initSelfTest( subsystem, instanceName, parameters ); + IConfigStore parameters) + throws EDuplicateSelfTestException, + EInvalidSelfTestException, + EMissingSelfTestException { + super.initSelfTest(subsystem, instanceName, parameters); // retrieve mandatory parameter(s) try { - mOcspSubId = mConfig.getString( PROP_OCSP_SUB_ID ); - if( mOcspSubId != null ) { + mOcspSubId = mConfig.getString(PROP_OCSP_SUB_ID); + if (mOcspSubId != null) { mOcspSubId = mOcspSubId.trim(); } else { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_VALUES", - getSelfTestName(), - mPrefix - + "." - + PROP_OCSP_SUB_ID ) ); + "SELFTESTS_MISSING_VALUES", + getSelfTestName(), + mPrefix + + "." + + PROP_OCSP_SUB_ID)); - throw new EMissingSelfTestException( PROP_OCSP_SUB_ID ); + throw new EMissingSelfTestException(PROP_OCSP_SUB_ID); } - } catch( EBaseException e ) { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + } catch (EBaseException e) { + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_NAME", - getSelfTestName(), - mPrefix - + "." - + PROP_OCSP_SUB_ID ) ); + "SELFTESTS_MISSING_NAME", + getSelfTestName(), + mPrefix + + "." + + PROP_OCSP_SUB_ID)); - throw new EMissingSelfTestException( mPrefix, + throw new EMissingSelfTestException(mPrefix, PROP_OCSP_SUB_ID, - null ); + null); } // retrieve optional parameter(s) @@ -144,162 +132,149 @@ extends ASelfTest return; } - /** * Notifies this subsystem if it is in execution mode. * <P> - * + * * @exception ESelfTestException failed to start */ public void startupSelfTest() - throws ESelfTestException - { + throws ESelfTestException { return; } - /** - * Stops this subsystem. The subsystem may call shutdownSelfTest - * anytime after initialization. + * Stops this subsystem. The subsystem may call shutdownSelfTest anytime + * after initialization. * <P> */ - public void shutdownSelfTest() - { + public void shutdownSelfTest() { return; } - /** - * Returns the name associated with this self test. This method may - * return null if the self test has not been intialized. + * Returns the name associated with this self test. This method may return + * null if the self test has not been intialized. * <P> - * + * * @return instanceName of this self test */ - public String getSelfTestName() - { + public String getSelfTestName() { return super.getSelfTestName(); } - /** - * Returns the root configuration storage (self test parameters) - * associated with this subsystem. + * Returns the root configuration storage (self test parameters) associated + * with this subsystem. * <P> - * + * * @return configuration store (self test parameters) of this subsystem */ - public IConfigStore getSelfTestConfigStore() - { + public IConfigStore getSelfTestConfigStore() { return super.getSelfTestConfigStore(); } - /** - * Retrieves description associated with an individual self test. - * This method may return null. + * Retrieves description associated with an individual self test. This + * method may return null. * <P> - * + * * @param locale locale of the client that requests the description * @return description of self test */ - public String getSelfTestDescription( Locale locale ) - { - return CMS.getUserMessage( locale, - "CMS_SELFTESTS_OCSP_VALIDITY_DESCRIPTION" ); + public String getSelfTestDescription(Locale locale) { + return CMS.getUserMessage(locale, + "CMS_SELFTESTS_OCSP_VALIDITY_DESCRIPTION"); } - /** * Execute an individual self test. * <P> - * + * * @param logger specifies logging subsystem * @exception ESelfTestException self test exception */ - public void runSelfTest( ILogEventListener logger ) - throws ESelfTestException - { + public void runSelfTest(ILogEventListener logger) + throws ESelfTestException { String logMessage = null; IOCSPAuthority ocsp = null; ISigningUnit ocspSigningUnit = null; X509CertImpl ocspCert = null; - ocsp = ( IOCSPAuthority ) CMS.getSubsystem( mOcspSubId ); + ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId); - if( ocsp == null ) { + if (ocsp == null) { // log that the OCSP is not installed - logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_NOT_PRESENT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_NOT_PRESENT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } else { // Retrieve the OCSP signing unit ocspSigningUnit = ocsp.getSigningUnit(); - if( ocspSigningUnit == null ) { + if (ocspSigningUnit == null) { // log that the OCSP is not yet initialized - logMessage = CMS.getLogMessage( + logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_NOT_INITIALIZED", - getSelfTestName() ); - - mSelfTestSubsystem.log( logger, - logMessage ); - - throw new ESelfTestException( logMessage ); + getSelfTestName()); + + mSelfTestSubsystem.log(logger, + logMessage); + + throw new ESelfTestException(logMessage); } // Retrieve the OCSP certificate ocspCert = ocspSigningUnit.getCertImpl(); - if( ocspCert == null ) { + if (ocspCert == null) { // log that the OCSP is not yet initialized - logMessage = CMS.getLogMessage( + logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_NOT_INITIALIZED", - getSelfTestName() ); + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } // Retrieve the OCSP validity period try { ocspCert.checkValidity(); - } catch( CertificateNotYetValidException e ) { + } catch (CertificateNotYetValidException e) { // log that the OCSP is not yet valid logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_NOT_YET_VALID", - getSelfTestName() ); + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); - } catch( CertificateExpiredException e ) { + throw new ESelfTestException(logMessage); + } catch (CertificateExpiredException e) { // log that the OCSP is expired - logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_EXPIRED", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_EXPIRED", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } // log that the OCSP is valid - logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_VALID", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_VALID", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); } return; } } - diff --git a/pki/base/common/src/com/netscape/cms/selftests/ra/RAPresence.java b/pki/base/common/src/com/netscape/cms/selftests/ra/RAPresence.java index 1a8b4c3e..0163cdf3 100644 --- a/pki/base/common/src/com/netscape/cms/selftests/ra/RAPresence.java +++ b/pki/base/common/src/com/netscape/cms/selftests/ra/RAPresence.java @@ -20,8 +20,6 @@ package com.netscape.cms.selftests.ra; - - /////////////////////// // import statements // /////////////////////// @@ -41,8 +39,6 @@ import com.netscape.certsrv.selftests.ESelfTestException; import com.netscape.certsrv.selftests.ISelfTestSubsystem; import com.netscape.cms.selftests.ASelfTest; - - ////////////////////// // class definition // ////////////////////// @@ -50,6 +46,7 @@ import com.netscape.cms.selftests.ASelfTest; /** * This class implements a self test to check for RA presence. * <P> + * * <PRE> * NOTE: This self-test is for Registration Authorities prior to * Netscape Certificate Management System 7.0. It does NOT @@ -65,83 +62,75 @@ import com.netscape.cms.selftests.ASelfTest; * @version $Revision$, $Date$ */ public class RAPresence -extends ASelfTest -{ - //////////////////////// + extends ASelfTest { + // ////////////////////// // default parameters // - //////////////////////// + // ////////////////////// - - - /////////////////////////// + // ///////////////////////// // RAPresence parameters // - /////////////////////////// + // ///////////////////////// // parameter information public static final String PROP_RA_SUB_ID = "RaSubId"; - private String mRaSubId = null; - - + private String mRaSubId = null; - ///////////////////// + // /////////////////// // default methods // - ///////////////////// + // /////////////////// - - - //////////////////////// + // ////////////////////// // RAPresence methods // - //////////////////////// + // ////////////////////// /** - * Initializes this subsystem with the configuration store - * associated with this instance name. + * Initializes this subsystem with the configuration store associated with + * this instance name. * <P> - * + * * @param subsystem the associated subsystem - * @param instanceName the name of this self test instance + * @param instanceName the name of this self test instance * @param parameters configuration store (self test parameters) * @exception EDuplicateSelfTestException subsystem has duplicate name/value * @exception EInvalidSelfTestException subsystem has invalid name/value * @exception EMissingSelfTestException subsystem has missing name/value */ - public void initSelfTest( ISelfTestSubsystem subsystem, + public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName, - IConfigStore parameters ) - throws EDuplicateSelfTestException, - EInvalidSelfTestException, - EMissingSelfTestException - { - super.initSelfTest( subsystem, instanceName, parameters ); + IConfigStore parameters) + throws EDuplicateSelfTestException, + EInvalidSelfTestException, + EMissingSelfTestException { + super.initSelfTest(subsystem, instanceName, parameters); // retrieve mandatory parameter(s) try { - mRaSubId = mConfig.getString( PROP_RA_SUB_ID ); - if( mRaSubId != null ) { + mRaSubId = mConfig.getString(PROP_RA_SUB_ID); + if (mRaSubId != null) { mRaSubId = mRaSubId.trim(); } else { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_VALUES", - getSelfTestName(), - mPrefix - + "." - + PROP_RA_SUB_ID ) ); + "SELFTESTS_MISSING_VALUES", + getSelfTestName(), + mPrefix + + "." + + PROP_RA_SUB_ID)); - throw new EMissingSelfTestException( PROP_RA_SUB_ID ); + throw new EMissingSelfTestException(PROP_RA_SUB_ID); } - } catch( EBaseException e ) { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + } catch (EBaseException e) { + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_NAME", - getSelfTestName(), - mPrefix - + "." - + PROP_RA_SUB_ID ) ); + "SELFTESTS_MISSING_NAME", + getSelfTestName(), + mPrefix + + "." + + PROP_RA_SUB_ID)); - throw new EMissingSelfTestException( mPrefix, + throw new EMissingSelfTestException(mPrefix, PROP_RA_SUB_ID, - null ); + null); } // retrieve optional parameter(s) @@ -149,137 +138,124 @@ extends ASelfTest return; } - /** * Notifies this subsystem if it is in execution mode. * <P> - * + * * @exception ESelfTestException failed to start */ public void startupSelfTest() - throws ESelfTestException - { + throws ESelfTestException { return; } - /** - * Stops this subsystem. The subsystem may call shutdownSelfTest - * anytime after initialization. + * Stops this subsystem. The subsystem may call shutdownSelfTest anytime + * after initialization. * <P> */ - public void shutdownSelfTest() - { + public void shutdownSelfTest() { return; } - /** - * Returns the name associated with this self test. This method may - * return null if the self test has not been intialized. + * Returns the name associated with this self test. This method may return + * null if the self test has not been intialized. * <P> - * + * * @return instanceName of this self test */ - public String getSelfTestName() - { + public String getSelfTestName() { return super.getSelfTestName(); } - /** - * Returns the root configuration storage (self test parameters) - * associated with this subsystem. + * Returns the root configuration storage (self test parameters) associated + * with this subsystem. * <P> - * + * * @return configuration store (self test parameters) of this subsystem */ - public IConfigStore getSelfTestConfigStore() - { + public IConfigStore getSelfTestConfigStore() { return super.getSelfTestConfigStore(); } - /** - * Retrieves description associated with an individual self test. - * This method may return null. + * Retrieves description associated with an individual self test. This + * method may return null. * <P> - * + * * @param locale locale of the client that requests the description * @return description of self test */ - public String getSelfTestDescription( Locale locale ) - { - return CMS.getUserMessage( locale, - "CMS_SELFTESTS_RA_PRESENCE_DESCRIPTION" ); + public String getSelfTestDescription(Locale locale) { + return CMS.getUserMessage(locale, + "CMS_SELFTESTS_RA_PRESENCE_DESCRIPTION"); } - /** * Execute an individual self test. * <P> - * + * * @param logger specifies logging subsystem * @exception ESelfTestException self test exception */ - public void runSelfTest( ILogEventListener logger ) - throws ESelfTestException - { + public void runSelfTest(ILogEventListener logger) + throws ESelfTestException { String logMessage = null; IRegistrationAuthority ra = null; org.mozilla.jss.crypto.X509Certificate raCert = null; PublicKey raPubKey = null; - ra = ( IRegistrationAuthority ) CMS.getSubsystem( mRaSubId ); + ra = (IRegistrationAuthority) CMS.getSubsystem(mRaSubId); - if( ra == null ) { + if (ra == null) { // log that the RA is not installed - logMessage = CMS.getLogMessage( "SELFTESTS_RA_IS_NOT_PRESENT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_NOT_PRESENT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } else { // Retrieve the RA certificate raCert = ra.getRACert(); - if( raCert == null ) { + if (raCert == null) { // log that the RA is not yet initialized - logMessage = CMS.getLogMessage( + logMessage = CMS.getLogMessage( "SELFTESTS_RA_IS_NOT_INITIALIZED", - getSelfTestName() ); + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } // Retrieve the RA certificate public key - raPubKey = ( PublicKey ) raCert.getPublicKey(); + raPubKey = (PublicKey) raCert.getPublicKey(); - if( raPubKey == null ) { + if (raPubKey == null) { // log that something is seriously wrong with the RA - logMessage = CMS.getLogMessage( "SELFTESTS_RA_IS_CORRUPT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_CORRUPT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } // log that the RA is present - logMessage = CMS.getLogMessage( "SELFTESTS_RA_IS_PRESENT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_PRESENT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); } return; } } - diff --git a/pki/base/common/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java b/pki/base/common/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java index ba0ae3cb..e01d68b8 100644 --- a/pki/base/common/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java +++ b/pki/base/common/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java @@ -20,8 +20,6 @@ package com.netscape.cms.selftests.tks; - - /////////////////////// // import statements // /////////////////////// @@ -42,8 +40,6 @@ import com.netscape.certsrv.selftests.ISelfTestSubsystem; import com.netscape.cms.selftests.ASelfTest; import com.netscape.symkey.SessionKey; - - ////////////////////// // class definition // ////////////////////// @@ -58,46 +54,43 @@ import com.netscape.symkey.SessionKey; * @version $Revision$, $Date$ */ public class TKSKnownSessionKey -extends ASelfTest -{ + extends ASelfTest { // parameter information public static final String PROP_TKS_SUB_ID = "TksSubId"; - private String mTksSubId = null; - private String mToken = null; - private String mUseSoftToken = null; - private String mKeyName = null; - private byte[] mKeyInfo = null; + private String mTksSubId = null; + private String mToken = null; + private String mUseSoftToken = null; + private String mKeyName = null; + private byte[] mKeyInfo = null; private byte[] mCardChallenge = null; private byte[] mHostChallenge = null; - private byte[] mCUID = null; - private byte[] mMacKey = null; - private byte[] mSessionKey = null; - + private byte[] mCUID = null; + private byte[] mMacKey = null; + private byte[] mSessionKey = null; /** - * Initializes this subsystem with the configuration store - * associated with this instance name. + * Initializes this subsystem with the configuration store associated with + * this instance name. * <P> - * + * * @param subsystem the associated subsystem - * @param instanceName the name of this self test instance + * @param instanceName the name of this self test instance * @param parameters configuration store (self test parameters) * @exception EDuplicateSelfTestException subsystem has duplicate name/value * @exception EInvalidSelfTestException subsystem has invalid name/value * @exception EMissingSelfTestException subsystem has missing name/value */ - public void initSelfTest (ISelfTestSubsystem subsystem, + public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName, IConfigStore parameters) - throws EDuplicateSelfTestException, - EInvalidSelfTestException, - EMissingSelfTestException - { + throws EDuplicateSelfTestException, + EInvalidSelfTestException, + EMissingSelfTestException { ISubsystem tks = null; IConfigStore tksConfig = null; String logMessage = null; - super.initSelfTest( subsystem, instanceName, parameters ); + super.initSelfTest(subsystem, instanceName, parameters); mTksSubId = getConfigString(PROP_TKS_SUB_ID); mToken = getConfigString("token"); @@ -128,34 +121,34 @@ extends ASelfTest if (defKeySetMacKey == null) { CMS.debug("TKSKnownSessionKey: invalid mac key"); CMS.debug("TKSKnownSessionKey self test FAILED"); - mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage("SELFTESTS_INVALID_VALUES", - getSelfTestName(), mPrefix + "." + "macKey")); - throw new EInvalidSelfTestException (mPrefix, "macKey", null); + getSelfTestName(), mPrefix + "." + "macKey")); + throw new EInvalidSelfTestException(mPrefix, "macKey", null); } - + try { mSessionKey = getConfigByteArray("sessionKey", 16); } catch (EMissingSelfTestException e) { if (mSessionKey == null) { - mSessionKey = SessionKey.ComputeSessionKey (mToken, mKeyName, + mSessionKey = SessionKey.ComputeSessionKey(mToken, mKeyName, mCardChallenge, mHostChallenge, mKeyInfo, mCUID, mMacKey, mUseSoftToken, null, null); if (mSessionKey == null || mSessionKey.length != 16) { - mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage("SELFTESTS_MISSING_VALUES", - getSelfTestName(), mPrefix + ".sessionKey")); - throw new EMissingSelfTestException ("sessionKey"); + getSelfTestName(), mPrefix + ".sessionKey")); + throw new EMissingSelfTestException("sessionKey"); } String sessionKey = SpecialEncode(mSessionKey); mConfig.putString("sessionKey", sessionKey); try { CMS.getConfigStore().commit(true); } catch (EBaseException be) { - mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage("SELFTESTS_MISSING_VALUES", - getSelfTestName(), mPrefix + ".sessionKey")); - throw new EMissingSelfTestException ("sessionKey"); + getSelfTestName(), mPrefix + ".sessionKey")); + throw new EMissingSelfTestException("sessionKey"); } } } @@ -163,9 +156,7 @@ extends ASelfTest return; } - - private String SpecialEncode (byte data[]) - { + private String SpecialEncode(byte data[]) { StringBuffer sb = new StringBuffer(); for (int i = 0; i < data.length; i++) { @@ -179,9 +170,7 @@ extends ASelfTest return sb.toString(); } - - private String getConfigString (String name) throws EMissingSelfTestException - { + private String getConfigString(String name) throws EMissingSelfTestException { String value = null; try { @@ -189,137 +178,124 @@ extends ASelfTest if (value != null) { value = value.trim(); } else { - mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage("SELFTESTS_MISSING_VALUES", - getSelfTestName(), mPrefix + "." + name)); - throw new EMissingSelfTestException (name); + getSelfTestName(), mPrefix + "." + name)); + throw new EMissingSelfTestException(name); } } catch (EBaseException e) { - mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage("SELFTESTS_MISSING_NAME", - getSelfTestName(), mPrefix + "." + name)); - throw new EMissingSelfTestException (mPrefix, name, null); + getSelfTestName(), mPrefix + "." + name)); + throw new EMissingSelfTestException(mPrefix, name, null); } return value; } - - private byte[] getConfigByteArray (String name, int size) throws EMissingSelfTestException, - EInvalidSelfTestException - { + private byte[] getConfigByteArray(String name, int size) throws EMissingSelfTestException, + EInvalidSelfTestException { String stringValue = getConfigString(name); byte byteValue[] = com.netscape.cmsutil.util.Utils.SpecialDecode(stringValue); if (byteValue == null) { - mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage("SELFTESTS_MISSING_NAME", - getSelfTestName(), mPrefix + "." + name)); - throw new EMissingSelfTestException (name); + getSelfTestName(), mPrefix + "." + name)); + throw new EMissingSelfTestException(name); } if (byteValue.length != size) { - mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage("SELFTESTS_INVALID_VALUES", - getSelfTestName(), mPrefix + "." + name)); - throw new EInvalidSelfTestException (mPrefix, name, stringValue); + getSelfTestName(), mPrefix + "." + name)); + throw new EInvalidSelfTestException(mPrefix, name, stringValue); } return byteValue; } - /** * Notifies this subsystem if it is in execution mode. * <P> - * + * * @exception ESelfTestException failed to start */ public void startupSelfTest() - throws ESelfTestException - { + throws ESelfTestException { return; } - /** - * Stops this subsystem. The subsystem may call shutdownSelfTest - * anytime after initialization. + * Stops this subsystem. The subsystem may call shutdownSelfTest anytime + * after initialization. * <P> */ - public void shutdownSelfTest() - { + public void shutdownSelfTest() { return; } - /** - * Returns the name associated with this self test. This method may - * return null if the self test has not been intialized. + * Returns the name associated with this self test. This method may return + * null if the self test has not been intialized. * <P> - * + * * @return instanceName of this self test */ - public String getSelfTestName() - { + public String getSelfTestName() { return super.getSelfTestName(); } - /** - * Returns the root configuration storage (self test parameters) - * associated with this subsystem. + * Returns the root configuration storage (self test parameters) associated + * with this subsystem. * <P> - * + * * @return configuration store (self test parameters) of this subsystem */ - public IConfigStore getSelfTestConfigStore() - { + public IConfigStore getSelfTestConfigStore() { return super.getSelfTestConfigStore(); } - /** - * Retrieves description associated with an individual self test. - * This method may return null. + * Retrieves description associated with an individual self test. This + * method may return null. * <P> - * + * * @param locale locale of the client that requests the description * @return description of self test */ - public String getSelfTestDescription( Locale locale ) - { - return CMS.getUserMessage (locale, "CMS_SELFTESTS_TKS_PRESENCE_DESCRIPTION"); + public String getSelfTestDescription(Locale locale) { + return CMS.getUserMessage(locale, "CMS_SELFTESTS_TKS_PRESENCE_DESCRIPTION"); } - /** * Execute an individual self test. * <P> - * + * * @param logger specifies logging subsystem * @exception ESelfTestException self test exception */ - public void runSelfTest (ILogEventListener logger) - throws ESelfTestException - { + public void runSelfTest(ILogEventListener logger) + throws ESelfTestException { String logMessage = null; String keySet = "defKeySet"; - byte[] sessionKey = SessionKey.ComputeSessionKey (mToken, mKeyName, + byte[] sessionKey = SessionKey.ComputeSessionKey(mToken, mKeyName, mCardChallenge, mHostChallenge, mKeyInfo, mCUID, mMacKey, mUseSoftToken, keySet, null); // Now we just see if we can successfully generate a session key. - // For FIPS compliance, the routine now returns a wrapped key, which can't be extracted and compared. + // For FIPS compliance, the routine now returns a wrapped key, which + // can't be extracted and compared. if (sessionKey == null) { CMS.debug("TKSKnownSessionKey: generated no session key"); CMS.debug("TKSKnownSessionKey self test FAILED"); - logMessage = CMS.getLogMessage ("SELFTESTS_TKS_FAILED", getSelfTestName(), getSelfTestName()); - mSelfTestSubsystem.log (logger, logMessage); - throw new ESelfTestException( logMessage ); - } else { - logMessage = CMS.getLogMessage ("SELFTESTS_TKS_SUCCEEDED", getSelfTestName(), getSelfTestName()); - mSelfTestSubsystem.log (logger, logMessage); + logMessage = CMS.getLogMessage("SELFTESTS_TKS_FAILED", getSelfTestName(), getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new ESelfTestException(logMessage); + } else { + logMessage = CMS.getLogMessage("SELFTESTS_TKS_SUCCEEDED", getSelfTestName(), getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); CMS.debug("TKSKnownSessionKey self test SUCCEEDED"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java index 4737e2f7..b805cc96 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -45,10 +44,9 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; - /** * Manage Access Control List configuration - * + * * @version $Revision$, $Date$ */ public class ACLAdminServlet extends AdminServlet { @@ -64,7 +62,7 @@ public class ACLAdminServlet extends AdminServlet { private IAuthzManager mAuthzMgr = null; private final static String LOGGING_SIGNED_AUDIT_CONFIG_ACL = - "LOGGING_SIGNED_AUDIT_CONFIG_ACL_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_ACL_3"; /** * Constructs servlet. @@ -74,17 +72,18 @@ public class ACLAdminServlet extends AdminServlet { mUG = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); } - /** - * initialize the servlet. + /** + * initialize the servlet. * <ul> * <li>http.param OP_TYPE = OP_SEARCH, * <li>http.param OP_SCOPE - the scope of the request operation: - * <ul><LI>"impl" ACL implementations - * <LI>"acls" ACL rules - * <LI>"evaluatorTypes" ACL evaluators. - * </ul> + * <ul> + * <LI>"impl" ACL implementations + * <LI>"acls" ACL rules + * <LI>"evaluatorTypes" ACL evaluators. * </ul> - * + * </ul> + * * @param config servlet configuration, read from the web.xml file */ public void init(ServletConfig config) throws ServletException { @@ -99,24 +98,24 @@ public class ACLAdminServlet extends AdminServlet { return INFO; } - /** + /** * Process the HTTP request. - * + * * @param req the object holding the request information * @param resp the object holding the response information */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { String scope = super.getParameter(req, Constants.OP_SCOPE); String op = super.getParameter(req, Constants.OP_TYPE); if (op == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL")); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); return; } @@ -126,8 +125,8 @@ public class ACLAdminServlet extends AdminServlet { super.authenticate(req); } catch (IOException e) { log(ILogger.LL_SECURITY, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS")); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); return; } @@ -141,8 +140,8 @@ public class ACLAdminServlet extends AdminServlet { } catch (Exception e) { log(ILogger.LL_FAILURE, e.toString()); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); return; } @@ -152,9 +151,9 @@ public class ACLAdminServlet extends AdminServlet { if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ACL)) { @@ -171,8 +170,8 @@ public class ACLAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ACL)) { @@ -183,8 +182,8 @@ public class ACLAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ACL)) { @@ -195,8 +194,8 @@ public class ACLAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ACL_IMPLS)) { @@ -207,8 +206,8 @@ public class ACLAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ACL_IMPLS)) { @@ -218,38 +217,38 @@ public class ACLAdminServlet extends AdminServlet { } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } catch (EBaseException e) { log(ILogger.LL_FAILURE, e.toString()); sendResponse(ERROR, e.toString(getLocale(req)), - null, resp); + null, resp); return; } catch (Exception e) { log(ILogger.LL_FAILURE, e.toString()); log(ILogger.LL_DEBUG, "SRVLT_FAIL_PERFORM 2"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); return; } log(ILogger.LL_DEBUG, "SRVLT_FAIL_PERFORM 3"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); return; } /** * list acls resources by name */ - private void listResources(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, + private void listResources(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -260,7 +259,7 @@ public class ACLAdminServlet extends AdminServlet { ACL acl = (ACL) res.nextElement(); String desc = acl.getDescription(); - if (desc == null) + if (desc == null) params.add(acl.getName(), ""); else params.add(acl.getName(), desc); @@ -272,19 +271,19 @@ public class ACLAdminServlet extends AdminServlet { /** * get acls information for a resource */ - private void getResourceACL(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, + private void getResourceACL(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); - //get resource id first + // get resource id first String resourceId = super.getParameter(req, Constants.RS_ID); if (resourceId == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -295,7 +294,7 @@ public class ACLAdminServlet extends AdminServlet { StringBuffer rights = new StringBuffer(); - if (rightsEnum.hasMoreElements()) { + if (rightsEnum.hasMoreElements()) { while (rightsEnum.hasMoreElements()) { if (rights.length() != 0) { rights.append(","); @@ -332,8 +331,8 @@ public class ACLAdminServlet extends AdminServlet { } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("ACLS_SRVLT_RESOURCE_NOT_FOUND")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_RESOURCE_NOT_FOUND"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_RESOURCE_NOT_FOUND"), + null, resp); return; } } @@ -341,19 +340,20 @@ public class ACLAdminServlet extends AdminServlet { /** * modify acls information for a resource * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring * Access Control List (ACL) information * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private void updateResources(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, + private void updateResources(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -378,15 +378,15 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // get resource acls String resourceACLs = super.getParameter(req, Constants.PR_ACI); String rights = super.getParameter(req, Constants.PR_ACL_RIGHTS); - String desc = super.getParameter(req, Constants.PR_ACL_DESC); + String desc = super.getParameter(req, Constants.PR_ACL_DESC); try { mAuthzMgr.updateACLs(resourceId, rights, resourceACLs, desc); @@ -417,22 +417,22 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_UPDATE_FAIL"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_UPDATE_FAIL"), + null, resp); return; } // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ACL, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ACL, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -446,31 +446,31 @@ public class ACLAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ACL, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ACL, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } - + /** * list access evaluators by types and class paths */ - private void listACLsEvaluators(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, + private void listACLsEvaluators(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration<IAccessEvaluator> res = mAuthzMgr.aclEvaluatorElements(); while (res.hasMoreElements()) { - IAccessEvaluator evaluator = res.nextElement(); + IAccessEvaluator evaluator = res.nextElement(); // params.add(evaluator.getType(), evaluator.getDescription()); params.add(evaluator.getType(), evaluator.getClass().getName()); @@ -480,18 +480,18 @@ public class ACLAdminServlet extends AdminServlet { } private void listACLsEvaluatorTypes(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration<IAccessEvaluator> res = mAuthzMgr.aclEvaluatorElements(); while (res.hasMoreElements()) { - IAccessEvaluator evaluator = res.nextElement(); + IAccessEvaluator evaluator = res.nextElement(); String[] operators = evaluator.getSupportedOperators(); StringBuffer str = new StringBuffer(); for (int i = 0; i < operators.length; i++) { - if (str.length() > 0) + if (str.length() > 0) str.append(","); str.append(operators[i]); } @@ -505,22 +505,23 @@ public class ACLAdminServlet extends AdminServlet { /** * add access evaluators * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring * Access Control List (ACL) information * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this ACL evaluator's - * substore + * substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addACLsEvaluator(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addACLsEvaluator(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -543,26 +544,25 @@ public class ACLAdminServlet extends AdminServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the evaluator type unique? /* - if (!mACLs.isTypeUnique(type)) { - String infoMsg = "replacing existing type: "+ type; - log(ILogger.LL_WARN, infoMsg); - } + * if (!mACLs.isTypeUnique(type)) { String infoMsg = + * "replacing existing type: "+ type; log(ILogger.LL_WARN, infoMsg); + * } */ // get class String classPath = super.getParameter(req, Constants.PR_ACL_CLASS); IConfigStore destStore = - mConfig.getSubStore(PROP_EVAL); + mConfig.getSubStore(PROP_EVAL); IConfigStore mStore = - destStore.getSubStore(ScopeDef.SC_ACL_IMPLS); + destStore.getSubStore(ScopeDef.SC_ACL_IMPLS); // Does the class exist? Class<?> newImpl = null; @@ -584,17 +584,16 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_CLASS_LOAD_FAIL"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_CLASS_LOAD_FAIL"), + null, resp); return; } // is the class an IAccessEvaluator? try { - if - (Class.forName("com.netscape.certsrv.evaluators.IAccessEvaluator").isAssignableFrom(newImpl) == false) { + if (Class.forName("com.netscape.certsrv.evaluators.IAccessEvaluator").isAssignableFrom(newImpl) == false) { String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator" + - classPath; + classPath; log(ILogger.LL_FAILURE, errMsg); @@ -608,13 +607,13 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_ILL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_ILL_CLASS"), + null, resp); return; } } catch (Exception e) { String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator" + - classPath; + classPath; log(ILogger.LL_FAILURE, errMsg); @@ -628,8 +627,8 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_ILL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_ILL_CLASS"), + null, resp); return; } @@ -653,8 +652,8 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_COMMIT_FAIL"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_COMMIT_FAIL"), + null, resp); return; } @@ -676,8 +675,8 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_INST_CLASS_FAIL"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_INST_CLASS_FAIL"), + null, resp); return; } @@ -688,7 +687,7 @@ public class ACLAdminServlet extends AdminServlet { mAuthzMgr.registerEvaluator(type, evaluator); } - //... + // ... NameValuePairs params = new NameValuePairs(); // store a message in the signed audit log file @@ -702,17 +701,17 @@ public class ACLAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ACL, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ACL, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -726,38 +725,39 @@ public class ACLAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ACL, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ACL, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * remove access evaluators * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring * Access Control List (ACL) information * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this ACL evaluator's - * substore + * substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void deleteACLsEvaluator(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void deleteACLsEvaluator(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -782,8 +782,8 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -803,8 +803,8 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_EVAL_NOT_FOUND"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_EVAL_NOT_FOUND"), + null, resp); return; } @@ -814,13 +814,13 @@ public class ACLAdminServlet extends AdminServlet { try { IConfigStore destStore = - mConfig.getSubStore(PROP_EVAL); + mConfig.getSubStore(PROP_EVAL); IConfigStore mStore = - destStore.getSubStore(ScopeDef.SC_ACL_IMPLS); + destStore.getSubStore(ScopeDef.SC_ACL_IMPLS); mStore.removeSubStore(id); } catch (Exception eeee) { - //CMS.debugStackTrace(eeee); + // CMS.debugStackTrace(eeee); } // commiting try { @@ -838,8 +838,8 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_COMMIT_FAIL"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_COMMIT_FAIL"), + null, resp); return; } @@ -855,17 +855,17 @@ public class ACLAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ACL, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ACL, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -879,50 +879,43 @@ public class ACLAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ACL, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ACL, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } - + /** * Searchs for certificate requests. */ - + /* - private void getACLs(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { - NameValuePairs params = new NameValuePairs(); - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - ObjectOutputStream oos = new ObjectOutputStream(bos); - String names = getParameter(req, Constants.PT_NAMES); - StringTokenizer st = new StringTokenizer(names, ","); - while (st.hasMoreTokens()) { - String target = st.nextToken(); - ACL acl = AccessManager.getInstance().getACL(target); - oos.writeObject(acl); - } - // BASE64Encoder encoder = new BASE64Encoder(); - // params.add(Constants.PT_ACLS, encoder.encodeBuffer(bos.toByteArray())); - params.add(Constants.PT_ACLS, CMS.BtoA(bos.toByteArray())); - sendResponse(SUCCESS, null, params, resp); - } + * private void getACLs(HttpServletRequest req, HttpServletResponse resp) + * throws ServletException, IOException, EBaseException { NameValuePairs + * params = new NameValuePairs(); ByteArrayOutputStream bos = new + * ByteArrayOutputStream(); ObjectOutputStream oos = new + * ObjectOutputStream(bos); String names = getParameter(req, + * Constants.PT_NAMES); StringTokenizer st = new StringTokenizer(names, + * ","); while (st.hasMoreTokens()) { String target = st.nextToken(); ACL + * acl = AccessManager.getInstance().getACL(target); oos.writeObject(acl); } + * // BASE64Encoder encoder = new BASE64Encoder(); // + * params.add(Constants.PT_ACLS, encoder.encodeBuffer(bos.toByteArray())); + * params.add(Constants.PT_ACLS, CMS.BtoA(bos.toByteArray())); + * sendResponse(SUCCESS, null, params, resp); } */ private void log(int level, String msg) { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, - level, "ACLAdminServlet: " + msg); + level, "ACLAdminServlet: " + msg); } -} - +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java index 2024e496..038355f0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java @@ -17,13 +17,11 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.util.ListResourceBundle; - /** * A class represents a resource bundle for the remote admin. - * + * * @version $Revision$, $Date$ * @see java.util.ListResourceBundle */ @@ -37,8 +35,7 @@ public class AdminResources extends ListResourceBundle { } /** - * Constants. The suffix represents the number of - * possible parameters. + * Constants. The suffix represents the number of possible parameters. */ static final Object[][] contents = {}; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java index 0f2a6ec7..c7bc1554 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.ByteArrayOutputStream; import java.io.DataOutputStream; import java.io.IOException; @@ -56,32 +55,27 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cms.servlet.base.UserInfo; - /** - * A class represents an administration servlet that - * is responsible to serve administrative - * operation such as configuration parameter updates. - * - * Since each administration servlet needs to perform - * authentication information parsing and response - * formulation, it makes sense to encapsulate the + * A class represents an administration servlet that is responsible to serve + * administrative operation such as configuration parameter updates. + * + * Since each administration servlet needs to perform authentication information + * parsing and response formulation, it makes sense to encapsulate the * commonalities into this class. - * - * By extending this serlvet, the subclass does not - * need to re-implement the request parsing code - * (i.e. authentication information parsing). - * - * If a subsystem needs to expose configuration - * parameters management, it should create an - * administration servlet (i.e. CAAdminServlet) - * and register it to RemoteAdmin subsystem. - * + * + * By extending this serlvet, the subclass does not need to re-implement the + * request parsing code (i.e. authentication information parsing). + * + * If a subsystem needs to expose configuration parameters management, it should + * create an administration servlet (i.e. CAAdminServlet) and register it to + * RemoteAdmin subsystem. + * * <code> * public class CAAdminServlet extends AdminServlet { * ... * } * </code> - * + * * @version $Revision$, $Date$ */ public class AdminServlet extends HttpServlet { @@ -117,8 +111,8 @@ public class AdminServlet extends HttpServlet { public final static String AUTHZ_SRC_TYPE = "sourceType"; public final static String AUTHZ_SRC_LDAP = "ldap"; public final static String AUTHZ_SRC_XML = "web.xml"; - public static final String CERT_ATTR = - "javax.servlet.request.X509Certificate"; + public static final String CERT_ATTR = + "javax.servlet.request.X509Certificate"; public final static String SIGNED_AUDIT_SCOPE = "Scope"; public final static String SIGNED_AUDIT_OPERATION = "Operation"; @@ -130,19 +124,19 @@ public class AdminServlet extends HttpServlet { public final static String SIGNED_AUDIT_NAME_VALUE_PAIRS_DELIMITER = "+"; private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = - "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; + "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; + "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL = - "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; + "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; + "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = - "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; + "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; private final static String CERTUSERDB = - IAuthSubsystem.CERTUSERDB_AUTHMGR_ID; + IAuthSubsystem.CERTUSERDB_AUTHMGR_ID; private final static String PASSWDUSERDB = - IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID; + IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID; /** * Constructs generic administration servlet. @@ -175,8 +169,8 @@ public class AdminServlet extends HttpServlet { if (srcType.equalsIgnoreCase(AUTHZ_SRC_XML)) { CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", "")); - // get authz mgr from xml file; if not specified, use - // ldap by default + // get authz mgr from xml file; if not specified, use + // ldap by default mAclMethod = getSCparam(sc, PROP_AUTHZ_MGR, AUTHZ_MGR_LDAP); if (mAclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) { @@ -185,7 +179,7 @@ public class AdminServlet extends HttpServlet { if (aclInfo != null) { try { addACLInfo(aclInfo); - //mAuthz.authzMgrAccessInit(mAclMethod, aclInfo); + // mAuthz.authzMgrAccessInit(mAclMethod, aclInfo); } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_FAIL")); throw new ServletException("failed to init authz info from xml config file"); @@ -204,45 +198,44 @@ public class AdminServlet extends HttpServlet { } } - public void outputHttpParameters(HttpServletRequest httpReq) - { + public void outputHttpParameters(HttpServletRequest httpReq) { CMS.debug("AdminServlet:service() uri = " + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { - String pn = (String)paramNames.nextElement(); + String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( pn.startsWith("__") || - pn.endsWith("password") || - pn.endsWith("passwd") || - pn.endsWith("pwd") || - pn.equalsIgnoreCase("admin_password_again") || - pn.equalsIgnoreCase("directoryManagerPwd") || - pn.equalsIgnoreCase("bindpassword") || - pn.equalsIgnoreCase("bindpwd") || - pn.equalsIgnoreCase("passwd") || - pn.equalsIgnoreCase("password") || - pn.equalsIgnoreCase("pin") || - pn.equalsIgnoreCase("pwd") || - pn.equalsIgnoreCase("pwdagain") || - pn.equalsIgnoreCase("uPasswd") ) { - CMS.debug("AdminServlet::service() param name='" + pn + - "' value='(sensitive)'" ); + if (pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("AdminServlet::service() param name='" + pn + + "' value='(sensitive)'"); } else { - CMS.debug("AdminServlet::service() param name='" + pn + - "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("AdminServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); } } } - + /** * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); if (!running_state) @@ -250,7 +243,7 @@ public class AdminServlet extends HttpServlet { "CMS server is not ready to serve."); if (CMS.debugOn()) { - outputHttpParameters(req); + outputHttpParameters(req); } } @@ -274,18 +267,18 @@ public class AdminServlet extends HttpServlet { } /** - * Authenticates to the identity scope with the given - * userid and password via identity manager. + * Authenticates to the identity scope with the given userid and password + * via identity manager. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication - * fails (in case of SSL-client auth, only webserver env can pick up the - * SSL violation; CMS authMgr can pick up cert mis-match, so this event - * is used) - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication - * succeeded + * fails (in case of SSL-client auth, only webserver env can pick up the SSL + * violation; CMS authMgr can pick up cert mis-match, so this event is used) + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when + * authentication succeeded * </ul> + * * @exception IOException an input/output error has occurred */ protected void authenticate(HttpServletRequest req) throws @@ -307,12 +300,12 @@ public class AdminServlet extends HttpServlet { // do nothing for now. } IAuthSubsystem auth = (IAuthSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); X509Certificate cert = null; if (authType.equals("sslclientauth")) { X509Certificate[] allCerts = - (X509Certificate[]) req.getAttribute(CERT_ATTR); + (X509Certificate[]) req.getAttribute(CERT_ATTR); if (allCerts == null || allCerts.length == 0) { // store a message in the signed audit log file @@ -362,10 +355,9 @@ public class AdminServlet extends HttpServlet { mServletID)); try { if (authType.equals("sslclientauth")) { - IAuthManager - authMgr = auth.get(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); + IAuthManager authMgr = auth.get(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); IAuthCredentials authCreds = - getAuthCreds(authMgr, cert); + getAuthCreds(authMgr, cert); token = (AuthToken) authMgr.authenticate(authCreds); } else { @@ -400,15 +392,14 @@ public class AdminServlet extends HttpServlet { mServletID)); } } catch (EBaseException e) { - //will fix it later for authorization + // will fix it later for authorization /* - String errMsg = "authenticate(): " + - AdminResources.SRVLT_FAIL_AUTHS +": "+userid +":"+ - e.getMessage(); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAIL", - CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"), - userid,e.getMessage())); + * String errMsg = "authenticate(): " + + * AdminResources.SRVLT_FAIL_AUTHS +": "+userid +":"+ + * e.getMessage(); log(ILogger.LL_FAILURE, + * CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAIL", + * CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"), + * userid,e.getMessage())); */ if (authType.equals("sslclientauth")) { @@ -441,9 +432,9 @@ public class AdminServlet extends HttpServlet { if (tuserid == null) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_NO_AUTH_TOKEN", - tuserid)); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_NO_AUTH_TOKEN", + tuserid)); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file @@ -477,9 +468,9 @@ public class AdminServlet extends HttpServlet { if (user == null) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_FOUND", - tuserid)); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_FOUND", + tuserid)); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file @@ -515,7 +506,7 @@ public class AdminServlet extends HttpServlet { sessionContext.put(SessionContext.USER, user); } catch (EUsrGrpException e) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file @@ -595,8 +586,8 @@ public class AdminServlet extends HttpServlet { } public static AuthCredentials getAuthCreds( - IAuthManager authMgr, X509Certificate clientCert) - throws EBaseException { + IAuthManager authMgr, X509Certificate clientCert) + throws EBaseException { // get credentials from http parameters. String[] reqCreds = authMgr.getRequiredCreds(); AuthCredentials creds = new AuthCredentials(); @@ -606,8 +597,8 @@ public class AdminServlet extends HttpServlet { if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) { // cert could be null; - creds.set(reqCred, new X509Certificate[] { clientCert} - ); + creds.set(reqCred, new X509Certificate[] { clientCert } + ); } } return creds; @@ -616,15 +607,16 @@ public class AdminServlet extends HttpServlet { /** * Authorize must occur after Authenticate * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization * has failed - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization - * is successful - * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a - * role (in current CMS that's when one accesses a role port) + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when + * authorization is successful + * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes + * a role (in current CMS that's when one accesses a role port) * </ul> + * * @param req HTTP servlet request * @return the authorization token */ @@ -646,7 +638,7 @@ public class AdminServlet extends HttpServlet { // hardcoded for now .. just testing try { // we check both "read" and "write" for now. later within - // each servlet, they can break it down + // each servlet, they can break it down authzTok = mAuthz.authorize(mAclMethod, authToken, AUTHZ_RES_NAME, mOp); // initialize the ACL resource, overwriting "auditACLResource" // if it is not null @@ -779,15 +771,15 @@ public class AdminServlet extends HttpServlet { /** * Sends response. - * + * * @param returnCode return code * @param errorMsg localized error message * @param params result parameters * @param resp HTTP servlet response */ protected void sendResponse(int returnCode, String errorMsg, - NameValuePairs params, HttpServletResponse resp) - throws IOException { + NameValuePairs params, HttpServletResponse resp) + throws IOException { ByteArrayOutputStream bos = new ByteArrayOutputStream(); DataOutputStream dos = new DataOutputStream(bos); @@ -806,8 +798,8 @@ public class AdminServlet extends HttpServlet { String value = java.net.URLEncoder.encode((String) params.getValue(name)); - buf.append(java.net.URLEncoder.encode(name) + - "=" + value); + buf.append(java.net.URLEncoder.encode(name) + + "=" + value); if (e.hasMoreElements()) buf.append("&"); } @@ -850,7 +842,7 @@ public class AdminServlet extends HttpServlet { protected String getParameter(HttpServletRequest req, String name) { // Servlet framework already apply URLdecode - // return URLdecode(req.getParameter(name)); + // return URLdecode(req.getParameter(name)); return req.getParameter(name); } @@ -858,8 +850,8 @@ public class AdminServlet extends HttpServlet { * Generic configuration store get operation. */ protected synchronized void getConfig( - IConfigStore config, HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + IConfigStore config, HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); @@ -867,8 +859,8 @@ public class AdminServlet extends HttpServlet { while (e.hasMoreElements()) { String name = (String) e.nextElement(); - //if (name.equals(Constants.PT_OP)) - // continue; + // if (name.equals(Constants.PT_OP)) + // continue; if (name.equals(Constants.OP_TYPE)) continue; if (name.equals(Constants.RS_ID)) @@ -876,21 +868,20 @@ public class AdminServlet extends HttpServlet { if (name.equals(Constants.OP_SCOPE)) continue; - //System.out.println(name); - //System.out.println(name+","+config.getString(name)); + // System.out.println(name); + // System.out.println(name+","+config.getString(name)); params.add(name, config.getString(name)); } sendResponse(SUCCESS, null, params, resp); } /** - * Generic configuration store set operation. - * The caller is responsible to do validiation before - * calling this, and commit changes after this call. + * Generic configuration store set operation. The caller is responsible to + * do validiation before calling this, and commit changes after this call. */ protected synchronized void setConfig( - IConfigStore config, HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + IConfigStore config, HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); @@ -898,16 +889,16 @@ public class AdminServlet extends HttpServlet { while (e.hasMoreElements()) { String name = (String) e.nextElement(); - //if (name.equals(Constants.PT_OP)) - // continue; + // if (name.equals(Constants.PT_OP)) + // continue; if (name.equals(Constants.OP_TYPE)) continue; if (name.equals(Constants.RS_ID)) continue; if (name.equals(Constants.OP_SCOPE)) continue; - // XXX Need validation... - // XXX what if update failed + // XXX Need validation... + // XXX what if update failed config.putString(name, req.getParameter(name)); } commit(true); @@ -918,8 +909,8 @@ public class AdminServlet extends HttpServlet { * Lists configuration store. */ protected synchronized void listConfig( - IConfigStore config, HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + IConfigStore config, HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { Enumeration e = config.getPropertyNames(); NameValuePairs params = new NameValuePairs(); @@ -938,14 +929,14 @@ public class AdminServlet extends HttpServlet { public boolean authorize(IAuthToken token) throws EBaseException { String mGroupNames[] = { "Administrators" }; boolean mAnd = true; - + try { String userid = token.getInString("userid"); if (userid == null) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTHZ_FAIL", userid)); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTHZ_FAIL", userid)); return false; } @@ -955,8 +946,8 @@ public class AdminServlet extends HttpServlet { if (user == null) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_DB", userid)); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_DB", userid)); return false; } @@ -973,9 +964,9 @@ public class AdminServlet extends HttpServlet { for (int i = 0; i < mGroupNames.length; i++) { if (!mUG.isMemberOf(user, mGroupNames[i])) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_GRP", userid, - mGroupNames[i])); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_GRP", userid, + mGroupNames[i])); return false; } } @@ -984,9 +975,9 @@ public class AdminServlet extends HttpServlet { for (int i = 0; i < mGroupNames.length; i++) { if (mUG.isMemberOf(user, mGroupNames[i])) { mLogger.log(ILogger.EV_SYSTEM, - ILogger.S_OTHER, ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTH_SUCC_USER", userid, - mGroupNames[i])); + ILogger.S_OTHER, ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTH_SUCC_USER", userid, + mGroupNames[i])); return true; } } @@ -998,24 +989,24 @@ public class AdminServlet extends HttpServlet { groups.append(mGroupNames[j]); } mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_ANY_GRP", userid, groups.toString())); + ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_ANY_GRP", userid, groups.toString())); return false; } } catch (EUsrGrpException e) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); return false; } } /** * FileConfigStore functionality - * - * The original config file is moved to <filename>.<date>. - * Commits the current properties to the configuration file. + * + * The original config file is moved to <filename>.<date>. Commits the + * current properties to the configuration file. * <P> - * + * * @param createBackup true if a backup file should be created */ protected void commit(boolean createBackup) throws EBaseException { @@ -1026,16 +1017,16 @@ public class AdminServlet extends HttpServlet { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ADMIN, - level, "AdminServlet: " + msg); + level, "AdminServlet: " + msg); } /** * Signed Audit Log - * - * This method is inherited by all extended admin servlets - * and is called to store messages to the signed audit log. + * + * This method is inherited by all extended admin servlets and is called to + * store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -1047,20 +1038,19 @@ public class AdminServlet extends HttpServlet { } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Subject ID - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to obtain the "SubjectID" for - * a signed audit log message. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * obtain the "SubjectID" for a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -1092,13 +1082,13 @@ public class AdminServlet extends HttpServlet { /** * Signed Audit Parameters - * - * This method is inherited by all extended admin servlets and - * is called to extract parameters from the HttpServletRequest - * and return a string of name;;value pairs separated by a '+' - * if more than one name;;value pair exists. + * + * This method is inherited by all extended admin servlets and is called to + * extract parameters from the HttpServletRequest and return a string of + * name;;value pairs separated by a '+' if more than one name;;value pair + * exists. * <P> - * + * * @param req HTTP servlet request * @return a delimited string of one or more delimited name/value pairs */ @@ -1172,26 +1162,27 @@ public class AdminServlet extends HttpServlet { // // To fix Blackflag Bug # 613800: // - // Check "com.netscape.certsrv.common.Constants" for - // case-insensitive "password", "pwd", and "passwd" - // name fields, and hide any password values: + // Check "com.netscape.certsrv.common.Constants" for + // case-insensitive "password", "pwd", and "passwd" + // name fields, and hide any password values: // - /* "password" */ if( name.equals( Constants.PASSWORDTYPE ) || - name.equals( Constants.TYPE_PASSWORD ) || - name.equals( Constants.PR_USER_PASSWORD ) || - name.equals( Constants.PT_OLD_PASSWORD ) || - name.equals( Constants.PT_NEW_PASSWORD ) || - name.equals( Constants.PT_DIST_STORE ) || - name.equals( Constants.PT_DIST_EMAIL ) || - /* "pwd" */ name.equals( Constants.PR_AUTH_ADMIN_PWD ) || - // ignore this one name.equals( Constants.PR_BINDPWD_PROMPT ) || - name.equals( Constants.PR_DIRECTORY_MANAGER_PWD ) || - name.equals( Constants.PR_OLD_AGENT_PWD ) || - name.equals( Constants.PR_AGENT_PWD ) || - name.equals( Constants.PT_PUBLISH_PWD ) || - /* "passwd" */ name.equals( Constants.PR_BIND_PASSWD ) || - name.equals( Constants.PR_BIND_PASSWD_AGAIN ) || - name.equals( Constants.PR_TOKEN_PASSWD ) ) { + /* "password" */if (name.equals(Constants.PASSWORDTYPE) || + name.equals(Constants.TYPE_PASSWORD) || + name.equals(Constants.PR_USER_PASSWORD) || + name.equals(Constants.PT_OLD_PASSWORD) || + name.equals(Constants.PT_NEW_PASSWORD) || + name.equals(Constants.PT_DIST_STORE) || + name.equals(Constants.PT_DIST_EMAIL) || + /* "pwd" */name.equals(Constants.PR_AUTH_ADMIN_PWD) || + // ignore this one name.equals( + // Constants.PR_BINDPWD_PROMPT ) || + name.equals(Constants.PR_DIRECTORY_MANAGER_PWD) || + name.equals(Constants.PR_OLD_AGENT_PWD) || + name.equals(Constants.PR_AGENT_PWD) || + name.equals(Constants.PT_PUBLISH_PWD) || + /* "passwd" */name.equals(Constants.PR_BIND_PASSWD) || + name.equals(Constants.PR_BIND_PASSWD_AGAIN) || + name.equals(Constants.PR_TOKEN_PASSWD)) { // hide password value parameters += name @@ -1216,14 +1207,14 @@ public class AdminServlet extends HttpServlet { /** * Signed Audit Groups - * - * This method is called to extract all "groups" associated - * with the "auditSubjectID()". + * + * This method is called to extract all "groups" associated with the + * "auditSubjectID()". * <P> - * + * * @param SubjectID string containing the signed audit log message SubjectID - * @return a delimited string of groups associated - * with the "auditSubjectID()" + * @return a delimited string of groups associated with the + * "auditSubjectID()" */ private String auditGroups(String SubjectID) { // if no signed audit object exists, bail @@ -1232,7 +1223,7 @@ public class AdminServlet extends HttpServlet { } if ((SubjectID == null) || - (SubjectID.equals(ILogger.UNIDENTIFIED))) { + (SubjectID.equals(ILogger.UNIDENTIFIED))) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -1250,7 +1241,7 @@ public class AdminServlet extends HttpServlet { IGroup group = (IGroup) groups.nextElement(); if (group.isMember(SubjectID) == true) { - if (membersString.length()!=0) { + if (membersString.length() != 0) { membersString.append(", "); } @@ -1258,7 +1249,7 @@ public class AdminServlet extends HttpServlet { } } - if (membersString.length()!= 0) { + if (membersString.length() != 0) { return membersString.toString(); } else { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -1266,7 +1257,8 @@ public class AdminServlet extends HttpServlet { } protected NameValuePairs convertStringArrayToNVPairs(String[] s) { - if (s == null) return null; + if (s == null) + return null; NameValuePairs nvps = new NameValuePairs(); int i; diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java index 4a7329c9..28a25216 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -46,13 +45,12 @@ import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.ldap.ILdapAuthInfo; import com.netscape.certsrv.logging.ILogger; - /** - * A class representing an administration servlet for the - * Authentication Management subsystem. This servlet is responsible - * to serve configuration requests for the Auths Management subsystem. + * A class representing an administration servlet for the Authentication + * Management subsystem. This servlet is responsible to serve configuration + * requests for the Auths Management subsystem. + * * - * * @version $Revision$, $Date$ */ public class AuthAdminServlet extends AdminServlet { @@ -64,13 +62,13 @@ public class AuthAdminServlet extends AdminServlet { private final static String INFO = "AuthAdminServlet"; private IAuthSubsystem mAuths = null; - private final static String PW_PASSWORD_CACHE_ADD = - "PASSWORD_CACHE_ADD"; + private final static String PW_PASSWORD_CACHE_ADD = + "PASSWORD_CACHE_ADD"; private final static String VIEW = ";" + Constants.VIEW; private final static String EDIT = ";" + Constants.EDIT; private final static String LOGGING_SIGNED_AUDIT_CONFIG_AUTH = - "LOGGING_SIGNED_AUDIT_CONFIG_AUTH_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_AUTH_3"; public AuthAdminServlet() { super(); @@ -88,18 +86,18 @@ public class AuthAdminServlet extends AdminServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** - * retrieve extended plugin info such as brief description, type info - * from policy, authentication, - * need to add: listener, mapper and publishing plugins - * --- same as policy, should we move this into extendedpluginhelper? + * retrieve extended plugin info such as brief description, type info from + * policy, authentication, need to add: listener, mapper and publishing + * plugins --- same as policy, should we move this into + * extendedpluginhelper? */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); @@ -110,7 +108,7 @@ public class AuthAdminServlet extends AdminServlet { String implName = id.substring(colon + 1); NameValuePairs params = - getExtendedPluginInfo(getLocale(req), implType, implName); + getExtendedPluginInfo(getLocale(req), implType, implName); sendResponse(SUCCESS, null, params, resp); } @@ -142,42 +140,43 @@ public class AuthAdminServlet extends AdminServlet { * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); if (op == null) { - //System.out.println("SRVLT_INVALID_PROTOCOL"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + // System.out.println("SRVLT_INVALID_PROTOCOL"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); return; } // if it is not authentication, that means it is for CSC admin ping. // the best way to do is to define another protocol for ping and move // it to the generic servlet which is admin servlet. - if (!op.equals(OpDef.OP_AUTH)) { + if (!op.equals(OpDef.OP_AUTH)) { if (scope.equals(ScopeDef.SC_AUTH)) { String id = req.getParameter(Constants.RS_ID); // for CSC admin ping only if (op.equals(OpDef.OP_READ) && - id.equals(Constants.RS_ID_CONFIG)) { + id.equals(Constants.RS_ID_CONFIG)) { - // no need to authenticate this. if we're alive, return true. + // no need to authenticate this. if we're alive, return + // true. NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_PING, Constants.TRUE); sendResponse(SUCCESS, null, params, resp); return; } else { - //System.out.println("SRVLT_INVALID_OP_TYPE"); + // System.out.println("SRVLT_INVALID_OP_TYPE"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), + null, resp); return; } } @@ -186,7 +185,7 @@ public class AuthAdminServlet extends AdminServlet { try { if (op.equals(OpDef.OP_AUTH)) { if (scope.equals(ScopeDef.SC_AUTHTYPE)) { - IConfigStore configStore = CMS.getConfigStore(); + IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("authType", "pwd"); NameValuePairs params = new NameValuePairs(); @@ -196,11 +195,11 @@ public class AuthAdminServlet extends AdminServlet { } } } catch (Exception e) { - sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); return; } - // for the rest + // for the rest try { super.authenticate(req); if (op.equals(OpDef.OP_AUTH)) { // for admin authentication only @@ -208,9 +207,9 @@ public class AuthAdminServlet extends AdminServlet { return; } } catch (IOException e) { - //System.out.println("SRVLT_FAIL_AUTHS"); - sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + // System.out.println("SRVLT_FAIL_AUTHS"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); return; } @@ -223,8 +222,8 @@ public class AuthAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } getExtendedPluginInfo(req, resp); @@ -238,8 +237,8 @@ public class AuthAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) { @@ -249,17 +248,17 @@ public class AuthAdminServlet extends AdminServlet { listAuthMgrInsts(req, resp); return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) { @@ -269,17 +268,17 @@ public class AuthAdminServlet extends AdminServlet { getInstConfig(req, resp); return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_ADD)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) { @@ -289,17 +288,17 @@ public class AuthAdminServlet extends AdminServlet { addAuthMgrInst(req, resp, scope); return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) { @@ -309,17 +308,17 @@ public class AuthAdminServlet extends AdminServlet { delAuthMgrInst(req, resp, scope); return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_MGR_INSTANCE)) { @@ -328,18 +327,18 @@ public class AuthAdminServlet extends AdminServlet { } } else { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } - } + } } catch (EBaseException e) { sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; - } + } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); return; } @@ -356,23 +355,24 @@ public class AuthAdminServlet extends AdminServlet { /** * Add authentication manager plug-in * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring * authentication * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - - private synchronized void addAuthMgrPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + + private synchronized void addAuthMgrPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -392,10 +392,10 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the manager id unique? @@ -410,8 +410,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(), - null, resp); + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(), + null, resp); return; } @@ -428,13 +428,13 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_NULL_AUTHMGR_CLASSNAME"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_NULL_AUTHMGR_CLASSNAME"), + null, resp); return; } if (classPath.equals("com.netscape.cmscore.authentication.PasswdUserDBAuthentication") || - classPath.equals("com.netscape.cmscore.authentication.CertUserDBAuthentication")) { + classPath.equals("com.netscape.cmscore.authentication.CertUserDBAuthentication")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_AUTH, @@ -445,17 +445,17 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); return; } IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); // Does the class exist? - + Class<IAuthManager> newImpl = null; try { @@ -473,8 +473,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"), + null, resp); return; } catch (IllegalArgumentException e) { // store a message in the signed audit log file @@ -487,8 +487,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"), + null, resp); return; } @@ -505,11 +505,12 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_ILL_CLASS"), + null, resp); return; } - } catch (NullPointerException e) { // unlikely, only if newImpl null. + } catch (NullPointerException e) { // unlikely, only if newImpl + // null. // store a message in the signed audit log file auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_AUTH, @@ -520,8 +521,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_ILL_CLASS"), + null, resp); return; } @@ -542,10 +543,10 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -553,8 +554,8 @@ public class AuthAdminServlet extends AdminServlet { AuthMgrPlugin plugin = new AuthMgrPlugin(id, classPath); mAuths.getPlugins().put(id, plugin); - mAuths.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_PLUGIN_ADD", id)); + mAuths.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_PLUGIN_ADD", id)); NameValuePairs params = new NameValuePairs(); @@ -570,17 +571,17 @@ public class AuthAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -594,39 +595,40 @@ public class AuthAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Add authentication manager instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring * authentication * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addAuthMgrInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addAuthMgrInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -647,8 +649,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -664,8 +666,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_MGR_INST_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_ILL_MGR_INST_ID"), + null, resp); return; } @@ -685,21 +687,21 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_MISSING_PARAMS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_MISSING_PARAMS"), + null, resp); return; } // prevent agent & admin creation. if (implname.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) || - implname.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) { + implname.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); } // check if implementation exists. AuthMgrPlugin plugin = - (AuthMgrPlugin) mAuths.getPlugins().get(implname); + (AuthMgrPlugin) mAuths.getPlugins().get(implname); if (plugin == null) { // store a message in the signed audit log file @@ -712,8 +714,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), - null, resp); + new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), + null, resp); return; } @@ -723,9 +725,9 @@ public class AuthAdminServlet extends AdminServlet { String[] configParams = mAuths.getConfigParams(implname); IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); IConfigStore substore = instancesConfig.makeSubStore(id); if (configParams != null) { @@ -765,8 +767,8 @@ public class AuthAdminServlet extends AdminServlet { // cleanup instancesConfig.removeSubStore(id); sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (InstantiationException e) { // store a message in the signed audit log file @@ -780,8 +782,8 @@ public class AuthAdminServlet extends AdminServlet { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { // store a message in the signed audit log file @@ -795,8 +797,8 @@ public class AuthAdminServlet extends AdminServlet { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } @@ -835,16 +837,16 @@ public class AuthAdminServlet extends AdminServlet { // clean up. instancesConfig.removeSubStore(id); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // inited and commited ok. now add manager instance to list. mAuths.add(id, authMgrInst); - mAuths.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_ADD", id)); + mAuths.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_ADD", id)); NameValuePairs params = new NameValuePairs(); @@ -886,22 +888,22 @@ public class AuthAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } - private synchronized void listAuthMgrPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listAuthMgrPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -909,8 +911,8 @@ public class AuthAdminServlet extends AdminServlet { while (e.hasMoreElements()) { String name = (String) e.nextElement(); - AuthMgrPlugin value = (AuthMgrPlugin) - mAuths.getPlugins().get(name); + AuthMgrPlugin value = (AuthMgrPlugin) + mAuths.getPlugins().get(name); if (value.isVisible()) { params.add(name, value.getClassPath() + EDIT); @@ -920,14 +922,13 @@ public class AuthAdminServlet extends AdminServlet { return; } - private synchronized void listAuthMgrInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listAuthMgrInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); - for (Enumeration<?> e = mAuths.getInstances().keys(); - e.hasMoreElements();) { + for (Enumeration<?> e = mAuths.getInstances().keys(); e.hasMoreElements();) { String name = (String) e.nextElement(); AuthManagerProxy proxy = (AuthManagerProxy) mAuths.getInstances().get(name); IAuthManager value = proxy.getAuthManager(); @@ -938,7 +939,7 @@ public class AuthAdminServlet extends AdminServlet { } AuthMgrPlugin amgrplugin = (AuthMgrPlugin) - mAuths.getPlugins().get(value.getImplName()); + mAuths.getPlugins().get(value.getImplName()); if (!amgrplugin.isVisible()) { params.add(name, value.getImplName() + ";invisible;" + enableStr); @@ -953,21 +954,22 @@ public class AuthAdminServlet extends AdminServlet { /** * Delete authentication manager plug-in * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring * authentication * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void delAuthMgrPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delAuthMgrPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -989,18 +991,18 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // prevent deletion of admin and agent. if (id.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) || - id.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) { + id.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); } // does auth manager exist? @@ -1015,15 +1017,14 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(), - null, resp); + new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(), + null, resp); return; } // first check if any instances from this auth manager // DON'T remove auth manager if any instance - for (Enumeration<?> e = mAuths.getInstances().keys(); - e.hasMoreElements();) { + for (Enumeration<?> e = mAuths.getInstances().keys(); e.hasMoreElements();) { IAuthManager authMgr = (IAuthManager) mAuths.get((String) e.nextElement()); if (authMgr.getImplName() == id) { @@ -1037,19 +1038,19 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_MGR_IN_USE"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_MGR_IN_USE"), + null, resp); return; } } - + // then delete this auth manager mAuths.getPlugins().remove((Object) id); IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); instancesConfig.removeSubStore(id); // commiting @@ -1066,8 +1067,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1083,17 +1084,17 @@ public class AuthAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -1107,38 +1108,39 @@ public class AuthAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } } /** * Delete authentication manager instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring * authentication * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void delAuthMgrInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delAuthMgrInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -1160,18 +1162,18 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // prevent deletion of admin and agent. if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) || - id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); } // does auth manager instance exist? @@ -1186,23 +1188,23 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(), - null, resp); + new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(), + null, resp); return; } // only remove from memory // cannot shutdown because we don't keep track of whether it's - // being used. + // being used. IAuthManager mgrInst = (IAuthManager) mAuths.get(id); mAuths.getInstances().remove((Object) id); // remove the configuration. IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); instancesConfig.removeSubStore(id); // commiting @@ -1218,15 +1220,15 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } - //This only works in the fact that we only support one instance per - //auth plugin. + // This only works in the fact that we only support one instance per + // auth plugin. ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); authInfo.removePassword("Rule " + id); @@ -1243,17 +1245,17 @@ public class AuthAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -1267,40 +1269,39 @@ public class AuthAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** - * used for getting the required configuration parameters (with - * possible default values) for a particular auth manager plugin - * implementation name specified in the RS_ID. Actually, there is - * no logic in here to set any default value here...there's no - * default value for any parameter in this authentication subsystem - * at this point. Later, if we do have one (or some), it can be - * added. The interface remains the same. + * used for getting the required configuration parameters (with possible + * default values) for a particular auth manager plugin implementation name + * specified in the RS_ID. Actually, there is no logic in here to set any + * default value here...there's no default value for any parameter in this + * authentication subsystem at this point. Later, if we do have one (or + * some), it can be added. The interface remains the same. */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1318,25 +1319,25 @@ public class AuthAdminServlet extends AdminServlet { return; } - private synchronized void getInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void getInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does auth manager instance exist? if (mAuths.getInstances().containsKey(id) == false) { sendResponse(ERROR, - new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(), - null, resp); + new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(), + null, resp); return; } @@ -1365,29 +1366,29 @@ public class AuthAdminServlet extends AdminServlet { } /** - * Modify authentication manager instance - * This will actually create a new instance with new configuration - * parameters and replace the old instance if the new instance is - * created and initialized successfully. - * The old instance is left running, so this is very expensive. - * Restart of server recommended. + * Modify authentication manager instance This will actually create a new + * instance with new configuration parameters and replace the old instance + * if the new instance is created and initialized successfully. The old + * instance is left running, so this is very expensive. Restart of server + * recommended. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring * authentication * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modAuthMgrInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void modAuthMgrInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { // expensive operation. @@ -1409,18 +1410,18 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // prevent modification of admin and agent. if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) || - id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); } // Does the manager instance exist? @@ -1435,8 +1436,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage("CMS_AUTHENTICATION_MGR_IMPL_NOT_FOUND"), - null, resp); + CMS.getUserMessage("CMS_AUTHENTICATION_MGR_IMPL_NOT_FOUND"), + null, resp); return; } @@ -1454,14 +1455,14 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage("CMS_AUTHENTICATION_MISSING_PARAMS"), - null, resp); + CMS.getUserMessage("CMS_AUTHENTICATION_MISSING_PARAMS"), + null, resp); return; } - // get plugin for implementation + // get plugin for implementation AuthMgrPlugin plugin = - (AuthMgrPlugin) mAuths.getPlugins().get(implname); + (AuthMgrPlugin) mAuths.getPlugins().get(implname); if (plugin == null) { // store a message in the signed audit log file @@ -1474,15 +1475,15 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), - null, resp); + new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), + null, resp); return; } - // save old instance substore params in case new one fails. + // save old instance substore params in case new one fails. - IAuthManager oldinst = - (IAuthManager) mAuths.get(id); + IAuthManager oldinst = + (IAuthManager) mAuths.get(id); IConfigStore oldConfig = oldinst.getConfigStore(); String[] oldConfigParms = oldinst.getConfigParams(); @@ -1490,7 +1491,7 @@ public class AuthAdminServlet extends AdminServlet { // implName is always required so always include it it. saveParams.add(IAuthSubsystem.PROP_PLUGIN, - (String) oldConfig.get(IAuthSubsystem.PROP_PLUGIN)); + (String) oldConfig.get(IAuthSubsystem.PROP_PLUGIN)); if (oldConfigParms != null) { for (int i = 0; i < oldConfigParms.length; i++) { String key = oldConfigParms[i]; @@ -1507,9 +1508,9 @@ public class AuthAdminServlet extends AdminServlet { // remove old substore. IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); instancesConfig.removeSubStore(id); @@ -1551,8 +1552,8 @@ public class AuthAdminServlet extends AdminServlet { // cleanup restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (InstantiationException e) { // store a message in the signed audit log file @@ -1566,8 +1567,8 @@ public class AuthAdminServlet extends AdminServlet { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { // store a message in the signed audit log file @@ -1581,8 +1582,8 @@ public class AuthAdminServlet extends AdminServlet { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } @@ -1606,7 +1607,7 @@ public class AuthAdminServlet extends AdminServlet { return; } - // initialized ok. commiting + // initialized ok. commiting try { mConfig.commit(true); } catch (EBaseException e) { @@ -1621,10 +1622,10 @@ public class AuthAdminServlet extends AdminServlet { // clean up. restore(instancesConfig, id, saveParams); - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1632,8 +1633,8 @@ public class AuthAdminServlet extends AdminServlet { mAuths.add(id, newMgrInst); - mAuths.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_REPL", id)); + mAuths.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_REPL", id)); NameValuePairs params = new NameValuePairs(); @@ -1673,23 +1674,23 @@ public class AuthAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } // convenience routine. - private static void restore(IConfigStore store, - String id, NameValuePairs saveParams) { + private static void restore(IConfigStore store, + String id, NameValuePairs saveParams) { store.removeSubStore(id); IConfigStore rstore = store.makeSubStore(id); @@ -1699,7 +1700,7 @@ public class AuthAdminServlet extends AdminServlet { String key = (String) keys.nextElement(); String value = saveParams.getValue(key); - if (value != null) + if (value != null) rstore.put(key, value); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java index bfa9cccd..cca86dce 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.util.Enumeration; import java.util.Hashtable; @@ -25,11 +24,10 @@ import com.netscape.certsrv.authentication.IAuthCredentials; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; - /** * Authentication Credentials as input to the authMgr * <P> - * + * * @version $Revision$, $Date$ */ public class AuthCredentials implements IAuthCredentials { @@ -38,21 +36,23 @@ public class AuthCredentials implements IAuthCredentials { */ private static final long serialVersionUID = -6938644716486895814L; private Hashtable authCreds = null; - // Inserted by bskim + // Inserted by bskim private IArgBlock argblk = null; + // Insert end - + public AuthCredentials() { authCreds = new Hashtable(); } /** * sets a credential with credential name and the credential + * * @param name credential name * @param cred credential * @exception com.netscape.certsrv.base.EBaseException NullPointerException */ - public void set(String name, Object cred)throws EBaseException { + public void set(String name, Object cred) throws EBaseException { if (cred == null) { throw new EBaseException("AuthCredentials.set()"); } @@ -62,7 +62,8 @@ public class AuthCredentials implements IAuthCredentials { /** * returns the credential to which the specified name is mapped in this - * credential set + * credential set + * * @param name credential name * @return the named authentication credential */ @@ -71,9 +72,10 @@ public class AuthCredentials implements IAuthCredentials { } /** - * removes the name and its corresponding credential from this - * credential set. This method does nothing if the named - * credential is not in the credential set. + * removes the name and its corresponding credential from this credential + * set. This method does nothing if the named credential is not in the + * credential set. + * * @param name credential name */ public void delete(String name) { @@ -81,27 +83,27 @@ public class AuthCredentials implements IAuthCredentials { } /** - * returns an enumeration of the credentials in this credential - * set. Use the Enumeration methods on the returned object to - * fetch the elements sequentially. + * returns an enumeration of the credentials in this credential set. Use the + * Enumeration methods on the returned object to fetch the elements + * sequentially. + * * @return an enumeration of the values in this credential set * @see java.util.Enumeration */ public Enumeration getElements() { return (authCreds.elements()); } - + // Inserted by bskim public void setArgBlock(IArgBlock blk) { argblk = blk; return; - } + } // Insert end - + public IArgBlock getArgBlock() { return argblk; - } + } // Insert end } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java index 0ae51ce4..a70d5130 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.File; import java.io.IOException; import java.net.UnknownHostException; @@ -45,13 +44,11 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.request.IRequestListener; import com.netscape.cmsutil.util.Utils; - /** - * A class representings an administration servlet for Certificate - * Authority. This servlet is responsible to serve CA - * administrative operations such as configuration parameter - * updates. - * + * A class representings an administration servlet for Certificate Authority. + * This servlet is responsible to serve CA administrative operations such as + * configuration parameter updates. + * * @version $Revision$, $Date$ */ public class CAAdminServlet extends AdminServlet { @@ -66,7 +63,7 @@ public class CAAdminServlet extends AdminServlet { private final static String INFO = "CAAdminServlet"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE = - "LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE_3"; private ICertificateAuthority mCA = null; protected static final String PROP_ENABLED = "enabled"; @@ -94,22 +91,22 @@ public class CAAdminServlet extends AdminServlet { } /** - * Serves HTTP request. Each request is authenticated to - * the authenticate manager. + * Serves HTTP request. Each request is authenticated to the authenticate + * manager. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); - - //get all operational flags + + // get all operational flags String op = req.getParameter(Constants.OP_TYPE); String scope = req.getParameter(Constants.OP_SCOPE); - //check operational flags + // check operational flags if ((op == null) || (scope == null)) { sendResponse(1, "Invalid Protocol", null, resp); return; - } + } super.authenticate(req); @@ -120,8 +117,8 @@ public class CAAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } getExtendedPluginInfo(req, resp); @@ -135,8 +132,8 @@ public class CAAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) @@ -159,8 +156,8 @@ public class CAAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) @@ -171,9 +168,9 @@ public class CAAdminServlet extends AdminServlet { setCRLIPsConfig(req, resp); else if (scope.equals(ScopeDef.SC_CRL)) setCRLConfig(req, resp); - else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP)) + else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP)) setNotificationReqCompConfig(req, resp); - else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) + else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) setNotificationRevCompConfig(req, resp); else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) setNotificationRIQConfig(req, resp); @@ -183,8 +180,8 @@ public class CAAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_CRLEXTS_RULES)) @@ -195,8 +192,8 @@ public class CAAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_CRLIPS)) @@ -205,8 +202,8 @@ public class CAAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_CRLIPS)) @@ -220,23 +217,24 @@ public class CAAdminServlet extends AdminServlet { } } - /*========================================================== - * private methods - *==========================================================*/ - + /* + * ========================================================== private + * methods========================================================== + */ + /* * handle request completion (cert issued) notification config requests */ private void getNotificationCompConfig(HttpServletRequest req, - HttpServletResponse resp, IConfigStore rc) throws ServletException, + HttpServletResponse resp, IConfigStore rc) throws ServletException, IOException, EBaseException { - + NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); - + while (e.hasMoreElements()) { String name = (String) e.nextElement(); - + if (name.equals(Constants.OP_TYPE)) continue; if (name.equals(Constants.RS_ID)) @@ -247,33 +245,33 @@ public class CAAdminServlet extends AdminServlet { continue; params.add(name, rc.getString(name, "")); } - + params.add(Constants.PR_ENABLE, - rc.getString(PROP_ENABLED, Constants.FALSE)); + rc.getString(PROP_ENABLED, Constants.FALSE)); sendResponse(SUCCESS, null, params, resp); } - + private void getNotificationRevCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - + IConfigStore config = mCA.getConfigStore(); IConfigStore nc = - config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE); - + getNotificationCompConfig(req, resp, rc); } - + private void getNotificationReqCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - + IConfigStore config = mCA.getConfigStore(); IConfigStore nc = - config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE); - + getNotificationCompConfig(req, resp, rc); } @@ -281,14 +279,14 @@ public class CAAdminServlet extends AdminServlet { * handle getting request in queue notification config info */ private void getNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mCA.getConfigStore(); IConfigStore nc = - config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore riq = nc.getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE); @@ -308,8 +306,8 @@ public class CAAdminServlet extends AdminServlet { params.add(name, riq.getString(name, "")); } - params.add(Constants.PR_ENABLE, - riq.getString(PROP_ENABLED, Constants.FALSE)); + params.add(Constants.PR_ENABLE, + riq.getString(PROP_ENABLED, Constants.FALSE)); sendResponse(SUCCESS, null, params, resp); } @@ -317,15 +315,15 @@ public class CAAdminServlet extends AdminServlet { * handle setting request in queue notification config info */ private void setNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore config = mCA.getConfigStore(); IConfigStore nc = - config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore riq = nc.getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE); - //set rest of the parameters + // set rest of the parameters Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { @@ -346,15 +344,15 @@ public class CAAdminServlet extends AdminServlet { File template = new File(val); if ((!template.exists()) || (!template.canRead()) - || (template.isDirectory())) { + || (template.isDirectory())) { String error = - "Template: " + val + " does not exist or invalid"; + "Template: " + val + " does not exist or invalid"; log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"), + null, resp); return; } } @@ -377,10 +375,10 @@ public class CAAdminServlet extends AdminServlet { * handle setting request complete notification config info */ private void setNotificationCompConfig(HttpServletRequest req, - HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException, + HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException, IOException, EBaseException { - - //set rest of the parameters + + // set rest of the parameters Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { @@ -401,15 +399,15 @@ public class CAAdminServlet extends AdminServlet { File template = new File(val); if ((!template.exists()) || (!template.canRead()) - || (template.isDirectory())) { + || (template.isDirectory())) { String error = - "Template: " + val + " does not exist or invalid"; + "Template: " + val + " does not exist or invalid"; log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"), + null, resp); return; } } @@ -429,23 +427,23 @@ public class CAAdminServlet extends AdminServlet { } private void setNotificationRevCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore config = mCA.getConfigStore(); IConfigStore nc = - config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE); + IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE); setNotificationCompConfig(req, resp, rc, mCA.getCertRevokedListener()); - } + } private void setNotificationReqCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore config = mCA.getConfigStore(); IConfigStore nc = - config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE); @@ -454,8 +452,8 @@ public class CAAdminServlet extends AdminServlet { } private void listCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration ips = mCA.getCRLIssuingPoints(); @@ -469,16 +467,16 @@ public class CAAdminServlet extends AdminServlet { if (ipId != null && ipId.length() > 0) params.add(ipId, ip.getDescription()); params.add(ipId + "." + Constants.PR_ENABLED, - (Boolean.valueOf(ip.isCRLIssuingPointEnabled())).toString()); + (Boolean.valueOf(ip.isCRLIssuingPointEnabled())).toString()); } } - + sendResponse(SUCCESS, null, params, resp); } private void getCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); @@ -518,11 +516,12 @@ public class CAAdminServlet extends AdminServlet { /** * Add CRL issuing points configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when * configuring CRL profile (extensions, frequency, CRL format) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -530,8 +529,8 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void addCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -578,7 +577,7 @@ public class CAAdminServlet extends AdminServlet { boolean enable = true; if (sEnable != null && sEnable.length() > 0 && - sEnable.equalsIgnoreCase(Constants.FALSE)) { + sEnable.equalsIgnoreCase(Constants.FALSE)) { enable = false; params.add(Constants.PR_ENABLED, Constants.FALSE); } else { @@ -586,7 +585,7 @@ public class CAAdminServlet extends AdminServlet { } IConfigStore crlSubStore = - mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); Enumeration crlNames = crlSubStore.getSubStoreNames(); while (crlNames.hasMoreElements()) { @@ -656,28 +655,29 @@ public class CAAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Set CRL issuing points configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when * configuring CRL profile (extensions, frequency, CRL format) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -685,8 +685,8 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -733,7 +733,7 @@ public class CAAdminServlet extends AdminServlet { boolean enable = true; if (sEnable != null && sEnable.length() > 0 && - sEnable.equalsIgnoreCase(Constants.FALSE)) { + sEnable.equalsIgnoreCase(Constants.FALSE)) { enable = false; params.add(Constants.PR_ENABLED, Constants.FALSE); } else { @@ -741,7 +741,7 @@ public class CAAdminServlet extends AdminServlet { } IConfigStore crlSubStore = - mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); boolean done = false; Enumeration crlNames = crlSubStore.getSubStoreNames(); @@ -759,8 +759,8 @@ public class CAAdminServlet extends AdminServlet { if (c != null) { c.putString(Constants.PR_DESCRIPTION, desc); - c.putString(Constants.PR_ENABLED, - (enable) ? Constants.TRUE : Constants.FALSE); + c.putString(Constants.PR_ENABLED, + (enable) ? Constants.TRUE : Constants.FALSE); } done = true; break; @@ -816,28 +816,29 @@ public class CAAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Delete CRL issuing points configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when * configuring CRL profile (extensions, frequency, CRL format) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -845,8 +846,8 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void deleteCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -859,7 +860,7 @@ public class CAAdminServlet extends AdminServlet { if (id != null && id.length() > 0) { IConfigStore crlSubStore = - mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); boolean done = false; Enumeration crlNames = crlSubStore.getSubStoreNames(); @@ -923,23 +924,23 @@ public class CAAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } private void getCRLExtsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String ipId = null; @@ -974,11 +975,12 @@ public class CAAdminServlet extends AdminServlet { /** * Delete CRL extensions configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when * configuring CRL profile (extensions, frequency, CRL format) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -986,8 +988,8 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setCRLExtsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1007,10 +1009,10 @@ public class CAAdminServlet extends AdminServlet { IConfigStore config = mCA.getConfigStore(); IConfigStore crlsSubStore = - config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); IConfigStore crlSubStore = crlsSubStore.getSubStore(ipId); IConfigStore crlExtsSubStore = - crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE); + crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE); String id = req.getParameter(Constants.RS_ID); @@ -1077,23 +1079,23 @@ public class CAAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } private void listCRLExtsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.PR_ID); @@ -1130,12 +1132,12 @@ public class CAAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); } - /** - * retrieve extended plugin info such as brief description, - * type info from CRL extensions + /** + * retrieve extended plugin info such as brief description, type info from + * CRL extensions */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); int colon = id.indexOf(':'); @@ -1143,8 +1145,8 @@ public class CAAdminServlet extends AdminServlet { String implType = id.substring(0, colon); String implName = id.substring(colon + 1); - NameValuePairs params = - getExtendedPluginInfo(getLocale(req), implType, implName); + NameValuePairs params = + getExtendedPluginInfo(getLocale(req), implType, implName); sendResponse(SUCCESS, null, params, resp); } @@ -1191,11 +1193,12 @@ public class CAAdminServlet extends AdminServlet { /** * Set CRL configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when * configuring CRL profile (extensions, frequency, CRL format) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -1203,7 +1206,7 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setCRLConfig(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1215,17 +1218,17 @@ public class CAAdminServlet extends AdminServlet { String id = req.getParameter(Constants.RS_ID); if (id == null || id.length() <= 0 || - id.equals(Constants.RS_ID_CONFIG)) { + id.equals(Constants.RS_ID_CONFIG)) { id = ICertificateAuthority.PROP_MASTER_CRL; } ICRLIssuingPoint ip = mCA.getCRLIssuingPoint(id); - //Save New Settings to the config file + // Save New Settings to the config file IConfigStore config = mCA.getConfigStore(); IConfigStore crlsSubStore = config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); IConfigStore crlSubStore = crlsSubStore.getSubStore(id); - //set reset of the parameters + // set reset of the parameters Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { @@ -1286,22 +1289,22 @@ public class CAAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } private void getCRLConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -1309,11 +1312,11 @@ public class CAAdminServlet extends AdminServlet { String id = req.getParameter(Constants.RS_ID); if (id == null || id.length() <= 0 || - id.equals(Constants.RS_ID_CONFIG)) { + id.equals(Constants.RS_ID_CONFIG)) { id = ICertificateAuthority.PROP_MASTER_CRL; } IConfigStore crlsSubStore = - mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); IConfigStore crlSubStore = crlsSubStore.getSubStore(id); Enumeration e = req.getParameterNames(); @@ -1335,9 +1338,9 @@ public class CAAdminServlet extends AdminServlet { getSigningAlgConfig(params); sendResponse(SUCCESS, null, params, resp); } - + private void getConnectorConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore caConfig = mCA.getConfigStore(); IConfigStore connectorConfig = caConfig.getSubStore("connector"); @@ -1370,14 +1373,14 @@ public class CAAdminServlet extends AdminServlet { } private void setConnectorConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore caConfig = mCA.getConfigStore(); IConfigStore connectorConfig = caConfig.getSubStore("connector"); IConfigStore caConnectorConfig = null; -// String nickname = CMS.getServerCertNickname(); + // String nickname = CMS.getServerCertNickname(); if (isKRAConnector(req)) { caConnectorConfig = connectorConfig.getSubStore("KRA"); @@ -1397,12 +1400,10 @@ public class CAAdminServlet extends AdminServlet { continue; if (name.equals(Constants.OP_SCOPE)) continue; -/* - if (name.equals("nickName")) { - caConnectorConfig.putString(name, nickname); - continue; - } -*/ + /* + * if (name.equals("nickName")) { + * caConnectorConfig.putString(name, nickname); continue; } + */ if (name.equals("host")) { try { Utils.checkHost(req.getParameter("host")); @@ -1456,27 +1457,23 @@ public class CAAdminServlet extends AdminServlet { } private void getGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String value = "false"; /* - ISubsystem eeGateway = - SubsystemRegistry.getInstance().get("eeGateway"); - if (eeGateway != null) { - IConfigStore eeConfig = eeGateway.getConfigStore(); - if (eeConfig != null) - value = eeConfig.getString("enabled", "true"); - String ocspValue = "true"; - ocspValue = eeConfig.getString("enableOCSP", "true"); - params.add(Constants.PR_OCSP_ENABLED, ocspValue); - } - params.add(Constants.PR_EE_ENABLED, value); + * ISubsystem eeGateway = + * SubsystemRegistry.getInstance().get("eeGateway"); if (eeGateway != + * null) { IConfigStore eeConfig = eeGateway.getConfigStore(); if + * (eeConfig != null) value = eeConfig.getString("enabled", "true"); + * String ocspValue = "true"; ocspValue = + * eeConfig.getString("enableOCSP", "true"); + * params.add(Constants.PR_OCSP_ENABLED, ocspValue); } + * params.add(Constants.PR_EE_ENABLED, value); */ - IConfigStore caConfig = mCA.getConfigStore(); value = caConfig.getString(ICertificateAuthority.PROP_ENABLE_PAST_CATIME, "false"); @@ -1485,18 +1482,18 @@ public class CAAdminServlet extends AdminServlet { getSigningAlgConfig(params); getSerialConfig(params); getMaxSerialConfig(params); - + sendResponse(SUCCESS, null, params, resp); } private void getSigningAlgConfig(NameValuePairs params) { params.add(Constants.PR_DEFAULT_ALGORITHM, - mCA.getDefaultAlgorithm()); + mCA.getDefaultAlgorithm()); String[] algorithms = mCA.getCASigningAlgorithms(); StringBuffer algorStr = new StringBuffer(); for (int i = 0; i < algorithms.length; i++) { - if (i == 0) + if (i == 0) algorStr.append(algorithms[i]); else { algorStr.append(":"); @@ -1508,23 +1505,23 @@ public class CAAdminServlet extends AdminServlet { private void getSerialConfig(NameValuePairs params) { params.add(Constants.PR_SERIAL, - mCA.getStartSerial()); + mCA.getStartSerial()); } private void getMaxSerialConfig(NameValuePairs params) { params.add(Constants.PR_MAXSERIAL, - mCA.getMaxSerial()); + mCA.getMaxSerial()); } private void setGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { ISubsystem eeGateway = null; /* - ISubsystem eeGateway = - SubsystemRegistry.getInstance().get("eeGateway"); + * ISubsystem eeGateway = + * SubsystemRegistry.getInstance().get("eeGateway"); */ IConfigStore eeConfig = null; @@ -1533,7 +1530,7 @@ public class CAAdminServlet extends AdminServlet { Enumeration enum1 = req.getParameterNames(); boolean restart = false; - //mCA.setMaxSerial(""); + // mCA.setMaxSerial(""); while (enum1.hasMoreElements()) { String key = (String) enum1.nextElement(); String value = req.getParameter(key); @@ -1541,15 +1538,11 @@ public class CAAdminServlet extends AdminServlet { if (key.equals(Constants.PR_EE_ENABLED)) { /* - if (eeConfig != null) { - if (((EEGateway)eeGateway).isEnabled() && - value.equals("false") || - !((EEGateway)eeGateway).isEnabled() && - value.equals("true")) { - restart=true;; - } - eeConfig.putString("enabled", value); - } + * if (eeConfig != null) { if + * (((EEGateway)eeGateway).isEnabled() && value.equals("false") + * || !((EEGateway)eeGateway).isEnabled() && + * value.equals("true")) { restart=true;; } + * eeConfig.putString("enabled", value); } */ } else if (key.equals(Constants.PR_VALIDITY)) { mCA.setValidity(value); @@ -1573,6 +1566,6 @@ public class CAAdminServlet extends AdminServlet { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, - level, "CAAdminServlet: " + msg); + level, "CAAdminServlet: " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java index 3251e46b..f55ba57b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; @@ -82,11 +81,10 @@ import com.netscape.cmsutil.util.Cert; import com.netscape.symkey.SessionKey; /** - * A class representings an administration servlet. This - * servlet is responsible to serve Certificate Server - * level administrative operations such as configuration - * parameter updates. - * + * A class representings an administration servlet. This servlet is responsible + * to serve Certificate Server level administrative operations such as + * configuration parameter updates. + * * @version $Revision$, $Date$ */ public final class CMSAdminServlet extends AdminServlet { @@ -108,13 +106,13 @@ public final class CMSAdminServlet extends AdminServlet { private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static byte EOL[] = { Character.LINE_SEPARATOR }; private final static String LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION = - "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY = - "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3"; private final static String LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC = - "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3"; + "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3"; private final static String LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION = - "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2"; + "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2"; private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION = "LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3"; @@ -145,13 +143,13 @@ public final class CMSAdminServlet extends AdminServlet { * Serves HTTP request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); try { super.authenticate(req); } catch (IOException e) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + null, resp); return; } @@ -164,8 +162,8 @@ public final class CMSAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } getEnv(req, resp); @@ -175,8 +173,8 @@ public final class CMSAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) @@ -199,13 +197,13 @@ public final class CMSAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) setDBConfig(req, resp); - else if (scope.equals(ScopeDef.SC_SMTP)) + else if (scope.equals(ScopeDef.SC_SMTP)) modifySMTPConfig(req, resp); else if (scope.equals(ScopeDef.SC_TASKS)) performTasks(req, resp); @@ -213,9 +211,9 @@ public final class CMSAdminServlet extends AdminServlet { modifyEncryption(req, resp); else if (scope.equals(ScopeDef.SC_ISSUE_IMPORT_CERT)) issueImportCert(req, resp); - else if (scope.equals(ScopeDef.SC_INSTALL_CERT)) + else if (scope.equals(ScopeDef.SC_INSTALL_CERT)) installCert(req, resp); - else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT)) + else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT)) importXCert(req, resp); else if (scope.equals(ScopeDef.SC_DELETE_CERTS)) deleteCerts(req, resp); @@ -229,8 +227,8 @@ public final class CMSAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_SUBSYSTEM)) @@ -239,11 +237,11 @@ public final class CMSAdminServlet extends AdminServlet { getCACerts(req, resp); else if (scope.equals(ScopeDef.SC_ALL_CERTLIST)) getAllCertsManage(req, resp); - else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) + else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) getUserCerts(req, resp); - else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) + else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) getTKSKeys(req, resp); - else if (scope.equals(ScopeDef.SC_TOKEN)) + else if (scope.equals(ScopeDef.SC_TOKEN)) getAllTokenNames(req, resp); else if (scope.equals(ScopeDef.SC_ROOTCERTSLIST)) getRootCerts(req, resp); @@ -251,21 +249,21 @@ public final class CMSAdminServlet extends AdminServlet { mOp = "delete"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ROOTCERTSLIST)) { deleteRootCert(req, resp); } else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) { - deleteUserCert(req,resp); + deleteUserCert(req, resp); } } else if (op.equals(OpDef.OP_PROCESS)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_CERT_REQUEST)) @@ -282,14 +280,14 @@ public final class CMSAdminServlet extends AdminServlet { checkTokenStatus(req, resp); else if (scope.equals(ScopeDef.SC_SELFTESTS)) runSelfTestsOnDemand(req, resp); - else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) + else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) createMasterKey(req, resp); } else if (op.equals(OpDef.OP_VALIDATE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_SUBJECT_NAME)) @@ -303,7 +301,7 @@ public final class CMSAdminServlet extends AdminServlet { } } catch (EBaseException e) { sendResponse(ERROR, e.toString(getLocale(req)), - null, resp); + null, resp); return; } catch (Exception e) { StringWriter sw = new StringWriter(); @@ -316,7 +314,7 @@ public final class CMSAdminServlet extends AdminServlet { } private void getEnv(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -324,16 +322,16 @@ public final class CMSAdminServlet extends AdminServlet { params.add(Constants.PR_NT, Constants.TRUE); else params.add(Constants.PR_NT, Constants.FALSE); - + sendResponse(SUCCESS, null, params, resp); } private void getAllTokenNames(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_TOKEN_LIST, jssSubSystem.getTokenList()); @@ -342,15 +340,15 @@ public final class CMSAdminServlet extends AdminServlet { } private void getAllNicknames(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); params.add(Constants.PR_ALL_NICKNAMES, jssSubSystem.getAllCerts()); - + sendResponse(SUCCESS, null, params, resp); } @@ -361,18 +359,18 @@ public final class CMSAdminServlet extends AdminServlet { String type = ""; ISubsystem sys = (ISubsystem) e.nextElement(); - //get subsystem type + // get subsystem type if ((sys instanceof IKeyRecoveryAuthority) && - subsystem.equals("kra")) + subsystem.equals("kra")) return true; else if ((sys instanceof IRegistrationAuthority) && - subsystem.equals("ra")) + subsystem.equals("ra")) return true; else if ((sys instanceof ICertificateAuthority) && - subsystem.equals("ca")) + subsystem.equals("ca")) return true; else if ((sys instanceof IOCSPAuthority) && - subsystem.equals("ocsp")) + subsystem.equals("ocsp")) return true; } @@ -380,7 +378,7 @@ public final class CMSAdminServlet extends AdminServlet { } private void readEncryption(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { Enumeration<ISubsystem> e = CMS.getSubsystems(); @@ -394,7 +392,7 @@ public final class CMSAdminServlet extends AdminServlet { String type = ""; ISubsystem sys = (ISubsystem) e.nextElement(); - //get subsystem type + // get subsystem type if (sys instanceof IKeyRecoveryAuthority) isKRAInstalled = true; else if (sys instanceof IRegistrationAuthority) @@ -405,17 +403,17 @@ public final class CMSAdminServlet extends AdminServlet { isOCSPInstalled = true; else if (sys instanceof ITKSAuthority) isTKSInstalled = true; - - } + + } ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String caTokenName = ""; NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_CIPHER_VERSION, - jssSubSystem.getCipherVersion()); + jssSubSystem.getCipherVersion()); params.add(Constants.PR_CIPHER_FORTEZZA, jssSubSystem.isCipherFortezza()); params.add(Constants.PR_CIPHER_PREF, jssSubSystem.getCipherPreferences()); @@ -427,7 +425,7 @@ public final class CMSAdminServlet extends AdminServlet { while (tokenizer.hasMoreElements()) { String tokenName = (String) tokenizer.nextElement(); String certs = jssSubSystem.getCertListWithoutTokenName(tokenName); - + if (certs.equals("")) continue; if (tokenNewList.equals("")) @@ -451,13 +449,13 @@ public final class CMSAdminServlet extends AdminServlet { String caNickName = signingUnit.getNickname(); - //params.add(Constants.PR_CERT_CA, caTokenName+","+caNickName); + // params.add(Constants.PR_CERT_CA, caTokenName+","+caNickName); params.add(Constants.PR_CERT_CA, getCertNickname(caNickName)); } if (isRAInstalled) { IRegistrationAuthority ra = (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + CMS.getSubsystem(CMS.SUBSYSTEM_RA); String raNickname = ra.getNickname(); params.add(Constants.PR_CERT_RA, getCertNickname(raNickname)); @@ -465,17 +463,17 @@ public final class CMSAdminServlet extends AdminServlet { if (isKRAInstalled) { IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_KRA); + CMS.getSubsystem(CMS.SUBSYSTEM_KRA); String kraNickname = kra.getNickname(); params.add(Constants.PR_CERT_TRANS, getCertNickname(kraNickname)); } if (isTKSInstalled) { ITKSAuthority tks = (ITKSAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_TKS); + CMS.getSubsystem(CMS.SUBSYSTEM_TKS); } String nickName = CMS.getServerCertNickname(); - + params.add(Constants.PR_CERT_SERVER, getCertNickname(nickName)); sendResponse(SUCCESS, null, params, resp); @@ -517,17 +515,18 @@ public final class CMSAdminServlet extends AdminServlet { /** * Modify encryption configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION used when * configuring encryption (cert settings and SSL cipher preferences) * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to modify encryption configuration */ private void modifyEncryption(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -537,10 +536,10 @@ public final class CMSAdminServlet extends AdminServlet { // to the signed audit log and stored as failures try { @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); NameValuePairs params = new NameValuePairs(); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.getInternalTokenName(); Enumeration<ISubsystem> e = CMS.getSubsystems(); @@ -554,7 +553,7 @@ public final class CMSAdminServlet extends AdminServlet { String type = ""; ISubsystem sys = (ISubsystem) e.nextElement(); - //get subsystem type + // get subsystem type if (sys instanceof IKeyRecoveryAuthority) isKRAInstalled = true; else if (sys instanceof IRegistrationAuthority) @@ -563,14 +562,14 @@ public final class CMSAdminServlet extends AdminServlet { isCAInstalled = true; else if (sys instanceof IOCSPAuthority) isOCSPInstalled = true; - else if (sys instanceof ITKSAuthority) + else if (sys instanceof ITKSAuthority) isTKSInstalled = true; } - ICertificateAuthority ca = null; + ICertificateAuthority ca = null; IRegistrationAuthority ra = null; IKeyRecoveryAuthority kra = null; - ITKSAuthority tks = null; + ITKSAuthority tks = null; if (isCAInstalled) ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); @@ -693,19 +692,19 @@ public final class CMSAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } private String getCertConfigNickname(String val) throws EBaseException { @@ -727,9 +726,9 @@ public final class CMSAdminServlet extends AdminServlet { CMS.setServerCertNickname(nickName); /* - RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - HTTPService httpsService = raAdmin.getHttpsService(); - httpsService.setNickName(nickName); + * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); + * HTTPService httpsService = raAdmin.getHttpsService(); + * httpsService.setNickName(nickName); */ } @@ -737,9 +736,9 @@ public final class CMSAdminServlet extends AdminServlet { CMS.setServerCertNickname(nickName); /* - AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); - HTTPService httpsService = gateway.getHttpsService(); - httpsService.setNickName(nickName); + * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); + * HTTPService httpsService = gateway.getHttpsService(); + * httpsService.setNickName(nickName); */ } @@ -747,9 +746,9 @@ public final class CMSAdminServlet extends AdminServlet { CMS.setServerCertNickname(nickName); /* - HTTPSubsystem eeGateway = ra.getHTTPSubsystem(); - HTTPService httpsService = eeGateway.getHttpsService(); - httpsService.setNickName(nickName); + * HTTPSubsystem eeGateway = ra.getHTTPSubsystem(); HTTPService + * httpsService = eeGateway.getHttpsService(); + * httpsService.setNickName(nickName); */ } @@ -757,9 +756,9 @@ public final class CMSAdminServlet extends AdminServlet { CMS.setServerCertNickname(nickName); /* - HTTPSubsystem caGateway = ca.getHTTPSubsystem(); - HTTPService httpsService = caGateway.getHttpsService(); - httpsService.setNickName(nickName); + * HTTPSubsystem caGateway = ca.getHTTPSubsystem(); HTTPService + * httpsService = caGateway.getHttpsService(); + * httpsService.setNickName(nickName); */ } @@ -767,21 +766,21 @@ public final class CMSAdminServlet extends AdminServlet { * Performs Server Tasks: RESTART/STOP operation */ private void performTasks(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String restart = req.getParameter(Constants.PR_SERVER_RESTART); String stop = req.getParameter(Constants.PR_SERVER_STOP); NameValuePairs params = new NameValuePairs(); if (restart != null) { - //XXX Uncommented afetr watchdog is implemented + // XXX Uncommented afetr watchdog is implemented sendResponse(SUCCESS, null, params, resp); - //mServer.restart(); + // mServer.restart(); return; } if (stop != null) { - //XXX Send response first then shutdown + // XXX Send response first then shutdown sendResponse(SUCCESS, null, params, resp); CMS.shutdown(); return; @@ -795,7 +794,7 @@ public final class CMSAdminServlet extends AdminServlet { * Reads subsystems that server has loaded with. */ private void readSubsystem(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration<ISubsystem> e = CMS.getSubsystems(); @@ -805,7 +804,7 @@ public final class CMSAdminServlet extends AdminServlet { String type = ""; ISubsystem sys = (ISubsystem) e.nextElement(); - //get subsystem type + // get subsystem type if (sys instanceof IKeyRecoveryAuthority) type = Constants.PR_KRA_INSTANCE; if (sys instanceof IRegistrationAuthority) @@ -814,7 +813,7 @@ public final class CMSAdminServlet extends AdminServlet { type = Constants.PR_CA_INSTANCE; if (sys instanceof IOCSPAuthority) type = Constants.PR_OCSP_INSTANCE; - if (sys instanceof ITKSAuthority) + if (sys instanceof ITKSAuthority) type = Constants.PR_TKS_INSTANCE; if (!type.trim().equals("")) params.add(sys.getId(), type); @@ -827,7 +826,7 @@ public final class CMSAdminServlet extends AdminServlet { * Reads server statistics. */ private void readStat(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore cs = CMS.getConfigStore(); @@ -850,9 +849,9 @@ public final class CMSAdminServlet extends AdminServlet { } params.add(Constants.PR_STAT_STARTUP, - (new Date(CMS.getStartupTime())).toString()); + (new Date(CMS.getStartupTime())).toString()); params.add(Constants.PR_STAT_TIME, - (new Date(System.currentTimeMillis())).toString()); + (new Date(System.currentTimeMillis())).toString()); sendResponse(SUCCESS, null, params, resp); } @@ -860,12 +859,12 @@ public final class CMSAdminServlet extends AdminServlet { * Modifies database information. */ private void setDBConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore dbConfig = mConfig.getSubStore(PROP_INTERNAL_DB); @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); while (enum1.hasMoreElements()) { String key = (String) enum1.nextElement(); @@ -876,117 +875,112 @@ public final class CMSAdminServlet extends AdminServlet { continue; if (key.equals(Constants.OP_SCOPE)) continue; - - dbConfig.putString(key, req.getParameter(key)); + + dbConfig.putString(key, req.getParameter(key)); } sendResponse(RESTART, null, null, resp); mConfig.commit(true); } - /** + + /** * Create Master Key */ -private void createMasterKey(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private void createMasterKey(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @SuppressWarnings("unchecked") - Enumeration<String> e = req.getParameterNames(); - String newKeyName = null, selectedToken = null; + Enumeration<String> e = req.getParameterNames(); + String newKeyName = null, selectedToken = null; while (e.hasMoreElements()) { String name = (String) e.nextElement(); - if (name.equals(Constants.PR_KEY_LIST)) - { - newKeyName = req.getParameter(name); - } - if (name.equals(Constants.PR_TOKEN_LIST)) - { - selectedToken = req.getParameter(name); - } - + if (name.equals(Constants.PR_KEY_LIST)) { + newKeyName = req.getParameter(name); + } + if (name.equals(Constants.PR_TOKEN_LIST)) { + selectedToken = req.getParameter(name); + } } - if(selectedToken!=null && newKeyName!=null) - { - String symKeys = SessionKey.GenMasterKey(selectedToken,newKeyName); - CMS.getConfigStore().putString("tks.defaultSlot", selectedToken); - String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null); - - SessionKey.SetDefaultPrefix(masterKeyPrefix); - params.add(Constants.PR_KEY_LIST, newKeyName); - params.add(Constants.PR_TOKEN_LIST, selectedToken); - } - sendResponse(SUCCESS, null, params, resp); -} + if (selectedToken != null && newKeyName != null) { + String symKeys = SessionKey.GenMasterKey(selectedToken, newKeyName); + CMS.getConfigStore().putString("tks.defaultSlot", selectedToken); + String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null); + + SessionKey.SetDefaultPrefix(masterKeyPrefix); + params.add(Constants.PR_KEY_LIST, newKeyName); + params.add(Constants.PR_TOKEN_LIST, selectedToken); + } + sendResponse(SUCCESS, null, params, resp); + } - /** + /** * Reads secmod.db */ private void getTKSKeys(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @SuppressWarnings("unchecked") - Enumeration<String> e = req.getParameterNames(); + Enumeration<String> e = req.getParameterNames(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - if (name.equals(Constants.PR_TOKEN_LIST)) - { - String selectedToken = req.getParameter(name); - - int count = 0; - int keys_found = 0; - - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); - - CryptoToken token = null; - CryptoManager mCryptoManager = null; - try { - mCryptoManager = CryptoManager.getInstance(); - } catch (Exception e2) { - } - - if(!jssSubSystem.isTokenLoggedIn(selectedToken)) - { - PasswordCallback cpcb = new ConsolePasswordCallback(); - while (true) { + if (name.equals(Constants.PR_TOKEN_LIST)) { + String selectedToken = req.getParameter(name); + + int count = 0; + int keys_found = 0; + + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + + CryptoToken token = null; + CryptoManager mCryptoManager = null; + try { + mCryptoManager = CryptoManager.getInstance(); + } catch (Exception e2) { + } + + if (!jssSubSystem.isTokenLoggedIn(selectedToken)) { + PasswordCallback cpcb = new ConsolePasswordCallback(); + while (true) { try { - token = mCryptoManager.getTokenByName(selectedToken); - token.login(cpcb); + token = mCryptoManager.getTokenByName(selectedToken); + token.login(cpcb); break; } catch (Exception e3) { - //log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_INCORRECT_PWD")); + // log(ILogger.LL_FAILURE, + // CMS.getLogMessage("CMSCORE_SECURITY_INCORRECT_PWD")); continue; } - } - } - // String symKeys = new String("key1,key2"); - String symKeys = SessionKey.ListSymmetricKeys(selectedToken); - params.add(Constants.PR_TOKEN_LIST, symKeys); + } + } + // String symKeys = new String("key1,key2"); + String symKeys = SessionKey.ListSymmetricKeys(selectedToken); + params.add(Constants.PR_TOKEN_LIST, symKeys); - } + } } sendResponse(SUCCESS, null, params, resp); } - - + /** * Reads database information. */ private void getDBConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore dbConfig = mConfig.getSubStore(PROP_DB); IConfigStore ldapConfig = dbConfig.getSubStore("ldap"); NameValuePairs params = new NameValuePairs(); @SuppressWarnings("unchecked") - Enumeration<String> e = req.getParameterNames(); - + Enumeration<String> e = req.getParameterNames(); + while (e.hasMoreElements()) { String name = (String) e.nextElement(); @@ -998,7 +992,7 @@ private void createMasterKey(HttpServletRequest req, continue; if (name.equals(Constants.PR_SECURE_PORT_ENABLED)) params.add(name, ldapConfig.getString(name, "Constants.FALSE")); - else + else params.add(name, ldapConfig.getString(name, "")); } sendResponse(SUCCESS, null, params, resp); @@ -1008,7 +1002,7 @@ private void createMasterKey(HttpServletRequest req, * Modifies SMTP configuration. */ private void modifySMTPConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { // XXX IConfigStore sConfig = mConfig.getSubStore(PROP_SMTP); @@ -1022,7 +1016,7 @@ private void createMasterKey(HttpServletRequest req, if (port != null) sConfig.putString("port", port); - + commit(true); sendResponse(SUCCESS, null, null, resp); @@ -1032,23 +1026,23 @@ private void createMasterKey(HttpServletRequest req, * Reads SMTP configuration. */ private void readSMTPConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore dbConfig = mConfig.getSubStore(PROP_SMTP); NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_SERVER_NAME, - dbConfig.getString("host")); + dbConfig.getString("host")); params.add(Constants.PR_PORT, - dbConfig.getString("port")); + dbConfig.getString("port")); sendResponse(SUCCESS, null, params, resp); } private void loggedInToken(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); String tokenName = ""; String pwd = ""; @@ -1064,7 +1058,7 @@ private void createMasterKey(HttpServletRequest req, } ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.loggedInToken(tokenName, pwd); @@ -1074,10 +1068,10 @@ private void createMasterKey(HttpServletRequest req, } private void checkTokenStatus(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); String key = ""; String value = ""; @@ -1090,7 +1084,7 @@ private void createMasterKey(HttpServletRequest req, } ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); boolean status = jssSubSystem.isTokenLoggedIn(value); NameValuePairs params = new NameValuePairs(); @@ -1103,17 +1097,18 @@ private void createMasterKey(HttpServletRequest req, /** * Retrieve a certificate request * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC used when * asymmetric keys are generated * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to retrieve certificate request */ private void getCertRequest(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1124,7 +1119,7 @@ private void createMasterKey(HttpServletRequest req, try { NameValuePairs params = new NameValuePairs(); @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); String tokenName = Constants.PR_INTERNAL_TOKEN_NAME; String keyType = ""; int keyLength = 512; @@ -1164,10 +1159,10 @@ private void createMasterKey(HttpServletRequest req, } pathname = mConfig.getString("instanceRoot", "") - + File.separator + "conf" + File.separator; + + File.separator + "conf" + File.separator; dir = pathname; ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); KeyPair keypair = null; PQGParams pqgParams = null; @@ -1208,9 +1203,9 @@ private void createMasterKey(HttpServletRequest req, if (keyType.equals("ECC")) { // get ECC keypair keypair = jssSubSystem.getECCKeyPair(tokenName, keyCurveName, certType); - } else { //DSA or RSA + } else { // DSA or RSA if (keyType.equals("DSA")) - pqgParams = jssSubSystem.getPQG(keyLength); + pqgParams = jssSubSystem.getPQG(keyLength); keypair = jssSubSystem.getKeyPair(tokenName, keyType, keyLength, pqgParams); } } @@ -1289,25 +1284,25 @@ private void createMasterKey(HttpServletRequest req, // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, - // auditSubjectID, - // ILogger.FAILURE, - // auditPublicKey ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } - } - - private void setCANewnickname(String tokenName, String nickname) - throws EBaseException { + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, + // auditSubjectID, + // ILogger.FAILURE, + // auditPublicKey ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } + } + + private void setCANewnickname(String tokenName, String nickname) + throws EBaseException { ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) @@ -1322,16 +1317,16 @@ private void createMasterKey(HttpServletRequest req, private String getCANewnickname() throws EBaseException { ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); - return signingUnit.getNewNickName(); + return signingUnit.getNewNickName(); } private void setRANewnickname(String tokenName, String nickname) - throws EBaseException { + throws EBaseException { IRegistrationAuthority ra = (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + CMS.getSubsystem(CMS.SUBSYSTEM_RA); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) ra.setNewNickName(nickname); @@ -1345,13 +1340,13 @@ private void createMasterKey(HttpServletRequest req, private String getRANewnickname() throws EBaseException { IRegistrationAuthority ra = (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + CMS.getSubsystem(CMS.SUBSYSTEM_RA); return ra.getNewNickName(); } private void setOCSPNewnickname(String tokenName, String nickname) - throws EBaseException { + throws EBaseException { IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp != null) { @@ -1367,7 +1362,7 @@ private void createMasterKey(HttpServletRequest req, } } else { ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) @@ -1387,20 +1382,20 @@ private void createMasterKey(HttpServletRequest req, if (ocsp != null) { ISigningUnit signingUnit = ocsp.getSigningUnit(); - return signingUnit.getNewNickName(); + return signingUnit.getNewNickName(); } else { ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); - return signingUnit.getNewNickName(); + return signingUnit.getNewNickName(); } } - private void setKRANewnickname(String tokenName, String nickname) - throws EBaseException { + private void setKRANewnickname(String tokenName, String nickname) + throws EBaseException { IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_KRA); + CMS.getSubsystem(CMS.SUBSYSTEM_KRA); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) kra.setNewNickName(nickname); @@ -1418,81 +1413,76 @@ private void createMasterKey(HttpServletRequest req, return kra.getNewNickName(); } - private void setRADMNewnickname(String tokenName, String nickName) - throws EBaseException { + private void setRADMNewnickname(String tokenName, String nickName) + throws EBaseException { CMS.setServerCertNickname(tokenName, nickName); /* - RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - HTTPService httpsService = raAdmin.getHttpsService(); - if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) - httpsService.setNewNickName(nickName); - else { - if (tokenName.equals("") && nickName.equals("")) - httpsService.setNewNickName(""); - else - httpsService.setNewNickName(tokenName+":"+nickName); - } + * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); + * HTTPService httpsService = raAdmin.getHttpsService(); if + * (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) + * httpsService.setNewNickName(nickName); else { if + * (tokenName.equals("") && nickName.equals("")) + * httpsService.setNewNickName(""); else + * httpsService.setNewNickName(tokenName+":"+nickName); } */ } - private String getRADMNewnickname() - throws EBaseException { + private String getRADMNewnickname() + throws EBaseException { // assuming the nickname does not change. return CMS.getServerCertNickname(); /* - RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - HTTPService httpsService = raAdmin.getHttpsService(); - return httpsService.getNewNickName(); + * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); + * HTTPService httpsService = raAdmin.getHttpsService(); return + * httpsService.getNewNickName(); */ } private void setAgentNewnickname(String tokenName, String nickName) - throws EBaseException { + throws EBaseException { CMS.setServerCertNickname(tokenName, nickName); /* - AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); - HTTPService httpsService = gateway.getHttpsService(); - if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) - httpsService.setNewNickName(nickName); - else { - if (tokenName.equals("") && nickName.equals("")) - httpsService.setNewNickName(""); - else - httpsService.setNewNickName(tokenName+":"+nickName); - } + * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); + * HTTPService httpsService = gateway.getHttpsService(); if + * (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) + * httpsService.setNewNickName(nickName); else { if + * (tokenName.equals("") && nickName.equals("")) + * httpsService.setNewNickName(""); else + * httpsService.setNewNickName(tokenName+":"+nickName); } */ } - private String getAgentNewnickname() - throws EBaseException { + private String getAgentNewnickname() + throws EBaseException { // assuming the nickname does not change. return CMS.getServerCertNickname(); /* - AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); - HTTPService httpsService = gateway.getHttpsService(); - return httpsService.getNewNickName(); + * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); + * HTTPService httpsService = gateway.getHttpsService(); return + * httpsService.getNewNickName(); */ } /** * Issue import certificate * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when - * "Certificate Setup Wizard" is used to import CA certs into the + * "Certificate Setup Wizard" is used to import CA certs into the * certificate database * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to issue an import certificate */ private void issueImportCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1501,7 +1491,7 @@ private void createMasterKey(HttpServletRequest req, // to the signed audit log and stored as failures try { @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); String pkcs = ""; String type = ""; String tokenName = Constants.PR_INTERNAL_TOKEN_NAME; @@ -1518,7 +1508,7 @@ private void createMasterKey(HttpServletRequest req, String key = (String) enum1.nextElement(); String value = req.getParameter(key); - if (key.equals("pathname")) { + if (key.equals("pathname")) { configPath = mConfig.getString("instanceRoot", "") + File.separator + "conf" + File.separator; pathname = configPath + value; @@ -1532,16 +1522,16 @@ private void createMasterKey(HttpServletRequest req, String certType = (String) properties.get(Constants.RS_ID); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); IDBSubsystem dbs = (IDBSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_DBS); + CMS.getSubsystem(CMS.SUBSYSTEM_DBS); ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ICertificateRepository repository = - (ICertificateRepository) ca.getCertificateRepository(); + (ICertificateRepository) ca.getCertificateRepository(); ISigningUnit signingUnit = ca.getSigningUnit(); String oldtokenname = null; - //this is the old nick name + // this is the old nick name String nickname = getNickname(certType); String nicknameWithoutTokenName = ""; String oldcatokenname = signingUnit.getTokenName(); @@ -1566,8 +1556,7 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); - throw new - EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + throw new EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } if (newtokenname == null) @@ -1587,13 +1576,12 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); - throw new - EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + throw new EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } - //xxx renew ca ,use old issuer? + // xxx renew ca ,use old issuer? properties.setIssuerName( - jssSubSystem.getCertSubjectName(oldcatokenname, + jssSubSystem.getCertSubjectName(oldcatokenname, canicknameWithoutTokenName)); KeyPair pair = null; @@ -1608,11 +1596,10 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); - throw new - EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + throw new EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } - //xxx set to old nickname? + // xxx set to old nickname? properties.setCertNickname(nickname); if (!certType.equals(Constants.PR_CA_SIGNING_CERT)) { CertificateExtensions exts = jssSubSystem.getExtensions( @@ -1633,14 +1620,14 @@ private void createMasterKey(HttpServletRequest req, defaultOCSPSigningAlg = properties.getHashType(); } } - + // create a new CA certificate or ssl server cert - if (properties.getKeyCurveName() != null) { //new ECC + if (properties.getKeyCurveName() != null) { // new ECC CMS.debug("CMSAdminServlet: issueImportCert: generating ECC keys"); pair = jssSubSystem.getECCKeyPair(properties); - if (certType.equals(Constants.PR_CA_SIGNING_CERT)) + if (certType.equals(Constants.PR_CA_SIGNING_CERT)) caKeyPair = pair; - } else if (properties.getKeyLength() != null) { //new RSA or DSA + } else if (properties.getKeyLength() != null) { // new RSA or DSA keyType = properties.getKeyType(); String keyLen = properties.getKeyLength(); PQGParams pqgParams = null; @@ -1648,10 +1635,10 @@ private void createMasterKey(HttpServletRequest req, if (keyType.equals("DSA")) { pqgParams = jssSubSystem.getCAPQG(Integer.parseInt(keyLen), mConfig); - //properties.put(Constants.PR_PQGPARAMS, pqgParams); + // properties.put(Constants.PR_PQGPARAMS, pqgParams); } pair = jssSubSystem.getKeyPair(properties); - if (certType.equals(Constants.PR_CA_SIGNING_CERT)) + if (certType.equals(Constants.PR_CA_SIGNING_CERT)) caKeyPair = pair; // renew the CA certificate or ssl server cert } else { @@ -1664,11 +1651,12 @@ private void createMasterKey(HttpServletRequest req, } /* - String alg = jssSubSystem.getSignatureAlgorithm(nickname); - SignatureAlgorithm sigAlg = SigningUnit.mapAlgorithmToJss(alg); - properties.setSignatureAlgorithm(sigAlg); - properties.setAlgorithmId( - jssSubSystem.getAlgorithmId(alg, mConfig)); + * String alg = jssSubSystem.getSignatureAlgorithm(nickname); + * SignatureAlgorithm sigAlg = + * SigningUnit.mapAlgorithmToJss(alg); + * properties.setSignatureAlgorithm(sigAlg); + * properties.setAlgorithmId( jssSubSystem.getAlgorithmId(alg, + * mConfig)); */ } @@ -1684,7 +1672,7 @@ private void createMasterKey(HttpServletRequest req, properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg, mConfig)); } - if (pair == null) + if (pair == null) CMS.debug("CMSAdminServlet: issueImportCert: key pair is null"); BigInteger nextSerialNo = repository.getNextSerialNumber(); @@ -1692,36 +1680,34 @@ private void createMasterKey(HttpServletRequest req, properties.setSerialNumber(nextSerialNo); properties.setKeyPair(pair); properties.setConfigFile(mConfig); - // properties.put(Constants.PR_CA_KEYPAIR, pair); + // properties.put(Constants.PR_CA_KEYPAIR, pair); properties.put(Constants.PR_CA_KEYPAIR, caKeyPair); - X509CertImpl signedCert = - jssSubSystem.getSignedCert(properties, certType, + X509CertImpl signedCert = + jssSubSystem.getSignedCert(properties, certType, caKeyPair.getPrivate()); - if (signedCert == null) - CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null"); + if (signedCert == null) + CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null"); - /* bug 600124 - try { - jssSubSystem.deleteTokenCertificate(nickname, pathname); - } catch (Throwable e) { - //skip it - } + /* + * bug 600124 try { jssSubSystem.deleteTokenCertificate(nickname, + * pathname); } catch (Throwable e) { //skip it } */ boolean nicknameChanged = false; - //xxx import cert with nickname without token name? - //jss adds the token prefix!!! - //log(ILogger.LL_DEBUG,"import as alias"+ nicknameWithoutTokenName); + // xxx import cert with nickname without token name? + // jss adds the token prefix!!! + // log(ILogger.LL_DEBUG,"import as alias"+ + // nicknameWithoutTokenName); try { CMS.debug("CMSAdminServlet: issueImportCert: Importing cert: " + nicknameWithoutTokenName); jssSubSystem.importCert(signedCert, nicknameWithoutTokenName, certType); } catch (EBaseException e) { // if it fails, let use a different nickname to try - Date now = new Date(); + Date now = new Date(); String newNickname = nicknameWithoutTokenName + "-" + now.getTime(); @@ -1746,20 +1732,20 @@ private void createMasterKey(HttpServletRequest req, if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { try { X509CertInfo certInfo = (X509CertInfo) signedCert.get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + X509CertImpl.NAME + "." + X509CertImpl.INFO); CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); if (extensions != null) { BasicConstraintsExtension basic = - (BasicConstraintsExtension) - extensions.get(BasicConstraintsExtension.class.getSimpleName()); + (BasicConstraintsExtension) + extensions.get(BasicConstraintsExtension.class.getSimpleName()); if (basic == null) log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL")); else { Integer pathlen = (Integer) - basic.get(BasicConstraintsExtension.PATH_LEN); + basic.get(BasicConstraintsExtension.PATH_LEN); int num = pathlen.intValue(); if (num == 0) @@ -1776,7 +1762,7 @@ private void createMasterKey(HttpServletRequest req, } } - CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname + CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname + " newtoken:" + newtokenname + " nickname:" + nickname); if ((newtokenname != null && !newtokenname.equals(oldtokenname)) || nicknameChanged) { @@ -1786,10 +1772,10 @@ private void createMasterKey(HttpServletRequest req, newtokenname); } else { signingUnit.updateConfig(newtokenname + ":" + - nicknameWithoutTokenName, + nicknameWithoutTokenName, newtokenname); } - } else if (certType.equals(Constants.PR_SERVER_CERT)) { + } else if (certType.equals(Constants.PR_SERVER_CERT)) { if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { nickname = nicknameWithoutTokenName; } else { @@ -1797,13 +1783,13 @@ private void createMasterKey(HttpServletRequest req, + nicknameWithoutTokenName; } - //setRADMNewnickname("",""); - //modifyRADMCert(nickname); + // setRADMNewnickname("",""); + // modifyRADMCert(nickname); modifyAgentGatewayCert(nickname); if (isSubsystemInstalled("ra")) { IRegistrationAuthority ra = - (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + (IRegistrationAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_RA); modifyEEGatewayCert(ra, nickname); } @@ -1820,23 +1806,23 @@ private void createMasterKey(HttpServletRequest req, modifyRADMCert(nickname); } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { - if (ca != null) { + if (ca != null) { ISigningUnit ocspSigningUnit = ca.getOCSPSigningUnit(); if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { ocspSigningUnit.updateConfig( - nicknameWithoutTokenName, newtokenname); + nicknameWithoutTokenName, newtokenname); } else { ocspSigningUnit.updateConfig(newtokenname + ":" + - nicknameWithoutTokenName, - newtokenname); + nicknameWithoutTokenName, + newtokenname); } } } } - + // set signing algorithms if needed - if (certType.equals(Constants.PR_CA_SIGNING_CERT)) + if (certType.equals(Constants.PR_CA_SIGNING_CERT)) signingUnit.setDefaultAlgorithm(defaultSigningAlg); if (defaultOCSPSigningAlg != null) { @@ -1884,46 +1870,47 @@ private void createMasterKey(HttpServletRequest req, // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } - } - - private void updateCASignature(String nickname, KeyCertData properties, - ICryptoSubsystem jssSubSystem) throws EBaseException { + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } + } + + private void updateCASignature(String nickname, KeyCertData properties, + ICryptoSubsystem jssSubSystem) throws EBaseException { String alg = jssSubSystem.getSignatureAlgorithm(nickname); SignatureAlgorithm sigAlg = Cert.mapAlgorithmToJss(alg); properties.setSignatureAlgorithm(sigAlg); properties.setAlgorithmId( - jssSubSystem.getAlgorithmId(alg, mConfig)); + jssSubSystem.getAlgorithmId(alg, mConfig)); } /** * Install certificates * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when - * "Certificate Setup Wizard" is used to import CA certs into the + * "Certificate Setup Wizard" is used to import CA certs into the * certificate database * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to install a certificate */ private void installCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1940,37 +1927,37 @@ private void createMasterKey(HttpServletRequest req, String serverID = ""; String certpath = ""; @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); while (enum1.hasMoreElements()) { String key = (String) enum1.nextElement(); String value = req.getParameter(key); - if (key.equals(Constants.PR_PKCS10)) + if (key.equals(Constants.PR_PKCS10)) pkcs = value; else if (key.equals(Constants.RS_ID)) certType = value; else if (key.equals(Constants.PR_NICKNAME)) nickname = value; - else if (key.equals("pathname")) + else if (key.equals("pathname")) pathname = value; else if (key.equals(Constants.PR_SERVER_ROOT)) serverRoot = value; - else if (key.equals(Constants.PR_SERVER_ID)) + else if (key.equals(Constants.PR_SERVER_ID)) serverID = value; - else if (key.equals(Constants.PR_CERT_FILEPATH)) + else if (key.equals(Constants.PR_CERT_FILEPATH)) certpath = value; } - + try { if (pkcs == null || pkcs.equals("")) { if (certpath == null || certpath.equals("")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1981,7 +1968,7 @@ private void createMasterKey(HttpServletRequest req, } else { FileInputStream in = new FileInputStream(certpath); BufferedReader d = - new BufferedReader(new InputStreamReader(in)); + new BufferedReader(new InputStreamReader(in)); String content = ""; pkcs = ""; @@ -2009,7 +1996,7 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); throw new EBaseException( - CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); + CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); } pkcs = pkcs.trim(); @@ -2017,8 +2004,8 @@ private void createMasterKey(HttpServletRequest req, + File.separator + "config" + File.separator + pathname; ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); - //String nickname = getNickname(certType); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + // String nickname = getNickname(certType); String nicknameWithoutTokenName = ""; int index = nickname.indexOf(":"); @@ -2039,72 +2026,62 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); throw new EBaseException( - CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } /* - if (certType.equals(Constants.PR_CA_SIGNING_CERT) || - certType.equals(Constants.PR_RA_SIGNING_CERT) || - certType.equals(Constants.PR_OCSP_SIGNING_CERT) || - certType.equals(Constants.PR_KRA_TRANSPORT_CERT) || - certType.equals(Constants.PR_SERVER_CERT) || - certType.equals(Constants.PR_SERVER_CERT_RADM)) { - String oldnickname = getNickname(certType); - try { - jssSubsystem.deleteTokenCertificate(oldnickname, - pathname); - //jssSubsystem.deleteTokenCertificate(nickname, - pathname); - } catch (EBaseException e) { - // skip it - } - } else { - try { - jssSubsystem.deleteTokenCertificate(nickname, pathname); - } catch (EBaseException e) { - // skip it - } - } - */ + * if (certType.equals(Constants.PR_CA_SIGNING_CERT) || + * certType.equals(Constants.PR_RA_SIGNING_CERT) || + * certType.equals(Constants.PR_OCSP_SIGNING_CERT) || + * certType.equals(Constants.PR_KRA_TRANSPORT_CERT) || + * certType.equals(Constants.PR_SERVER_CERT) || + * certType.equals(Constants.PR_SERVER_CERT_RADM)) { String + * oldnickname = getNickname(certType); try { + * jssSubsystem.deleteTokenCertificate(oldnickname, pathname); + * //jssSubsystem.deleteTokenCertificate(nickname, pathname); } + * catch (EBaseException e) { // skip it } } else { try { + * jssSubsystem.deleteTokenCertificate(nickname, pathname); } catch + * (EBaseException e) { // skip it } } + */ // 600124 - renewal of SSL crash the server // we now do not delete previously installed certificates. - // Same Subject | Same Nickname | Same Key | Legal - // ----------------------------------------------------------- - // 1. Yes Yes No Yes - // 2. Yes Yes Yes Yes - // 3. No No Yes Yes - // 4. No No No Yes - // 5. No Yes Yes No - // 6. No Yes No No - // 7. Yes No Yes No - // 8. Yes No No No + // Same Subject | Same Nickname | Same Key | Legal + // ----------------------------------------------------------- + // 1. Yes Yes No Yes + // 2. Yes Yes Yes Yes + // 3. No No Yes Yes + // 4. No No No Yes + // 5. No Yes Yes No + // 6. No Yes No No + // 7. Yes No Yes No + // 8. Yes No No No // Based on above table, the following cases are permitted: // Existing Key: - // (a) Same Subject & Same Nickname --- (2) - // (b) Different Subject & Different Nickname --- (3) - // (In order to support Case b., we need to use a different - // nickname). + // (a) Same Subject & Same Nickname --- (2) + // (b) Different Subject & Different Nickname --- (3) + // (In order to support Case b., we need to use a different + // nickname). // New Key: - // (c) Same Subject & Same Nickname --- (1) - // (d) Different Subject & Different Nickname --- (4) - // (In order to support Case b., we need to use a different - // nickname). + // (c) Same Subject & Same Nickname --- (1) + // (d) Different Subject & Different Nickname --- (4) + // (In order to support Case b., we need to use a different + // nickname). // - CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: "+ nicknameWithoutTokenName); + CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: " + nicknameWithoutTokenName); try { - jssSubSystem.importCert(pkcs, nicknameWithoutTokenName, - certType); + jssSubSystem.importCert(pkcs, nicknameWithoutTokenName, + certType); } catch (EBaseException e) { boolean certFound = false; String eString = e.toString(); - if(eString.contains("Failed to find certificate that was just imported")) { - CMS.debug("CMSAdminServlet.installCert(): nickname="+nicknameWithoutTokenName + " TokenException: " + eString); + if (eString.contains("Failed to find certificate that was just imported")) { + CMS.debug("CMSAdminServlet.installCert(): nickname=" + nicknameWithoutTokenName + " TokenException: " + eString); X509Certificate cert = null; try { @@ -2116,11 +2093,11 @@ private void createMasterKey(HttpServletRequest req, } catch (Exception ex) { CMS.debug("CMSAdminServlet.installCert() Can't find cert just imported: " + ex.toString()); } - } + } if (!certFound) { // if it fails, let use a different nickname to try - Date now = new Date(); + Date now = new Date(); String newNickname = nicknameWithoutTokenName + "-" + now.getTime(); @@ -2131,16 +2108,16 @@ private void createMasterKey(HttpServletRequest req, } else { nickname = tokenName + ":" + newNickname; } - CMS.debug("CMSAdminServlet: installCert(): After second install attempt following initial error: nickname="+nickname); - } + CMS.debug("CMSAdminServlet: installCert(): After second install attempt following initial error: nickname=" + nickname); + } } if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { ICertificateAuthority ca = - (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); + (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); String signatureAlg = - jssSubSystem.getSignatureAlgorithm(nickname); + jssSubSystem.getSignatureAlgorithm(nickname); signingUnit.setDefaultAlgorithm(signatureAlg); setCANewnickname("", ""); @@ -2149,26 +2126,26 @@ private void createMasterKey(HttpServletRequest req, if (nickname.equals(nicknameWithoutTokenName)) { signingUnit.updateConfig(nickname, - Constants.PR_INTERNAL_TOKEN_NAME); + Constants.PR_INTERNAL_TOKEN_NAME); extensions = jssSubSystem.getExtensions( - Constants.PR_INTERNAL_TOKEN_NAME, nickname); + Constants.PR_INTERNAL_TOKEN_NAME, nickname); } else { String tokenname1 = nickname.substring(0, index); signingUnit.updateConfig(nickname, tokenname1); extensions = jssSubSystem.getExtensions(tokenname1, - nicknameWithoutTokenName); + nicknameWithoutTokenName); } if (extensions != null) { BasicConstraintsExtension basic = - (BasicConstraintsExtension) - extensions.get(BasicConstraintsExtension.class.getSimpleName()); + (BasicConstraintsExtension) + extensions.get(BasicConstraintsExtension.class.getSimpleName()); if (basic == null) log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL")); else { Integer pathlen = (Integer) - basic.get(BasicConstraintsExtension.PATH_LEN); + basic.get(BasicConstraintsExtension.PATH_LEN); int num = pathlen.intValue(); if (num == 0) @@ -2187,34 +2164,34 @@ private void createMasterKey(HttpServletRequest req, } else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) { setRANewnickname("", ""); IRegistrationAuthority ra = - (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); + (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); ra.setNickname(nickname); } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { setOCSPNewnickname("", ""); IOCSPAuthority ocsp = - (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); + (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp != null) { ISigningUnit signingUnit = ocsp.getSigningUnit(); if (nickname.equals(nicknameWithoutTokenName)) { signingUnit.updateConfig(nickname, - Constants.PR_INTERNAL_TOKEN_NAME); + Constants.PR_INTERNAL_TOKEN_NAME); } else { String tokenname1 = nickname.substring(0, index); signingUnit.updateConfig(nickname, tokenname1); } - } else { + } else { ICertificateAuthority ca = - (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); if (nickname.equals(nicknameWithoutTokenName)) { signingUnit.updateConfig(nickname, - Constants.PR_INTERNAL_TOKEN_NAME); + Constants.PR_INTERNAL_TOKEN_NAME); } else { String tokenname1 = nickname.substring(0, index); @@ -2224,24 +2201,24 @@ private void createMasterKey(HttpServletRequest req, } else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) { setKRANewnickname("", ""); IKeyRecoveryAuthority kra = - (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); + (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); kra.setNickname(nickname); } else if (certType.equals(Constants.PR_SERVER_CERT)) { setAgentNewnickname("", ""); - //modifyRADMCert(nickname); + // modifyRADMCert(nickname); modifyAgentGatewayCert(nickname); if (isSubsystemInstalled("ra")) { IRegistrationAuthority ra = - (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + (IRegistrationAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_RA); modifyEEGatewayCert(ra, nickname); } if (isSubsystemInstalled("ca")) { ICertificateAuthority ca = - (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); modifyCAGatewayCert(ca, nickname); } @@ -2252,7 +2229,7 @@ private void createMasterKey(HttpServletRequest req, boolean verified = CMS.verifySystemCertByNickname(nickname, null); if (verified == true) { - CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:"+ nickname); + CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:" + nickname); auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, auditSubjectID, @@ -2261,7 +2238,7 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); } else { - CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:"+ nickname); + CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:" + nickname); auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, auditSubjectID, @@ -2280,11 +2257,11 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); mConfig.commit(true); - if(verified == true) { + if (verified == true) { sendResponse(SUCCESS, null, null, resp); } else { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_CERT_VALIDATE_FAILED"), - null, resp); + null, resp); } } catch (EBaseException eAudit1) { // store a message in the signed audit log file @@ -2310,37 +2287,38 @@ private void createMasterKey(HttpServletRequest req, // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } /** - * For "importing" cross-signed cert into internal db for further - * cross pair matching and publishing + * For "importing" cross-signed cert into internal db for further cross pair + * matching and publishing * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when * "Certificate Setup Wizard" is used to import a CA cross-signed * certificate into the database * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to import a cross-certificate pair */ private void importXCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2355,7 +2333,7 @@ private void createMasterKey(HttpServletRequest req, String serverID = ""; String certpath = ""; @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); NameValuePairs results = new NameValuePairs(); while (enum1.hasMoreElements()) { @@ -2363,29 +2341,29 @@ private void createMasterKey(HttpServletRequest req, String value = req.getParameter(key); // really should be PR_CERT_CONTENT - if (key.equals(Constants.PR_PKCS10)) + if (key.equals(Constants.PR_PKCS10)) b64Cert = value; else if (key.equals(Constants.RS_ID)) certType = value; - else if (key.equals("pathname")) + else if (key.equals("pathname")) pathname = value; else if (key.equals(Constants.PR_SERVER_ROOT)) serverRoot = value; - else if (key.equals(Constants.PR_SERVER_ID)) + else if (key.equals(Constants.PR_SERVER_ID)) serverID = value; - else if (key.equals(Constants.PR_CERT_FILEPATH)) + else if (key.equals(Constants.PR_CERT_FILEPATH)) certpath = value; } - + try { if (b64Cert == null || b64Cert.equals("")) { if (certpath == null || certpath.equals("")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -2396,7 +2374,7 @@ private void createMasterKey(HttpServletRequest req, } else { FileInputStream in = new FileInputStream(certpath); BufferedReader d = - new BufferedReader(new InputStreamReader(in)); + new BufferedReader(new InputStreamReader(in)); String content = ""; b64Cert = ""; @@ -2423,7 +2401,7 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); throw new EBaseException( - CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); + CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); } CMS.debug("CMSAdminServlet: got b64Cert"); b64Cert = Cert.stripBrackets(b64Cert.trim()); @@ -2441,10 +2419,10 @@ private void createMasterKey(HttpServletRequest req, + File.separator + "config" + File.separator + pathname; ICrossCertPairSubsystem ccps = - (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair"); + (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair"); try { - //this will import into internal ldap crossCerts entry + // this will import into internal ldap crossCerts entry ccps.importCert(bCert); } catch (Exception e) { // store a message in the signed audit log file @@ -2480,8 +2458,8 @@ private void createMasterKey(HttpServletRequest req, } ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); - String content = jssSubSystem.getCertPrettyPrint(b64Cert, + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + String content = jssSubSystem.getCertPrettyPrint(b64Cert, super.getLocale(req)); results.add(Constants.PR_NICKNAME, "FBCA cross-signed cert"); @@ -2521,19 +2499,19 @@ private void createMasterKey(HttpServletRequest req, // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } private String getNickname(String certType) throws EBaseException { @@ -2541,13 +2519,13 @@ private void createMasterKey(HttpServletRequest req, if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { ICertificateAuthority ca = - (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); + (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); nickname = signingUnit.getNickname(); } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { IOCSPAuthority ocsp = - (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); + (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp == null) { // this is a local CA service @@ -2562,28 +2540,28 @@ private void createMasterKey(HttpServletRequest req, } } else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) { IRegistrationAuthority ra = - (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); + (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); nickname = ra.getNickname(); } else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) { IKeyRecoveryAuthority kra = - (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); + (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); nickname = kra.getNickname(); } else if (certType.equals(Constants.PR_SERVER_CERT)) { nickname = CMS.getServerCertNickname(); } else if (certType.equals(Constants.PR_SERVER_CERT_RADM)) { nickname = CMS.getServerCertNickname(); - } + } return nickname; } private void getCertInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); NameValuePairs results = new NameValuePairs(); String pkcs = ""; String path = ""; @@ -2616,7 +2594,7 @@ private void createMasterKey(HttpServletRequest req, } else { FileInputStream in = new FileInputStream(path); BufferedReader d = - new BufferedReader(new InputStreamReader(in)); + new BufferedReader(new InputStreamReader(in)); String content = ""; pkcs = ""; @@ -2640,7 +2618,7 @@ private void createMasterKey(HttpServletRequest req, int totalLen = pkcs.length(); if (pkcs.indexOf(BEGIN_HEADER) != 0 || - pkcs.indexOf(END_HEADER) != (totalLen - 25)) { + pkcs.indexOf(END_HEADER) != (totalLen - 25)) { throw (new EBaseException(CMS.getLogMessage("BASE_INVALID_CERT_FORMAT"))); } @@ -2665,25 +2643,25 @@ private void createMasterKey(HttpServletRequest req, nickname = getNickname(certType); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String content = jssSubSystem.getCertPrettyPrint(pkcs, super.getLocale(req)); if (nickname != null && !nickname.equals("")) results.add(Constants.PR_NICKNAME, nickname); results.add(Constants.PR_CERT_CONTENT, content); - //results = jssSubSystem.getCertInfo(value); + // results = jssSubSystem.getCertInfo(value); sendResponse(SUCCESS, null, results, resp); } private void getCertPrettyPrint(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - @SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String nickname = ""; String serialno = ""; String issuername = ""; @@ -2703,7 +2681,7 @@ private void createMasterKey(HttpServletRequest req, if (key.equals(Constants.PR_NICK_NAME)) { nickname = value; continue; - } + } if (key.equals(Constants.PR_SERIAL_NUMBER)) { serialno = value; continue; @@ -2714,20 +2692,20 @@ private void createMasterKey(HttpServletRequest req, } } - String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname, - serialno, issuername, locale); + String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname, + serialno, issuername, locale); pairs.add(nickname, print); sendResponse(SUCCESS, null, pairs, resp); } private void getRootCertTrustBit(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - @SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String nickname = ""; String serialno = ""; String issuername = ""; @@ -2759,92 +2737,92 @@ private void createMasterKey(HttpServletRequest req, } String trustbit = jssSubSystem.getRootCertTrustBit(nickname, - serialno, issuername); + serialno, issuername); pairs.add(nickname, trustbit); sendResponse(SUCCESS, null, pairs, resp); } private void getCACerts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getCACerts(); sendResponse(SUCCESS, null, pairs, resp); } private void deleteRootCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); int mindex = id.indexOf(":SERIAL#<"); String nickname = id.substring(0, mindex); String sstr1 = id.substring(mindex); int lindex = sstr1.indexOf(">"); String serialno = sstr1.substring(9, lindex); - String issuername = sstr1.substring(lindex+1); + String issuername = sstr1.substring(lindex + 1); jssSubSystem.deleteRootCert(nickname, serialno, issuername); sendResponse(SUCCESS, null, null, resp); } private void deleteUserCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); int mindex = id.indexOf(":SERIAL#<"); String nickname = id.substring(0, mindex); String sstr1 = id.substring(mindex); int lindex = sstr1.indexOf(">"); String serialno = sstr1.substring(9, lindex); - String issuername = sstr1.substring(lindex+1); + String issuername = sstr1.substring(lindex + 1); jssSubSystem.deleteUserCert(nickname, serialno, issuername); sendResponse(SUCCESS, null, null, resp); } private void getRootCerts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getRootCerts(); sendResponse(SUCCESS, null, pairs, resp); } private void getAllCertsManage(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getAllCertsManage(); sendResponse(SUCCESS, null, pairs, resp); } private void getUserCerts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getUserCerts(); sendResponse(SUCCESS, null, pairs, resp); } private void deleteCerts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - @SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String nickname = ""; String date = ""; @@ -2862,19 +2840,19 @@ private void createMasterKey(HttpServletRequest req, nickname = value.substring(0, index); date = value.substring(index + 1); - // cant use this one now since jss doesnt have the interface to + // cant use this one now since jss doesnt have the interface to // do it. jssSubSystem.deleteCert(nickname, date); - // jssSubsystem.deleteCACert(nickname, date); + // jssSubsystem.deleteCACert(nickname, date); } sendResponse(SUCCESS, null, null, resp); } private void validateSubjectName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - @SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); while (enum1.hasMoreElements()) { @@ -2883,19 +2861,19 @@ private void createMasterKey(HttpServletRequest req, if (key.equals(Constants.PR_SUBJECT_NAME)) { ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.isX500DN(value); } } sendResponse(SUCCESS, null, null, resp); - } + } private void validateKeyLength(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - @SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); String keyType = "RSA"; String keyLen = "512"; @@ -2917,16 +2895,16 @@ private void createMasterKey(HttpServletRequest req, int minKey = mConfig.getInteger( ConfigConstants.PR_RSA_MIN_KEYLENGTH, 512); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); // jssSubSystem.checkKeyLength(keyType, keyLength, certType, minKey); sendResponse(SUCCESS, null, null, resp); } private void validateCurveName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - @SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); String curveName = null; @@ -2942,7 +2920,7 @@ private void createMasterKey(HttpServletRequest req, String curveList = mConfig.getString("keys.ecc.curve.list", "nistp521"); String[] curves = curveList.split(","); boolean match = false; - for (int i=0; i<curves.length; i++) { + for (int i = 0; i < curves.length; i++) { if (curves[i].equals(curveName)) { match = true; } @@ -2955,9 +2933,9 @@ private void createMasterKey(HttpServletRequest req, } private void validateCertExtension(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - @SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); String certExt = ""; @@ -2972,19 +2950,19 @@ private void createMasterKey(HttpServletRequest req, } ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.checkCertificateExt(certExt); sendResponse(SUCCESS, null, null, resp); } private void getSubjectName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); - + String nickname = ""; String keyType = "RSA"; String keyLen = "512"; @@ -3003,7 +2981,7 @@ private void createMasterKey(HttpServletRequest req, } ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String subjectName = jssSubSystem.getSubjectDN(nickname); params.add(Constants.PR_SUBJECT_NAME, subjectName); @@ -3011,7 +2989,7 @@ private void createMasterKey(HttpServletRequest req, } private void processSubjectName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @SuppressWarnings("unchecked") @@ -3033,7 +3011,7 @@ private void createMasterKey(HttpServletRequest req, } ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String subjectName = jssSubSystem.getSubjectDN(nickname); params.add(Constants.PR_SUBJECT_NAME, subjectName); @@ -3041,7 +3019,7 @@ private void createMasterKey(HttpServletRequest req, } public void setRootCertTrust(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -3053,10 +3031,10 @@ private void createMasterKey(HttpServletRequest req, CMS.debug("CMSAdminServlet: setRootCertTrust()"); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); try { jssSubSystem.setRootCertTrust(nickname, serialno, issuername, trust); - } catch (EBaseException e) { + } catch (EBaseException e) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, auditSubjectID, @@ -3083,18 +3061,19 @@ private void createMasterKey(HttpServletRequest req, /** * Establish trust of a CA certificate * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when - * "Manage Certificate" is used to edit the trustness of certs and - * deletion of certs + * "Manage Certificate" is used to edit the trustness of certs and deletion + * of certs * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to establish CA certificate trust */ private void trustCACert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -3104,10 +3083,10 @@ private void createMasterKey(HttpServletRequest req, // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - @SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String trust = ""; while (enum1.hasMoreElements()) { @@ -3134,7 +3113,7 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); - //sendResponse(SUCCESS, null, null, resp); + // sendResponse(SUCCESS, null, null, resp); sendResponse(RESTART, null, null, resp); } catch (EBaseException eAudit1) { // store a message in the signed audit log file @@ -3160,41 +3139,42 @@ private void createMasterKey(HttpServletRequest req, // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } /** * Execute all self tests specified to be run on demand. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION used when self * tests are run on demand * </ul> - * @exception EMissingSelfTestException a self test plugin instance - * property name was missing + * + * @exception EMissingSelfTestException a self test plugin instance property + * name was missing * @exception ESelfTestException a self test is missing a required - * configuration parameter + * configuration parameter * @exception IOException an input/output error has occurred */ private synchronized void - runSelfTestsOnDemand(HttpServletRequest req, - HttpServletResponse resp) - throws EMissingSelfTestException, - ESelfTestException, - IOException { + runSelfTestsOnDemand(HttpServletRequest req, + HttpServletResponse resp) + throws EMissingSelfTestException, + ESelfTestException, + IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -3203,7 +3183,7 @@ private void createMasterKey(HttpServletRequest req, try { if (CMS.debugOn()) { CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():" - + " ENTERING . . ."); + + " ENTERING . . ."); } @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); @@ -3224,10 +3204,10 @@ private void createMasterKey(HttpServletRequest req, } ISelfTestSubsystem mSelfTestSubsystem = (ISelfTestSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_SELFTESTS); + CMS.getSubsystem(CMS.SUBSYSTEM_SELFTESTS); if ((request == null) || - (request.equals(""))) { + (request.equals(""))) { // self test plugin run on demand request parameter was missing // log the error logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_REQUEST", @@ -3236,7 +3216,7 @@ private void createMasterKey(HttpServletRequest req, ); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -3264,7 +3244,7 @@ private void createMasterKey(HttpServletRequest req, getServletInfo()); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store this information for console notification content += logMessage @@ -3288,8 +3268,8 @@ private void createMasterKey(HttpServletRequest req, getServletInfo()); mSelfTestSubsystem.log( - mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + mSelfTestSubsystem.getSelfTestLogger(), + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -3309,18 +3289,19 @@ private void createMasterKey(HttpServletRequest req, } ISelfTest test = (ISelfTest) - mSelfTestSubsystem.getSelfTest(instanceName); + mSelfTestSubsystem.getSelfTest(instanceName); if (test == null) { - // self test plugin instance property name is not present + // self test plugin instance property name is not + // present // log the error logMessage = CMS.getLogMessage("SELFTESTS_MISSING_NAME", getServletInfo(), instanceFullName); mSelfTestSubsystem.log( - mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + mSelfTestSubsystem.getSelfTestLogger(), + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -3342,9 +3323,9 @@ private void createMasterKey(HttpServletRequest req, try { if (CMS.debugOn()) { CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():" - + " running \"" - + test.getSelfTestName() - + "\""); + + " running \"" + + test.getSelfTestName() + + "\""); } // store this information for console notification @@ -3368,8 +3349,8 @@ private void createMasterKey(HttpServletRequest req, instanceFullName); mSelfTestSubsystem.log( - mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + mSelfTestSubsystem.getSelfTestLogger(), + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -3401,7 +3382,7 @@ private void createMasterKey(HttpServletRequest req, logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_SUCCEEDED", getServletInfo()); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store this information for console notification content += logMessage @@ -3412,7 +3393,7 @@ private void createMasterKey(HttpServletRequest req, getServletInfo()); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store this information for console notification content += logMessage @@ -3429,14 +3410,14 @@ private void createMasterKey(HttpServletRequest req, // notify console of SUCCESS results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CLASS, - CMSAdminServlet.class.getName()); + CMSAdminServlet.class.getName()); results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CONTENT, - content); + content); sendResponse(SUCCESS, null, results, resp); if (CMS.debugOn()) { CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():" - + " EXITING."); + + " EXITING."); } } catch (EMissingSelfTestException eAudit1) { // store a message in the signed audit log file @@ -3475,16 +3456,16 @@ private void createMasterKey(HttpServletRequest req, } public void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "CMSAdminServlet: " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "CMSAdminServlet: " + msg); } /** * Signed Audit Log Public Key - * + * * This method is called to obtain the public key from the passed in * "KeyPair" object for a signed audit log message. * <P> - * + * * @param object a Key Pair Object * @return key string containing the public key */ @@ -3533,4 +3514,3 @@ private void createMasterKey(HttpServletRequest req, } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java index 7f18d94e..dffa4034 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -42,10 +41,9 @@ import com.netscape.certsrv.jobs.IJobsScheduler; import com.netscape.certsrv.jobs.JobPlugin; import com.netscape.certsrv.logging.ILogger; - /** - * A class representing an administration servlet for the - * Jobs Scheduler and it's scheduled jobs. + * A class representing an administration servlet for the Jobs Scheduler and + * it's scheduled jobs. * * @version $Revision$, $Date$ */ @@ -82,16 +80,16 @@ public class JobsAdminServlet extends AdminServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } - /** - * retrieve extended plugin info such as brief description, type info - * from jobs + /** + * retrieve extended plugin info such as brief description, type info from + * jobs */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); @@ -100,8 +98,8 @@ public class JobsAdminServlet extends AdminServlet { String implType = id.substring(0, colon); String implName = id.substring(colon + 1); - NameValuePairs params = - getExtendedPluginInfo(getLocale(req), implType, implName); + NameValuePairs params = + getExtendedPluginInfo(getLocale(req), implType, implName); sendResponse(SUCCESS, null, params, resp); } @@ -111,7 +109,7 @@ public class JobsAdminServlet extends AdminServlet { Object impl = null; JobPlugin jp = - (JobPlugin) mJobsSched.getPlugins().get(implName); + (JobPlugin) mJobsSched.getPlugins().get(implName); if (jp != null) impl = getClassByNameAsExtendedPluginInfo(jp.getClassPath()); @@ -137,25 +135,25 @@ public class JobsAdminServlet extends AdminServlet { * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); if (op == null) { - //System.out.println("SRVLT_INVALID_PROTOCOL"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + // System.out.println("SRVLT_INVALID_PROTOCOL"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); return; } try { super.authenticate(req); } catch (IOException e) { - sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); return; } @@ -165,8 +163,8 @@ public class JobsAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS)) @@ -174,27 +172,27 @@ public class JobsAdminServlet extends AdminServlet { else if (scope.equals(ScopeDef.SC_JOBS_IMPLS)) getConfig(req, resp); else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) - getInstConfig(req, resp); + getInstConfig(req, resp); else if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) { - try { - getExtendedPluginInfo(req, resp); - } catch (EBaseException e) { - sendResponse(ERROR, e.toString(getLocale(req)), null, resp); - return; + try { + getExtendedPluginInfo(req, resp); + } catch (EBaseException e) { + sendResponse(ERROR, e.toString(getLocale(req)), null, resp); + return; } } else { - //System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + // System.out.println("SRVLT_INVALID_OP_SCOPE"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS)) { @@ -202,17 +200,17 @@ public class JobsAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) { modJobsInst(req, resp, scope); } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS_IMPLS)) @@ -220,18 +218,18 @@ public class JobsAdminServlet extends AdminServlet { else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) listJobsInsts(req, resp); else { - //System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + // System.out.println("SRVLT_INVALID_OP_SCOPE"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_ADD)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS_IMPLS)) @@ -239,18 +237,18 @@ public class JobsAdminServlet extends AdminServlet { else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) addJobsInst(req, resp, scope); else { - //System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + // System.out.println("SRVLT_INVALID_OP_SCOPE"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS_IMPLS)) @@ -258,42 +256,42 @@ public class JobsAdminServlet extends AdminServlet { else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) delJobsInst(req, resp, scope); else { - //System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + // System.out.println("SRVLT_INVALID_OP_SCOPE"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), + null, resp); return; } } catch (EBaseException e) { sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; - } + } } - private synchronized void addJobPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addJobPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the job plugin id unique? if (mJobsSched.getPlugins().containsKey((Object) id)) { sendResponse(ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_PLUGIN_ID", id)).toString(), - null, resp); + new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_PLUGIN_ID", id)).toString(), + null, resp); return; } @@ -301,15 +299,15 @@ public class JobsAdminServlet extends AdminServlet { if (classPath == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NULL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_NULL_CLASS"), + null, resp); return; } IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); // Does the class exist? Class newImpl = null; @@ -318,13 +316,13 @@ public class JobsAdminServlet extends AdminServlet { newImpl = Class.forName(classPath); } catch (ClassNotFoundException e) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NO_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_NO_CLASS"), + null, resp); return; } catch (IllegalArgumentException e) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NO_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_NO_CLASS"), + null, resp); return; } @@ -332,14 +330,14 @@ public class JobsAdminServlet extends AdminServlet { try { if (IJob.class.isAssignableFrom(newImpl) == false) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_CLASS"), + null, resp); return; } } catch (NullPointerException e) { // unlikely, only if newImpl null. sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_CLASS"), + null, resp); return; } @@ -351,10 +349,10 @@ public class JobsAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -362,8 +360,8 @@ public class JobsAdminServlet extends AdminServlet { JobPlugin plugin = new JobPlugin(id, classPath); mJobsSched.getPlugins().put(id, plugin); - mJobsSched.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_JS_PLUGIN_ADD", id)); + mJobsSched.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_JS_PLUGIN_ADD", id)); NameValuePairs params = new NameValuePairs(); @@ -371,24 +369,24 @@ public class JobsAdminServlet extends AdminServlet { return; } - private synchronized void addJobsInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addJobsInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the job instance id unique? if (mJobsSched.getInstances().containsKey((Object) id)) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_INST_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_INST_ID"), + null, resp); return; } @@ -399,21 +397,21 @@ public class JobsAdminServlet extends AdminServlet { if (implname == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ADD_MISSING_PARAMS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ADD_MISSING_PARAMS"), + null, resp); return; } // check if implementation exists. JobPlugin plugin = - (JobPlugin) mJobsSched.getPlugins().get(implname); + (JobPlugin) mJobsSched.getPlugins().get(implname); if (plugin == null) { sendResponse(ERROR, - new - EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", - id)).toString(), - null, resp); + new + EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", + id)).toString(), + null, resp); return; } @@ -423,9 +421,9 @@ public class JobsAdminServlet extends AdminServlet { String[] configParams = mJobsSched.getConfigParams(implname); IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); IConfigStore substore = instancesConfig.makeSubStore(id); if (configParams != null) { @@ -437,10 +435,10 @@ public class JobsAdminServlet extends AdminServlet { substore.put(key, val); } else if (!key.equals("profileId")) { sendResponse(ERROR, - new - EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL", - key)).toString(), - null, resp); + new + EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL", + key)).toString(), + null, resp); return; } } @@ -458,28 +456,28 @@ public class JobsAdminServlet extends AdminServlet { // cleanup instancesConfig.removeSubStore(id); sendResponse(ERROR, - new EJobsException( - CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + new EJobsException( + CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new EJobsException( - CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + new EJobsException( + CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new EJobsException( - CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + new EJobsException( + CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } - + IJobsScheduler scheduler = (IJobsScheduler) - CMS.getSubsystem(CMS.SUBSYSTEM_JOBS); + CMS.getSubsystem(CMS.SUBSYSTEM_JOBS); // initialize the job plugin try { @@ -498,16 +496,16 @@ public class JobsAdminServlet extends AdminServlet { // clean up. instancesConfig.removeSubStore(id); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // inited and commited ok. now add manager instance to list. mJobsSched.getInstances().put(id, jobsInst); - mJobsSched.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_ADD", id)); + mJobsSched.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_ADD", id)); NameValuePairs params = new NameValuePairs(); @@ -516,8 +514,8 @@ public class JobsAdminServlet extends AdminServlet { return; } - private synchronized void listJobPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listJobPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -525,83 +523,81 @@ public class JobsAdminServlet extends AdminServlet { while (e.hasMoreElements()) { String name = (String) e.nextElement(); - JobPlugin value = (JobPlugin) - mJobsSched.getPlugins().get(name); + JobPlugin value = (JobPlugin) + mJobsSched.getPlugins().get(name); params.add(name, value.getClassPath()); - // params.add(name, value.getClassPath()+EDIT); + // params.add(name, value.getClassPath()+EDIT); } sendResponse(SUCCESS, null, params, resp); return; } - private synchronized void listJobsInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listJobsInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); - for (Enumeration e = mJobsSched.getInstances().keys(); - e.hasMoreElements();) { + for (Enumeration e = mJobsSched.getInstances().keys(); e.hasMoreElements();) { String name = (String) e.nextElement(); - IJob value = (IJob) - mJobsSched.getInstances().get((Object) name); + IJob value = (IJob) + mJobsSched.getInstances().get((Object) name); - // params.add(name, value.getImplName()); + // params.add(name, value.getImplName()); params.add(name, value.getImplName() + VISIBLE + - (value.isEnabled() ? ENABLED : DISABLED) - ); + (value.isEnabled() ? ENABLED : DISABLED) + ); } sendResponse(SUCCESS, null, params, resp); return; } - private synchronized void delJobPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delJobPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does this job plugin exist? if (mJobsSched.getPlugins().containsKey(id) == false) { sendResponse(ERROR, - new - EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", - id)).toString(), - null, resp); + new + EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", + id)).toString(), + null, resp); return; } // first check if any instances from this job plugin // DON'T remove job plugin if any instance - for (Enumeration e = mJobsSched.getInstances().elements(); - e.hasMoreElements();) { + for (Enumeration e = mJobsSched.getInstances().elements(); e.hasMoreElements();) { IJob jobs = (IJob) e.nextElement(); if ((jobs.getImplName()).equals(id)) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_IN_USE"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_IN_USE"), + null, resp); return; } } - + // then delete this job plugin mJobsSched.getPlugins().remove((Object) id); IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); instancesConfig.removeSubStore(id); // commiting @@ -609,8 +605,8 @@ public class JobsAdminServlet extends AdminServlet { mConfig.commit(true); } catch (EBaseException e) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -618,52 +614,52 @@ public class JobsAdminServlet extends AdminServlet { return; } - private synchronized void delJobsInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delJobsInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does job plugin instance exist? if (mJobsSched.getInstances().containsKey(id) == false) { sendResponse(ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_NOT_FOUND", - id)).toString(), - null, resp); + new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_NOT_FOUND", + id)).toString(), + null, resp); return; } // only remove from memory // cannot shutdown because we don't keep track of whether it's - // being used. + // being used. IJob jobInst = (IJob) mJobsSched.getInstances().get(id); mJobsSched.getInstances().remove((Object) id); // remove the configuration. IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); instancesConfig.removeSubStore(id); // commiting try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -672,25 +668,24 @@ public class JobsAdminServlet extends AdminServlet { } /** - * used for getting the required configuration parameters (with - * possible default values) for a particular job plugin - * implementation name specified in the RS_ID. Actually, there is - * no logic in here to set any default value here...there's no - * default value for any parameter in this job scheduler subsystem - * at this point. Later, if we do have one (or some), it can be - * added. The interface remains the same. + * used for getting the required configuration parameters (with possible + * default values) for a particular job plugin implementation name specified + * in the RS_ID. Actually, there is no logic in here to set any default + * value here...there's no default value for any parameter in this job + * scheduler subsystem at this point. Later, if we do have one (or some), it + * can be added. The interface remains the same. */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -708,25 +703,25 @@ public class JobsAdminServlet extends AdminServlet { return; } - private synchronized void getInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void getInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does job plugin instance exist? if (mJobsSched.getInstances().containsKey(id) == false) { sendResponse(ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_NOT_FOUND", - id)).toString(), - null, resp); + new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_NOT_FOUND", + id)).toString(), + null, resp); return; } @@ -757,34 +752,32 @@ public class JobsAdminServlet extends AdminServlet { } /** - * Modify job plugin instance. - * This will actually create a new instance with new configuration - * parameters and replace the old instance, if the new instance - * created and initialized successfully. - * The old instance is left running. so this is very expensive. - * Restart of server recommended. + * Modify job plugin instance. This will actually create a new instance with + * new configuration parameters and replace the old instance, if the new + * instance created and initialized successfully. The old instance is left + * running. so this is very expensive. Restart of server recommended. */ - private synchronized void modJobsInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void modJobsInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { // expensive operation. String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // Does the job instance exist? if (!mJobsSched.getInstances().containsKey((Object) id)) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_INST_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_INST_ID"), + null, resp); return; } @@ -793,27 +786,27 @@ public class JobsAdminServlet extends AdminServlet { if (implname == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ADD_MISSING_PARAMS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ADD_MISSING_PARAMS"), + null, resp); return; } - // get plugin for implementation + // get plugin for implementation JobPlugin plugin = - (JobPlugin) mJobsSched.getPlugins().get(implname); + (JobPlugin) mJobsSched.getPlugins().get(implname); if (plugin == null) { sendResponse(ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", - id)).toString(), - null, resp); + new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", + id)).toString(), + null, resp); return; } - // save old instance substore params in case new one fails. + // save old instance substore params in case new one fails. - IJob oldinst = - (IJob) mJobsSched.getInstances().get((Object) id); + IJob oldinst = + (IJob) mJobsSched.getInstances().get((Object) id); IConfigStore oldConfig = oldinst.getConfigStore(); String[] oldConfigParms = oldinst.getConfigParams(); @@ -821,7 +814,7 @@ public class JobsAdminServlet extends AdminServlet { // implName is always required so always include it it. saveParams.add(IJobsScheduler.PROP_PLUGIN, - (String) oldConfig.get(IJobsScheduler.PROP_PLUGIN)); + (String) oldConfig.get(IJobsScheduler.PROP_PLUGIN)); if (oldConfigParms != null) { for (int i = 0; i < oldConfigParms.length; i++) { String key = oldConfigParms[i]; @@ -838,9 +831,9 @@ public class JobsAdminServlet extends AdminServlet { // remove old substore. IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); instancesConfig.removeSubStore(id); @@ -861,10 +854,10 @@ public class JobsAdminServlet extends AdminServlet { } else if (!key.equals("profileId")) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new - EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL", - key)).toString(), - null, resp); + new + EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL", + key)).toString(), + null, resp); return; } } @@ -880,30 +873,30 @@ public class JobsAdminServlet extends AdminServlet { // cleanup restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new EJobsException( - CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + new EJobsException( + CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new EJobsException( - CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + new EJobsException( + CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new EJobsException( - CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + new EJobsException( + CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } // initialize the job plugin IJobsScheduler scheduler = (IJobsScheduler) - CMS.getSubsystem(CMS.SUBSYSTEM_JOBS); + CMS.getSubsystem(CMS.SUBSYSTEM_JOBS); try { newJobInst.init(scheduler, id, implname, substore); @@ -919,17 +912,17 @@ public class JobsAdminServlet extends AdminServlet { return; } - // initialized ok. commiting + // initialized ok. commiting try { mConfig.commit(true); } catch (EBaseException e) { // clean up. restore(instancesConfig, id, saveParams); - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -937,8 +930,8 @@ public class JobsAdminServlet extends AdminServlet { mJobsSched.getInstances().put(id, newJobInst); - mJobsSched.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_REP", id)); + mJobsSched.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_REP", id)); NameValuePairs params = new NameValuePairs(); @@ -947,25 +940,25 @@ public class JobsAdminServlet extends AdminServlet { } private void getSettings(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); - params.add(Constants.PR_ENABLE, - config.getString(IJobsScheduler.PROP_ENABLED, - Constants.FALSE)); + params.add(Constants.PR_ENABLE, + config.getString(IJobsScheduler.PROP_ENABLED, + Constants.FALSE)); // default 1 minute - params.add(Constants.PR_JOBS_FREQUENCY, - config.getString(IJobsScheduler.PROP_INTERVAL, "1")); + params.add(Constants.PR_JOBS_FREQUENCY, + config.getString(IJobsScheduler.PROP_INTERVAL, "1")); - //System.out.println("Send: "+params.toString()); + // System.out.println("Send: "+params.toString()); sendResponse(SUCCESS, null, params, resp); } private void setSettings(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { - //Save New Settings to the config file + throws ServletException, IOException, EBaseException { + // Save New Settings to the config file IConfigStore config = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); String enabled = config.getString(IJobsScheduler.PROP_ENABLED); @@ -978,14 +971,14 @@ public class JobsAdminServlet extends AdminServlet { config.putString(IJobsScheduler.PROP_ENABLED, enabledSetTo); } - //set frequency + // set frequency String interval = - req.getParameter(Constants.PR_JOBS_FREQUENCY); + req.getParameter(Constants.PR_JOBS_FREQUENCY); if (interval != null) { config.putString(IJobsScheduler.PROP_INTERVAL, interval); mJobsSched.setInterval( - config.getInteger(IJobsScheduler.PROP_INTERVAL)); + config.getInteger(IJobsScheduler.PROP_INTERVAL)); } if (enabledChanged == true) { @@ -999,8 +992,8 @@ public class JobsAdminServlet extends AdminServlet { } // convenience routine. - private static void restore(IConfigStore store, - String id, NameValuePairs saveParams) { + private static void restore(IConfigStore store, + String id, NameValuePairs saveParams) { store.removeSubStore(id); IConfigStore rstore = store.makeSubStore(id); @@ -1010,7 +1003,7 @@ public class JobsAdminServlet extends AdminServlet { String key = (String) keys.nextElement(); String value = saveParams.getValue(key); - if (!value.equals("")) + if (!value.equals("")) rstore.put(key, value); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java index e4138d74..feb4ea9b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; @@ -35,13 +34,11 @@ import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.kra.IKeyRecoveryAuthority; import com.netscape.certsrv.logging.ILogger; - /** - * A class representings an administration servlet for Key - * Recovery Authority. This servlet is responsible to serve - * KRA administrative operation such as configuration - * parameter updates. - * + * A class representings an administration servlet for Key Recovery Authority. + * This servlet is responsible to serve KRA administrative operation such as + * configuration parameter updates. + * * @version $Revision$, $Date$ */ public class KRAAdminServlet extends AdminServlet { @@ -57,7 +54,7 @@ public class KRAAdminServlet extends AdminServlet { private IKeyRecoveryAuthority mKRA = null; private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM = - "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3"; /** * Constructs KRA servlet. @@ -73,63 +70,60 @@ public class KRAAdminServlet extends AdminServlet { /** * Returns serlvet information. - * + * * @return name of this servlet */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Serves HTTP admin request. - * + * * @param req HTTP request * @param resp HTTP response */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); super.authenticate(req); String scope = req.getParameter(Constants.OP_SCOPE); if (scope == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } String op = req.getParameter(Constants.OP_TYPE); if (op == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), + null, resp); return; } - + try { AUTHZ_RES_NAME = "certServer.kra.configuration"; if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } - /* Functions not implemented in console - if (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) { - readAutoRecoveryConfig(req, resp); - return; - } else if (scope.equals(ScopeDef.SC_RECOVERY)) { - readRecoveryConfig(req, resp); - return; - } else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) { - getNotificationRIQConfig(req, resp); - return; - } else - */ + /* + * Functions not implemented in console if + * (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) { + * readAutoRecoveryConfig(req, resp); return; } else if + * (scope.equals(ScopeDef.SC_RECOVERY)) { + * readRecoveryConfig(req, resp); return; } else if + * (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) { + * getNotificationRIQConfig(req, resp); return; } else + */ if (scope.equals(ScopeDef.SC_GENERAL)) { getGeneralConfig(req, resp); return; @@ -138,44 +132,39 @@ public class KRAAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } - /* Functions not implemented in console - if (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) { - modifyAutoRecoveryConfig(req, resp); - return; - } else if (scope.equals(ScopeDef.SC_AGENT_PWD)) { - changeAgentPwd(req, resp); - return; - } else if (scope.equals(ScopeDef.SC_MNSCHEME)) { - changeMNScheme(req, resp); - return; - } else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) { - setNotificationRIQConfig(req, resp); - return; - } else - */ + /* + * Functions not implemented in console if + * (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) { + * modifyAutoRecoveryConfig(req, resp); return; } else if + * (scope.equals(ScopeDef.SC_AGENT_PWD)) { changeAgentPwd(req, + * resp); return; } else if (scope.equals(ScopeDef.SC_MNSCHEME)) + * { changeMNScheme(req, resp); return; } else if + * (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) { + * setNotificationRIQConfig(req, resp); return; } else + */ if (scope.equals(ScopeDef.SC_GENERAL)) { - setGeneralConfig(req,resp); + setGeneralConfig(req, resp); } - } + } } catch (EBaseException e) { // convert exception into locale-specific message - sendResponse(ERROR, e.toString(getLocale(req)), - null, resp); + sendResponse(ERROR, e.toString(getLocale(req)), + null, resp); return; } catch (Exception e) { e.printStackTrace(); } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); } private void getGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -188,7 +177,7 @@ public class KRAAdminServlet extends AdminServlet { } private void setGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); boolean restart = false; @@ -202,14 +191,14 @@ public class KRAAdminServlet extends AdminServlet { if (key.equals(Constants.PR_NO_OF_REQUIRED_RECOVERY_AGENTS)) { try { - int number = Integer.parseInt(value); + int number = Integer.parseInt(value); mKRA.setNoOfRequiredAgents(number); } catch (NumberFormatException e) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); throw new EBaseException("Number of agents must be an integer"); @@ -220,10 +209,10 @@ public class KRAAdminServlet extends AdminServlet { commit(true); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java index 08d6fcf5..4dc862a5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -45,13 +44,11 @@ import com.netscape.certsrv.logging.ILogSubsystem; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.logging.LogPlugin; - /** - * A class representings an administration servlet for logging - * subsystem. This servlet is responsible to serve - * logging administrative operation such as configuration - * parameter updates and log retriever. - * + * A class representings an administration servlet for logging subsystem. This + * servlet is responsible to serve logging administrative operation such as + * configuration parameter updates and log retriever. + * * @version $Revision$, $Date$ */ public class LogAdminServlet extends AdminServlet { @@ -70,11 +67,11 @@ public class LogAdminServlet extends AdminServlet { private final static String SIGNED_AUDIT_LOG_TYPE = "SignedAudit"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT = - "LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT_3"; private final static String LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE = - "LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE_4"; + "LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE_4"; private final static String LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE = - "LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE_4"; + "LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE_4"; /** * Constructs Log servlet. @@ -114,15 +111,15 @@ public class LogAdminServlet extends AdminServlet { * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); String op = req.getParameter(Constants.OP_TYPE); if (op == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); return; } @@ -138,8 +135,8 @@ public class LogAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } try { @@ -155,8 +152,8 @@ public class LogAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } @@ -169,17 +166,17 @@ public class LogAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_GENERAL)) { getGeneralConfig(req, resp); } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } @@ -190,17 +187,17 @@ public class LogAdminServlet extends AdminServlet { delLogInst(req, resp, scope); return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_ADD)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } @@ -211,9 +208,9 @@ public class LogAdminServlet extends AdminServlet { addLogInst(req, resp, scope); return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_MODIFY)) { @@ -221,8 +218,8 @@ public class LogAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } @@ -232,17 +229,17 @@ public class LogAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_GENERAL)) { setGeneralConfig(req, resp); } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LOG_IMPLS)) { @@ -268,13 +265,13 @@ public class LogAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } ILogEventListener loginst = - mSys.getLogInstance(instName); + mSys.getLogInstance(instName); if (loginst != null) { NameValuePairs nvps = loginst.retrieveLogContent(toHashtable(req)); @@ -296,12 +293,12 @@ public class LogAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } ILogEventListener loginst = - mSys.getLogInstance(instName); + mSys.getLogInstance(instName); if (loginst != null) { NameValuePairs nvps = loginst.retrieveLogList(toHashtable(req)); @@ -310,15 +307,15 @@ public class LogAdminServlet extends AdminServlet { } return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), + null, resp); return; } } @@ -329,15 +326,15 @@ public class LogAdminServlet extends AdminServlet { System.out.println("XXX >>>" + e.toString() + "<<<"); e.printStackTrace(); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); } return; } - private synchronized void listLogInsts(HttpServletRequest req, - HttpServletResponse resp, boolean all) throws ServletException, + private synchronized void listLogInsts(HttpServletRequest req, + HttpServletResponse resp, boolean all) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -351,9 +348,9 @@ public class LogAdminServlet extends AdminServlet { if (value == null) continue; String pName = mSys.getLogPluginName(value); - LogPlugin pClass = (LogPlugin) - mSys.getLogPlugins().get(pName); - String c = pClass.getClassPath(); + LogPlugin pClass = (LogPlugin) + mSys.getLogPlugins().get(pName); + String c = pClass.getClassPath(); // not show ntEventlog here if (all || (!all && !c.endsWith("NTEventLog"))) @@ -363,12 +360,12 @@ public class LogAdminServlet extends AdminServlet { return; } - /** - * retrieve extended plugin info such as brief description, type info - * from logging + /** + * retrieve extended plugin info such as brief description, type info from + * logging */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); @@ -381,10 +378,10 @@ public class LogAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); } - private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) { - IExtendedPluginInfo ext_info = null; + private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) { + IExtendedPluginInfo ext_info = null; Object impl = null; - LogPlugin lp = (LogPlugin) mSys.getLogPlugins().get(implName); + LogPlugin lp = (LogPlugin) mSys.getLogPlugins().get(implName); if (lp != null) { impl = getClassByNameAsExtendedPluginInfo(lp.getClassPath()); @@ -410,11 +407,12 @@ public class LogAdminServlet extends AdminServlet { /** * Add log plug-in * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when * configuring signedAudit * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -423,9 +421,9 @@ public class LogAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ @SuppressWarnings("unchecked") - private synchronized void addLogPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addLogPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -443,7 +441,7 @@ public class LogAdminServlet extends AdminServlet { } if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -457,8 +455,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -476,8 +474,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_PLUGIN_ID", id)).toString(), - null, resp); + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_PLUGIN_ID", id)).toString(), + null, resp); return; } @@ -496,8 +494,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NULL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_NULL_CLASS"), + null, resp); return; } @@ -505,7 +503,7 @@ public class LogAdminServlet extends AdminServlet { destStore = mConfig.getSubStore("log"); IConfigStore instancesConfig = - destStore.getSubStore("impl"); + destStore.getSubStore("impl"); // Does the class exist? Class<ILogEventListener> newImpl = null; @@ -525,8 +523,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NO_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_NO_CLASS"), + null, resp); return; } catch (IllegalArgumentException e) { // store a message in the signed audit log file @@ -541,8 +539,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NO_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_NO_CLASS"), + null, resp); return; } @@ -561,11 +559,12 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_CLASS"), + null, resp); return; } - } catch (NullPointerException e) { // unlikely, only if newImpl null. + } catch (NullPointerException e) { // unlikely, only if newImpl + // null. // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( @@ -578,8 +577,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_CLASS"), + null, resp); return; } @@ -591,7 +590,7 @@ public class LogAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -605,8 +604,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -631,17 +630,17 @@ public class LogAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -655,17 +654,17 @@ public class LogAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } @@ -682,11 +681,12 @@ public class LogAdminServlet extends AdminServlet { /** * Add log instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when * configuring signedAudit * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -694,9 +694,9 @@ public class LogAdminServlet extends AdminServlet { * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addLogInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addLogInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -726,8 +726,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -743,8 +743,8 @@ public class LogAdminServlet extends AdminServlet { audit(auditMessage); } - sendResponse(ERROR, "Invalid ID '" + id + "'", - null, resp); + sendResponse(ERROR, "Invalid ID '" + id + "'", + null, resp); return; } @@ -761,8 +761,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_INST_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_INST_ID"), + null, resp); return; } @@ -783,15 +783,15 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ADD_MISSING_PARAMS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ADD_MISSING_PARAMS"), + null, resp); return; } // check if implementation exists. LogPlugin plugin = - (LogPlugin) mSys.getLogPlugins().get( - implname); + (LogPlugin) mSys.getLogPlugins().get( + implname); if (plugin == null) { // store a message in the signed audit log file @@ -806,17 +806,17 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND",implname)).toString(), - null, resp); + new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", implname)).toString(), + null, resp); return; } Vector<String> configParams = mSys.getLogDefaultParams(implname); IConfigStore destStore = - mConfig.getSubStore("log"); + mConfig.getSubStore("log"); IConfigStore instancesConfig = - destStore.getSubStore("instance"); + destStore.getSubStore("instance"); IConfigStore substore = instancesConfig.makeSubStore(id); if (configParams != null) { @@ -826,17 +826,17 @@ public class LogAdminServlet extends AdminServlet { String val = req.getParameter(kv.substring(0, index)); if (val == null) { - substore.put(kv.substring(0, index), - kv.substring(index + 1)); + substore.put(kv.substring(0, index), + kv.substring(index + 1)); } else { - substore.put(kv.substring(0, index), - val); + substore.put(kv.substring(0, index), + val); } } } substore.put("pluginName", implname); - // Fix Blackflag Bug #615603: Currently, although expiring log + // Fix Blackflag Bug #615603: Currently, although expiring log // files is no longer supported, it is still a required parameter // that must be present during the creation and modification of // custom log plugins. @@ -864,8 +864,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); @@ -882,8 +882,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); @@ -900,8 +900,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } @@ -962,8 +962,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -988,17 +988,17 @@ public class LogAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -1012,42 +1012,42 @@ public class LogAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } - private synchronized void listLogPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listLogPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration<String> e = mSys.getLogPlugins().keys(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - LogPlugin value = (LogPlugin) - mSys.getLogPlugins().get(name); + LogPlugin value = (LogPlugin) + mSys.getLogPlugins().get(name); // get Description - String c = value.getClassPath(); + String c = value.getClassPath(); String desc = "unknown"; try { ILogEventListener lp = (ILogEventListener) - Class.forName(c).newInstance(); + Class.forName(c).newInstance(); desc = lp.getDescription(); } catch (Exception exp) { - sendResponse(ERROR, exp.toString(), null, - resp); + sendResponse(ERROR, exp.toString(), null, + resp); return; } params.add(name, value.getClassPath() + "," + desc); @@ -1069,11 +1069,12 @@ public class LogAdminServlet extends AdminServlet { /** * Delete log instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when * configuring signedAudit * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -1081,9 +1082,9 @@ public class LogAdminServlet extends AdminServlet { * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void delLogInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void delLogInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1102,7 +1103,7 @@ public class LogAdminServlet extends AdminServlet { } if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -1116,8 +1117,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1135,31 +1136,31 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND",id)).toString(), - null, resp); + new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND", id)).toString(), + null, resp); return; } // only remove from memory // cannot shutdown because we don't keep track of whether it's - // being used. + // being used. ILogEventListener logInst = (ILogEventListener) - mSys.getLogInstance(id); + mSys.getLogInstance(id); mSys.getLogInsts().remove((Object) id); // remove the configuration. IConfigStore destStore = - mConfig.getSubStore("log"); + mConfig.getSubStore("log"); IConfigStore instancesConfig = - destStore.getSubStore("instance"); + destStore.getSubStore("instance"); instancesConfig.removeSubStore(id); // commiting try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -1173,8 +1174,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1192,17 +1193,17 @@ public class LogAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -1216,28 +1217,29 @@ public class LogAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Delete log plug-in * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when * configuring signedAudit * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -1245,9 +1247,9 @@ public class LogAdminServlet extends AdminServlet { * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void delLogPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void delLogPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1266,7 +1268,7 @@ public class LogAdminServlet extends AdminServlet { } if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -1280,8 +1282,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1298,15 +1300,14 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_PLUGIN_NOT_FOUND",id)).toString(), - null, resp); + new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", id)).toString(), + null, resp); return; } // first check if any instances from this log // DON'T remove log if any instance - for (Enumeration<String> e = mSys.getLogInsts().keys(); - e.hasMoreElements();) { + for (Enumeration<String> e = mSys.getLogInsts().keys(); e.hasMoreElements();) { String name = (String) e.nextElement(); ILogEventListener log = mSys.getLogInstance(name); @@ -1323,19 +1324,19 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_IN_USE"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_IN_USE"), + null, resp); return; } } - + // then delete this log mSys.getLogPlugins().remove((Object) id); IConfigStore destStore = - mConfig.getSubStore("log"); + mConfig.getSubStore("log"); IConfigStore instancesConfig = - destStore.getSubStore("impl"); + destStore.getSubStore("impl"); instancesConfig.removeSubStore(id); // commiting @@ -1354,8 +1355,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1373,17 +1374,17 @@ public class LogAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -1397,35 +1398,36 @@ public class LogAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Modify log instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when * configuring signedAudit * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE used when log file - * name (including any path changes) for any of audit, system, transaction, + * name (including any path changes) for any of audit, system, transaction, * or other customized log file change is attempted (authorization should * not allow, but make sure it's written after the attempt) * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE used when log * expiration time change is attempted (authorization should not allow, but * make sure it's written after the attempt) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -1433,9 +1435,9 @@ public class LogAdminServlet extends AdminServlet { * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modLogInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void modLogInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1476,7 +1478,7 @@ public class LogAdminServlet extends AdminServlet { } if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -1490,8 +1492,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1509,8 +1511,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_INST_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_INST_ID"), + null, resp); return; } @@ -1530,14 +1532,14 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ADD_MISSING_PARAMS"), + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ADD_MISSING_PARAMS"), - null, resp); + null, resp); return; } // get plugin for implementation LogPlugin plugin = - (LogPlugin) mSys.getLogPlugins().get(implname); + (LogPlugin) mSys.getLogPlugins().get(implname); if (plugin == null) { // store a message in the signed audit log file @@ -1552,14 +1554,14 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_PLUGIN_NOT_FOUND",implname)).toString(), null, resp); + new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", implname)).toString(), null, resp); return; } // save old instance substore params in case new one fails. ILogEventListener oldinst = - (ILogEventListener) mSys.getLogInstance(id); + (ILogEventListener) mSys.getLogInstance(id); Vector<String> oldConfigParms = oldinst.getInstanceParams(); NameValuePairs saveParams = new NameValuePairs(); @@ -1571,7 +1573,7 @@ public class LogAdminServlet extends AdminServlet { int index = kv.indexOf('='); saveParams.add(kv.substring(0, index), - kv.substring(index + 1)); + kv.substring(index + 1)); } } @@ -1580,27 +1582,27 @@ public class LogAdminServlet extends AdminServlet { // remove old substore. IConfigStore destStore = - mConfig.getSubStore("log"); + mConfig.getSubStore("log"); IConfigStore instancesConfig = - destStore.getSubStore("instance"); + destStore.getSubStore("instance"); // create new substore. Vector<String> configParams = mSys.getLogInstanceParams(id); - //instancesConfig.removeSubStore(id); + // instancesConfig.removeSubStore(id); IConfigStore substore = instancesConfig.makeSubStore(id); substore.put("pluginName", implname); - // Fix Blackflag Bug #615603: Currently, although expiring log + // Fix Blackflag Bug #615603: Currently, although expiring log // files is no longer supported, it is still a required parameter // that must be present during the creation and modification of // custom log plugins. substore.put("expirationTime", "0"); - // IMPORTANT: save a copy of the original log file path + // IMPORTANT: save a copy of the original log file path origLogPath = substore.getString(Constants.PR_LOG_FILENAME); newLogPath = origLogPath; @@ -1612,7 +1614,7 @@ public class LogAdminServlet extends AdminServlet { newLogPath = ""; } - // IMPORTANT: save a copy of the original log expiration time + // IMPORTANT: save a copy of the original log expiration time origExpirationTime = substore.getString( Constants.PR_LOG_EXPIRED_TIME); newExpirationTime = origExpirationTime; @@ -1627,16 +1629,15 @@ public class LogAdminServlet extends AdminServlet { if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { - AUTHZ_RES_NAME = + AUTHZ_RES_NAME = "certServer.log.configuration"; String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); String key = kv.substring(0, index); String val = req.getParameter(key); - if - (key.equals("level")) { - if (val.equals(ILogger.LL_DEBUG_STRING)) + if (key.equals("level")) { + if (val.equals(ILogger.LL_DEBUG_STRING)) val = "0"; else if (val.equals(ILogger.LL_INFO_STRING)) val = "1"; @@ -1653,9 +1654,8 @@ public class LogAdminServlet extends AdminServlet { } - if - (key.equals("rolloverInterval")) { - if (val.equals("Hourly")) + if (key.equals("rolloverInterval")) { + if (val.equals("Hourly")) val = Integer.toString(60 * 60); else if (val.equals("Daily")) val = Integer.toString(60 * 60 * 24); @@ -1667,8 +1667,7 @@ public class LogAdminServlet extends AdminServlet { val = Integer.toString(60 * 60 * 24 * 365); } - if - (key.equals(Constants.PR_LOG_TYPE)) { + if (key.equals(Constants.PR_LOG_TYPE)) { type = val; } @@ -1679,7 +1678,7 @@ public class LogAdminServlet extends AdminServlet { val = val.trim(); newLogPath = val; if (!val.equals(origVal.trim())) { - AUTHZ_RES_NAME = + AUTHZ_RES_NAME = "certServer.log.configuration.fileName"; mOp = "modify"; if ((mToken = super.authorize(req)) == null) { @@ -1709,58 +1708,45 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); - return; - } - } - } -/* - if (key.equals("expirationTime")) { - String origVal = substore.getString(key); - - val = val.trim(); - newExpirationTime = val; - if (!val.equals(origVal.trim())) { - if (id.equals(SIGNED_AUDIT_LOG_TYPE)) { - AUTHZ_RES_NAME = - "certServer.log.configuration.signedAudit.expirationTime"; - } - mOp = "modify"; - if ((mToken = super.authorize(req)) == null) { - // store a message in the signed audit log - // file (regardless of logType) - if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newExpirationTime); - - audit(auditMessage); - } - - // store a message in the signed audit log - // file - if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); - - audit(auditMessage); - } - - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } } } -*/ + /* + * if (key.equals("expirationTime")) { String origVal = + * substore.getString(key); + * + * val = val.trim(); newExpirationTime = val; if + * (!val.equals(origVal.trim())) { if + * (id.equals(SIGNED_AUDIT_LOG_TYPE)) { AUTHZ_RES_NAME = + * "certServer.log.configuration.signedAudit.expirationTime" + * ; } mOp = "modify"; if ((mToken = + * super.authorize(req)) == null) { // store a message + * in the signed audit log // file (regardless of + * logType) if + * (!(newExpirationTime.equals(origExpirationTime))) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, + * auditSubjectID, ILogger.FAILURE, logType, + * newExpirationTime); + * + * audit(auditMessage); } + * + * // store a message in the signed audit log // file if + * (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + * auditSubjectID, ILogger.FAILURE, auditParams(req)); + * + * audit(auditMessage); } + * + * sendResponse(ERROR, + * CMS.getUserMessage(getLocale(req), + * "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; + * } } } + */ substore.put(key, val); } } @@ -1772,7 +1758,7 @@ public class LogAdminServlet extends AdminServlet { ILogEventListener newMgrInst = null; try { - newMgrInst = (ILogEventListener) + newMgrInst = (ILogEventListener) Class.forName(className).newInstance(); } catch (ClassNotFoundException e) { // check to see if the log file path parameter was changed @@ -1800,16 +1786,13 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file // (regardless of logType) /* - if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newExpirationTime); - - audit(auditMessage); - }*/ + * if (!(newExpirationTime.equals(origExpirationTime))) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, + * ILogger.FAILURE, logType, newExpirationTime); + * + * audit(auditMessage); } + */ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -1823,15 +1806,15 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (InstantiationException e) { // check to see if the log file path parameter was changed newLogPath = auditCheckLogPath(req); // check to see if the log expiration time parameter was changed - //newExpirationTime = auditCheckLogExpirationTime(req); + // newExpirationTime = auditCheckLogExpirationTime(req); restore(instancesConfig, id, saveParams); @@ -1850,16 +1833,14 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file // (regardless of logType) - /*if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newExpirationTime); - - audit(auditMessage); - }*/ + /* + * if (!(newExpirationTime.equals(origExpirationTime))) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, + * ILogger.FAILURE, logType, newExpirationTime); + * + * audit(auditMessage); } + */ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -1873,15 +1854,15 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { // check to see if the log file path parameter was changed newLogPath = auditCheckLogPath(req); // check to see if the log expiration time parameter was changed - //newExpirationTime = auditCheckLogExpirationTime(req); + // newExpirationTime = auditCheckLogExpirationTime(req); restore(instancesConfig, id, saveParams); @@ -1900,16 +1881,14 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file // (regardless of logType) - /* if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newExpirationTime); - - audit(auditMessage); - } */ + /* + * if (!(newExpirationTime.equals(origExpirationTime))) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, + * ILogger.FAILURE, logType, newExpirationTime); + * + * audit(auditMessage); } + */ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -1923,13 +1902,13 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } // initialize the log - // initialized ok. commiting + // initialized ok. commiting try { mConfig.commit(true); } catch (EBaseException e) { @@ -1941,7 +1920,7 @@ public class LogAdminServlet extends AdminServlet { // clean up. restore(instancesConfig, id, saveParams); - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); // store a message in the signed audit log file // (regardless of logType) @@ -1958,16 +1937,14 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file // (regardless of logType) - /* if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newExpirationTime); - - audit(auditMessage); - }*/ + /* + * if (!(newExpirationTime.equals(origExpirationTime))) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, + * ILogger.FAILURE, logType, newExpirationTime); + * + * audit(auditMessage); } + */ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -1981,18 +1958,19 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // commited ok. replace instance. - // REMOVED - we didn't do anything to shut off the old instance - // so, it will still be running at this point. You'd have two - // log isntances writing to the same file - this would be a big PROBLEM!!! + // REMOVED - we didn't do anything to shut off the old instance + // so, it will still be running at this point. You'd have two + // log isntances writing to the same file - this would be a big + // PROBLEM!!! - //mSys.getLogInsts().put(id, newMgrInst); + // mSys.getLogInsts().put(id, newMgrInst); NameValuePairs params = new NameValuePairs(); @@ -2000,7 +1978,7 @@ public class LogAdminServlet extends AdminServlet { newLogPath = auditCheckLogPath(req); // check to see if the log expiration time parameter was changed - //newExpirationTime = auditCheckLogExpirationTime(req); + // newExpirationTime = auditCheckLogExpirationTime(req); // store a message in the signed audit log file // (regardless of logType) @@ -2017,16 +1995,14 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file // (regardless of logType) - /*if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.SUCCESS, - logType, - newExpirationTime); - - audit(auditMessage); - }*/ + /* + * if (!(newExpirationTime.equals(origExpirationTime))) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, + * ILogger.SUCCESS, logType, newExpirationTime); + * + * audit(auditMessage); } + */ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -2063,16 +2039,14 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file // (regardless of logType) - /* if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newExpirationTime); - - audit(auditMessage); - } */ + /* + * if (!(newExpirationTime.equals(origExpirationTime))) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, + * ILogger.FAILURE, logType, newExpirationTime); + * + * audit(auditMessage); } + */ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -2109,16 +2083,14 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file // (regardless of logType) - /*if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newExpirationTime); - - audit(auditMessage); - }*/ + /* + * if (!(newExpirationTime.equals(origExpirationTime))) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, + * ILogger.FAILURE, logType, newExpirationTime); + * + * audit(auditMessage); } + */ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -2134,74 +2106,73 @@ public class LogAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // check to see if the log file path parameter was changed - // newLogPath = auditCheckLogPath( req ); + // // check to see if the log file path parameter was changed + // newLogPath = auditCheckLogPath( req ); // - // // check to see if the log expiration time parameter was changed - // newExpirationTime = auditCheckLogExpirationTime( req ); + // // check to see if the log expiration time parameter was changed + // newExpirationTime = auditCheckLogExpirationTime( req ); // - // // store a message in the signed audit log file - // // (regardless of logType) - // if( !( newLogPath.equals( origLogPath ) ) ) { - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, - // auditSubjectID, - // ILogger.FAILURE, - // logType, - // newLogPath ); + // // store a message in the signed audit log file + // // (regardless of logType) + // if( !( newLogPath.equals( origLogPath ) ) ) { + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, + // auditSubjectID, + // ILogger.FAILURE, + // logType, + // newLogPath ); // - // audit( auditMessage ); - // } + // audit( auditMessage ); + // } // - // // store a message in the signed audit log file - // // (regardless of logType) - // if( !( newExpirationTime.equals( origExpirationTime ) ) ) { - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - // auditSubjectID, - // ILogger.FAILURE, - // logType, - // newExpirationTime ); + // // store a message in the signed audit log file + // // (regardless of logType) + // if( !( newExpirationTime.equals( origExpirationTime ) ) ) { + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, + // auditSubjectID, + // ILogger.FAILURE, + // logType, + // newExpirationTime ); // - // audit( auditMessage ); - // } + // audit( auditMessage ); + // } // - // // store a message in the signed audit log file - // if( logType.equals( SIGNED_AUDIT_LOG_TYPE ) ) { - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // if( logType.equals( SIGNED_AUDIT_LOG_TYPE ) ) { + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); - // } + // audit( auditMessage ); + // } // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** - * used for getting the required configuration parameters (with - * possible default values) for a particular plugin - * implementation name specified in the RS_ID. Actually, there is - * no logic in here to set any default value here...there's no - * default value for any parameter in this log subsystem - * at this point. Later, if we do have one (or some), it can be - * added. The interface remains the same. + * used for getting the required configuration parameters (with possible + * default values) for a particular plugin implementation name specified in + * the RS_ID. Actually, there is no logic in here to set any default value + * here...there's no default value for any parameter in this log subsystem + * at this point. Later, if we do have one (or some), it can be added. The + * interface remains the same. */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -2218,8 +2189,8 @@ public class LogAdminServlet extends AdminServlet { if (index == -1) { params.add(kv, ""); } else { - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } } @@ -2227,43 +2198,43 @@ public class LogAdminServlet extends AdminServlet { return; } - private synchronized void getInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void getInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does log instance exist? if (mSys.getLogInsts().containsKey(id) == false) { sendResponse(ERROR, - new ELogNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_INSTANCE_NOT_FOUND",id)).toString(), - null, resp); + new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND", id)).toString(), + null, resp); return; } ILogEventListener logInst = (ILogEventListener) - mSys.getLogInstance(id); + mSys.getLogInstance(id); Vector<String> configParams = logInst.getInstanceParams(); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_LOG_IMPL_NAME, - getLogPluginName(logInst)); + params.add(Constants.PR_LOG_IMPL_NAME, + getLogPluginName(logInst)); // implName is always required so always send it. if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } @@ -2272,8 +2243,8 @@ public class LogAdminServlet extends AdminServlet { } // convenience routine. - private static void restore(IConfigStore store, - String id, NameValuePairs saveParams) { + private static void restore(IConfigStore store, + String id, NameValuePairs saveParams) { store.removeSubStore(id); IConfigStore rstore = store.makeSubStore(id); @@ -2283,17 +2254,17 @@ public class LogAdminServlet extends AdminServlet { String key = (String) keys.nextElement(); String value = saveParams.getValue(key); - if (value != null) + if (value != null) rstore.put(key, value); } } /** * Signed Audit Check Log Path - * + * * This method is called to extract the log file path. * <P> - * + * * @param req http servlet request * @return a string containing the log file path */ @@ -2311,7 +2282,7 @@ public class LogAdminServlet extends AdminServlet { } private void getGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -2327,11 +2298,11 @@ public class LogAdminServlet extends AdminServlet { } private void setGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); boolean restart = false; while (enum1.hasMoreElements()) { @@ -2353,7 +2324,7 @@ public class LogAdminServlet extends AdminServlet { CMS.debug("setGeneralConfig: Invalid value for " + Constants.PR_DEBUG_LOG_LEVEL + ": " + value); throw new EBaseException("Invalid value for " + Constants.PR_DEBUG_LOG_LEVEL); } - } + } } mConfig.commit(true); @@ -2365,4 +2336,3 @@ public class LogAdminServlet extends AdminServlet { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java index 152b364f..263878f0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -39,13 +38,11 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.ocsp.IOCSPAuthority; import com.netscape.certsrv.ocsp.IOCSPStore; - /** - * A class representings an administration servlet for Certificate - * Authority. This servlet is responsible to serve OCSP - * administrative operations such as configuration parameter - * updates. - * + * A class representings an administration servlet for Certificate Authority. + * This servlet is responsible to serve OCSP administrative operations such as + * configuration parameter updates. + * * @version $Revision$, $Date$ */ public class OCSPAdminServlet extends AdminServlet { @@ -60,7 +57,7 @@ public class OCSPAdminServlet extends AdminServlet { private final static String INFO = "OCSPAdminServlet"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE = - "LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE_3"; private IOCSPAuthority mOCSP = null; @@ -84,33 +81,33 @@ public class OCSPAdminServlet extends AdminServlet { } /** - * Serves HTTP request. Each request is authenticated to - * the authenticate manager. + * Serves HTTP request. Each request is authenticated to the authenticate + * manager. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); - - //get all operational flags + + // get all operational flags String op = req.getParameter(Constants.OP_TYPE); String scope = req.getParameter(Constants.OP_SCOPE); - //check operational flags + // check operational flags if ((op == null) || (scope == null)) { sendResponse(1, "Invalid Protocol", null, resp); return; - } + } super.authenticate(req); - + try { AUTHZ_RES_NAME = "certServer.ocsp.configuration"; if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } try { @@ -126,8 +123,8 @@ public class OCSPAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } setDefaultStore(req, resp); @@ -139,8 +136,8 @@ public class OCSPAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) { @@ -154,8 +151,8 @@ public class OCSPAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) { @@ -169,8 +166,8 @@ public class OCSPAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_OCSPSTORES_RULES)) { @@ -185,11 +182,11 @@ public class OCSPAdminServlet extends AdminServlet { } /** - * retrieve extended plugin info such as brief description, - * type info from CRL extensions + * retrieve extended plugin info such as brief description, type info from + * CRL extensions */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); int colon = id.indexOf(':'); @@ -198,7 +195,7 @@ public class OCSPAdminServlet extends AdminServlet { String implName = id.substring(colon + 1); NameValuePairs params = - getExtendedPluginInfo(getLocale(req), implType, implName); + getExtendedPluginInfo(getLocale(req), implType, implName); sendResponse(SUCCESS, null, params, resp); } @@ -229,12 +226,13 @@ public class OCSPAdminServlet extends AdminServlet { /** * Set default OCSP store * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when * configuring OCSP profile (everything under Online Certificate Status * Manager) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -242,8 +240,8 @@ public class OCSPAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setDefaultStore(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -253,7 +251,7 @@ public class OCSPAdminServlet extends AdminServlet { String id = req.getParameter(Constants.RS_ID); mOCSP.getConfigStore().putString(IOCSPAuthority.PROP_DEF_STORE_ID, - id); + id); commit(true); // store a message in the signed audit log file @@ -291,23 +289,23 @@ public class OCSPAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } private void getOCSPStoresConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); IOCSPStore store = mOCSP.getOCSPStore(id); @@ -319,12 +317,13 @@ public class OCSPAdminServlet extends AdminServlet { /** * Set OCSP store configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when * configuring OCSP profile (everything under Online Certificate Status * Manager) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -332,8 +331,8 @@ public class OCSPAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setOCSPStoresConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -403,23 +402,23 @@ public class OCSPAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } private void listOCSPStoresConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mOCSP.getConfigStore(); String defStore = config.getString(IOCSPAuthority.PROP_DEF_STORE_ID); @@ -439,7 +438,7 @@ public class OCSPAdminServlet extends AdminServlet { } private void getGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -451,7 +450,7 @@ public class OCSPAdminServlet extends AdminServlet { private void getSigningAlgConfig(NameValuePairs params) { params.add(Constants.PR_DEFAULT_ALGORITHM, - mOCSP.getDefaultAlgorithm()); + mOCSP.getDefaultAlgorithm()); String[] algorithms = mOCSP.getOCSPSigningAlgorithms(); StringBuffer algorStr = new StringBuffer(); @@ -460,7 +459,7 @@ public class OCSPAdminServlet extends AdminServlet { algorStr.append(algorithms[i]); else algorStr.append(":"); - algorStr.append(algorithms[i]); + algorStr.append(algorithms[i]); } params.add(Constants.PR_ALL_ALGORITHMS, algorStr.toString()); } @@ -468,12 +467,13 @@ public class OCSPAdminServlet extends AdminServlet { /** * Set general OCSP configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when * configuring OCSP profile (everything under Online Certificate Status * Manager) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -481,7 +481,7 @@ public class OCSPAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -538,7 +538,7 @@ public class OCSPAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; - + } } -} +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java index 10a768a2..2216c2c3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -44,14 +43,12 @@ import com.netscape.certsrv.policy.IPolicyProcessor; import com.netscape.certsrv.policy.IPolicyRule; import com.netscape.certsrv.ra.IRegistrationAuthority; - /** * This class is an administration servlet for policy management. - * - * Each service (CA, KRA, RA) should be responsible - * for registering an instance of this with the remote - * administration subsystem. - * + * + * Each service (CA, KRA, RA) should be responsible for registering an instance + * of this with the remote administration subsystem. + * * @version $Revision$, $Date$ */ public class PolicyAdminServlet extends AdminServlet { @@ -63,8 +60,8 @@ public class PolicyAdminServlet extends AdminServlet { public final static String PROP_AUTHORITY = "authority"; private final static String INFO = "PolicyAdminServlet"; - private final static String PW_PASSWORD_CACHE_ADD = - "PASSWORD_CACHE_ADD"; + private final static String PW_PASSWORD_CACHE_ADD = + "PASSWORD_CACHE_ADD"; public final static String PROP_PREDICATE = "predicate"; private IPolicyProcessor mProcessor = null; @@ -85,7 +82,7 @@ public class PolicyAdminServlet extends AdminServlet { public static String MISSING_POLICY_ORDERING = "Missing policy ordering"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY = - "LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY_3"; /** * Constructs administration servlet. @@ -102,7 +99,7 @@ public class PolicyAdminServlet extends AdminServlet { String authority = config.getInitParameter(PROP_AUTHORITY); String policyStatus = null; - CMS.debug( "PolicyAdminServlet: In Policy Admin Servlet init!" ); + CMS.debug("PolicyAdminServlet: In Policy Admin Servlet init!"); // CMS 6.1 began utilizing the "Certificate Profiles" framework // instead of the legacy "Certificate Policies" framework. @@ -112,22 +109,22 @@ public class PolicyAdminServlet extends AdminServlet { // that this legacy "Certificate Policies" framework would be // deprecated and disabled by default (see Bugzilla Bug #472597). // - // NOTE: The "Certificate Policies" framework ONLY applied to - // to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems. + // NOTE: The "Certificate Policies" framework ONLY applied to + // to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems. // - // Further, the "PolicyAdminServlet.java" servlet is ONLY used - // by the CA Console for the following: + // Further, the "PolicyAdminServlet.java" servlet is ONLY used + // by the CA Console for the following: // - // SERVLET-NAME URL-PATTERN - // ==================================================== - // capolicy ca/capolicy + // SERVLET-NAME URL-PATTERN + // ==================================================== + // capolicy ca/capolicy // - // Finally, the "PolicyAdminServlet.java" servlet is ONLY used - // by the KRA Console for the following: + // Finally, the "PolicyAdminServlet.java" servlet is ONLY used + // by the KRA Console for the following: // - // SERVLET-NAME URL-PATTERN - // ==================================================== - // krapolicy kra/krapolicy + // SERVLET-NAME URL-PATTERN + // ==================================================== + // krapolicy kra/krapolicy // if (authority != null) mAuthority = (IAuthority) CMS.getSubsystem(authority); @@ -138,28 +135,28 @@ public class PolicyAdminServlet extends AdminServlet { policyStatus = ICertificateAuthority.ID + "." + "Policy" + "." + IPolicyProcessor.PROP_ENABLE; - if( mConfig.getBoolean( policyStatus, true ) == true ) { - // NOTE: If "ca.Policy.enable=<boolean>" is missing, - // then the referenced instance existed prior - // to this name=value pair existing in its - // 'CS.cfg' file, and thus we err on the - // side that the user may still need to - // use the policy framework. - CMS.debug( "PolicyAdminServlet::init " + if (mConfig.getBoolean(policyStatus, true) == true) { + // NOTE: If "ca.Policy.enable=<boolean>" is missing, + // then the referenced instance existed prior + // to this name=value pair existing in its + // 'CS.cfg' file, and thus we err on the + // side that the user may still need to + // use the policy framework. + CMS.debug("PolicyAdminServlet::init " + "Certificate Policy Framework (deprecated) " - + "is ENABLED" ); + + "is ENABLED"); } else { - // CS 8.1 Default: ca.Policy.enable=false - CMS.debug( "PolicyAdminServlet::init " + // CS 8.1 Default: ca.Policy.enable=false + CMS.debug("PolicyAdminServlet::init " + "Certificate Policy Framework (deprecated) " - + "is DISABLED" ); - return; + + "is DISABLED"); + return; } - } catch( EBaseException e ) { - throw new ServletException( authority + } catch (EBaseException e) { + throw new ServletException(authority + " does not have a " + "master policy switch called '" - + policyStatus + "'" ); + + policyStatus + "'"); } } else if (mAuthority instanceof IRegistrationAuthority) { // this refers to the legacy RA (pre-CMS 7.0) @@ -167,34 +164,34 @@ public class PolicyAdminServlet extends AdminServlet { } else if (mAuthority instanceof IKeyRecoveryAuthority) { mProcessor = ((IKeyRecoveryAuthority) mAuthority).getPolicyProcessor(); try { - policyStatus = IKeyRecoveryAuthority.ID + policyStatus = IKeyRecoveryAuthority.ID + "." + "Policy" + "." + IPolicyProcessor.PROP_ENABLE; - if( mConfig.getBoolean( policyStatus, true ) == true ) { - // NOTE: If "kra.Policy.enable=<boolean>" is missing, - // then the referenced instance existed prior - // to this name=value pair existing in its - // 'CS.cfg' file, and thus we err on the - // side that the user may still need to - // use the policy framework. - CMS.debug( "PolicyAdminServlet::init " + if (mConfig.getBoolean(policyStatus, true) == true) { + // NOTE: If "kra.Policy.enable=<boolean>" is missing, + // then the referenced instance existed prior + // to this name=value pair existing in its + // 'CS.cfg' file, and thus we err on the + // side that the user may still need to + // use the policy framework. + CMS.debug("PolicyAdminServlet::init " + "Certificate Policy Framework (deprecated) " - + "is ENABLED" ); + + "is ENABLED"); } else { - // CS 8.1 Default: kra.Policy.enable=false - CMS.debug( "PolicyAdminServlet::init " + // CS 8.1 Default: kra.Policy.enable=false + CMS.debug("PolicyAdminServlet::init " + "Certificate Policy Framework (deprecated) " - + "is DISABLED" ); - return; + + "is DISABLED"); + return; } - } catch( EBaseException e ) { - throw new ServletException( authority + } catch (EBaseException e) { + throw new ServletException(authority + " does not have a " + "master policy switch called '" - + policyStatus + "'" ); + + policyStatus + "'"); } - } else - throw new ServletException(authority + " does not have policy processor!"); + } else + throw new ServletException(authority + " does not have policy processor!"); } /** @@ -204,15 +201,15 @@ public class PolicyAdminServlet extends AdminServlet { return INFO; } - /** - * retrieve extended plugin info such as brief description, type info - * from policy, authentication, - * need to add: listener, mapper and publishing plugins + /** + * retrieve extended plugin info such as brief description, type info from + * policy, authentication, need to add: listener, mapper and publishing + * plugins */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - + if (!readAuthorize(req, resp)) return; String id = req.getParameter(Constants.RS_ID); @@ -248,27 +245,27 @@ public class PolicyAdminServlet extends AdminServlet { ext_info = (IExtendedPluginInfo) impl; } } - + NameValuePairs nvps = null; - + if (ext_info == null) { nvps = new NameValuePairs(); } else { nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale)); } - + return nvps; } public NameValuePairs getExtendedPluginInfo(Locale locale, String pluginType, - String implName, - String instName) { + String implName, + String instName) { IExtendedPluginInfo ext_info = null; Object impl = null; IPolicyRule policy = mProcessor.getPolicyInstance(instName); - + impl = policy; if (impl == null) { impl = mProcessor.getPolicyImpl(implName); @@ -313,8 +310,8 @@ public class PolicyAdminServlet extends AdminServlet { * Serves HTTP admin request. */ public void service(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { super.service(req, resp); super.authenticate(req); @@ -332,30 +329,30 @@ public class PolicyAdminServlet extends AdminServlet { } catch (EBaseException e) { sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; - } + } } else sendResponse(ERROR, INVALID_POLICY_SCOPE, null, resp); } - private boolean readAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean readAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return false; } return true; } - private boolean modifyAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean modifyAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return false; } return true; @@ -365,8 +362,8 @@ public class PolicyAdminServlet extends AdminServlet { * Process Policy Implementation Management. */ public void processPolicyImplMgmt(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -388,12 +385,12 @@ public class PolicyAdminServlet extends AdminServlet { addPolicyImpl(req, resp); } else sendResponse(ERROR, INVALID_POLICY_IMPL_OP, - null, resp); + null, resp); } public void processPolicyRuleMgmt(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -424,17 +421,17 @@ public class PolicyAdminServlet extends AdminServlet { modifyPolicyInstance(req, resp); } else sendResponse(ERROR, INVALID_POLICY_IMPL_OP, - null, resp); + null, resp); } public void listPolicyImpls(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { Enumeration policyImplNames = mProcessor.getPolicyImplsInfo(); Enumeration policyImpls = mProcessor.getPolicyImpls(); if (policyImplNames == null || - policyImpls == null) { + policyImpls == null) { sendResponse(ERROR, INVALID_POLICY_IMPL_CONFIG, null, resp); return; } @@ -443,12 +440,12 @@ public class PolicyAdminServlet extends AdminServlet { NameValuePairs nvp = new NameValuePairs(); while (policyImplNames.hasMoreElements() && - policyImpls.hasMoreElements()) { + policyImpls.hasMoreElements()) { String id = (String) policyImplNames.nextElement(); IPolicyRule impl = (IPolicyRule) - policyImpls.nextElement(); + policyImpls.nextElement(); String className = - impl.getClass().getName(); + impl.getClass().getName(); String desc = impl.getDescription(); nvp.add(id, className + "," + desc); @@ -457,8 +454,8 @@ public class PolicyAdminServlet extends AdminServlet { } public void listPolicyInstances(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { Enumeration instancesInfo = mProcessor.getPolicyInstancesInfo(); if (instancesInfo == null) { @@ -475,7 +472,7 @@ public class PolicyAdminServlet extends AdminServlet { int i = info.indexOf(";"); nvp.add(info.substring(0, i), info.substring(i + 1)); - + } sendResponse(SUCCESS, null, nvp, resp); } @@ -483,19 +480,20 @@ public class PolicyAdminServlet extends AdminServlet { /** * Delete policy implementation * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when * configuring cert policy constraints and extensions * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deletePolicyImpl(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -533,7 +531,7 @@ public class PolicyAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, null, resp); } catch (Exception e) { - //e.printStackTrace(); + // e.printStackTrace(); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -559,23 +557,23 @@ public class PolicyAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } public void getPolicyImplConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get the policy impl id. String id = req.getParameter(Constants.RS_ID); @@ -604,19 +602,20 @@ public class PolicyAdminServlet extends AdminServlet { /** * Add policy implementation * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when * configuring cert policy constraints and extensions * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addPolicyImpl(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -693,36 +692,37 @@ public class PolicyAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Delete policy instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when * configuring cert policy constraints and extensions * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deletePolicyInstance(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -760,7 +760,7 @@ public class PolicyAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, null, resp); } catch (Exception e) { - //e.printStackTrace(); + // e.printStackTrace(); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -786,23 +786,23 @@ public class PolicyAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } public void getPolicyInstanceConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get the policy rule id. String id = req.getParameter(Constants.RS_ID).trim(); @@ -836,7 +836,7 @@ public class PolicyAdminServlet extends AdminServlet { } public void - putUserPWPair(String combo) { + putUserPWPair(String combo) { int semicolon; semicolon = combo.indexOf(";"); @@ -849,19 +849,20 @@ public class PolicyAdminServlet extends AdminServlet { /** * Add policy instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when * configuring cert policy constraints and extensions * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addPolicyInstance(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -988,36 +989,37 @@ public class PolicyAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Change ordering of policy instances * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when * configuring cert policy constraints and extensions * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void changePolicyInstanceOrdering(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1025,7 +1027,7 @@ public class PolicyAdminServlet extends AdminServlet { // to the signed audit log and stored as failures try { String policyOrder = - req.getParameter(Constants.PR_POLICY_ORDER); + req.getParameter(Constants.PR_POLICY_ORDER); if (policyOrder == null) { // store a message in the signed audit log file @@ -1078,36 +1080,37 @@ public class PolicyAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Modify policy instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when * configuring cert policy constraints and extensions * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyPolicyInstance(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1179,7 +1182,7 @@ public class PolicyAdminServlet extends AdminServlet { sendResponse(ERROR, INVALID_POLICY_IMPL_ID, null, resp); return; } - // XXX + // XXX for (Enumeration n = req.getParameterNames(); n.hasMoreElements();) { String p = (String) n.nextElement(); String l = (String) req.getParameter(p); @@ -1189,15 +1192,10 @@ public class PolicyAdminServlet extends AdminServlet { } /* - for(Enumeration e = v.elements(); e.hasMoreElements(); ) - { - String nv = (String)e.nextElement(); - int index = nv.indexOf("="); - String key = nv.substring(0, index); - val = req.getParameter(key); - if (val != null) - ht.put(key, val); - } + * for(Enumeration e = v.elements(); e.hasMoreElements(); ) { String + * nv = (String)e.nextElement(); int index = nv.indexOf("="); String + * key = nv.substring(0, index); val = req.getParameter(key); if + * (val != null) ht.put(key, val); } */ try { @@ -1238,18 +1236,17 @@ public class PolicyAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java index 9c83a30c..02eafb28 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.File; import java.io.IOException; import java.util.Enumeration; @@ -53,14 +52,12 @@ import com.netscape.certsrv.registry.IPluginInfo; import com.netscape.certsrv.registry.IPluginRegistry; import com.netscape.cms.profile.common.ProfilePolicy; - /** * This class is an administration servlet for policy management. - * - * Each service (CA, KRA, RA) should be responsible - * for registering an instance of this with the remote - * administration subsystem. - * + * + * Each service (CA, KRA, RA) should be responsible for registering an instance + * of this with the remote administration subsystem. + * * @version $Revision$, $Date$ */ public class ProfileAdminServlet extends AdminServlet { @@ -72,8 +69,8 @@ public class ProfileAdminServlet extends AdminServlet { public final static String PROP_AUTHORITY = "authority"; private final static String INFO = "ProfileAdminServlet"; - private final static String PW_PASSWORD_CACHE_ADD = - "PASSWORD_CACHE_ADD"; + private final static String PW_PASSWORD_CACHE_ADD = + "PASSWORD_CACHE_ADD"; public final static String PROP_PREDICATE = "predicate"; private IAuthority mAuthority = null; @@ -97,7 +94,7 @@ public class ProfileAdminServlet extends AdminServlet { public static String BAD_CONFIGURATION_VAL = "Invalid configuration value."; private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE = - "LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE_3"; /** * Constructs administration servlet. @@ -130,8 +127,8 @@ public class ProfileAdminServlet extends AdminServlet { * Serves HTTP admin request. */ public void service(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { super.service(req, resp); super.authenticate(req); @@ -139,7 +136,7 @@ public class ProfileAdminServlet extends AdminServlet { AUTHZ_RES_NAME = "certServer.profile.configuration"; String scope = req.getParameter(Constants.OP_SCOPE); - CMS.debug("ProfileAdminServlet: service scope: " + scope); + CMS.debug("ProfileAdminServlet: service scope: " + scope); if (scope.equals(ScopeDef.SC_PROFILE_RULES)) { processProfileRuleMgmt(req, resp); } else if (scope.equals(ScopeDef.SC_PROFILE_POLICIES)) { @@ -162,33 +159,33 @@ public class ProfileAdminServlet extends AdminServlet { sendResponse(ERROR, INVALID_POLICY_SCOPE, null, resp); } - private boolean readAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean readAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return false; } return true; } - private boolean modifyAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean modifyAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return false; } return true; } public void processProfilePolicy(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -208,8 +205,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void processProfileInput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); String scope = super.getParameter(req, Constants.OP_SCOPE); @@ -230,8 +227,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void processProfileOutput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); String scope = super.getParameter(req, Constants.OP_SCOPE); @@ -252,8 +249,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void processProfileInputConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -269,8 +266,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void processProfileOutputConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -286,8 +283,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void processPolicyDefaultConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -307,8 +304,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void processPolicyConstraintConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -332,8 +329,8 @@ public class ProfileAdminServlet extends AdminServlet { * Process Policy Implementation Management. */ public void processPolicyImplMgmt(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -343,12 +340,12 @@ public class ProfileAdminServlet extends AdminServlet { listProfileImpls(req, resp); } else sendResponse(ERROR, INVALID_POLICY_IMPL_OP, - null, resp); + null, resp); } public void processProfileRuleMgmt(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -374,15 +371,15 @@ public class ProfileAdminServlet extends AdminServlet { modifyProfileInstance(req, resp); } else sendResponse(ERROR, INVALID_POLICY_IMPL_OP, - null, resp); + null, resp); } /** * Lists all registered profile impementations */ public void listProfileImpls(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { Enumeration<String> impls = mRegistry.getIds("profile"); NameValuePairs nvp = new NameValuePairs(); @@ -391,29 +388,30 @@ public class ProfileAdminServlet extends AdminServlet { String id = (String) impls.nextElement(); IPluginInfo info = mRegistry.getPluginInfo("profile", id); - nvp.add(id, info.getClassName() + "," + - info.getDescription(getLocale(req))); - } + nvp.add(id, info.getClassName() + "," + + info.getDescription(getLocale(req))); + } sendResponse(SUCCESS, null, nvp, resp); } /** * Add policy profile * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addProfilePolicy(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -451,10 +449,10 @@ public class ProfileAdminServlet extends AdminServlet { if (mProfileSub.isProfileEnable(profileId)) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_CREATE_POLICY_FAILED", - "Profile is currently enabled"), - null, resp); + CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_CREATE_POLICY_FAILED", + "Profile is currently enabled"), + null, resp); return; } @@ -466,27 +464,27 @@ public class ProfileAdminServlet extends AdminServlet { try { if (!isValidId(setId)) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_CREATE_POLICY_FAILED", - "Invalid set id " + setId), - null, resp); - return; + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_CREATE_POLICY_FAILED", + "Invalid set id " + setId), + null, resp); + return; } if (!isValidId(pId)) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_CREATE_POLICY_FAILED", - "Invalid policy id " + pId), - null, resp); - return; + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_CREATE_POLICY_FAILED", + "Invalid policy id " + pId), + null, resp); + return; } policy = profile.createProfilePolicy(setId, pId, defImpl, conImpl); } catch (EBaseException e1) { // error CMS.debug("ProfileAdminServlet: addProfilePolicy " + - e1.toString()); + e1.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -498,9 +496,9 @@ public class ProfileAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_POLICY_FAILED", - e1.toString()), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_POLICY_FAILED", + e1.toString()), + null, resp); return; } NameValuePairs nvp = new NameValuePairs(); @@ -528,37 +526,38 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Add profile input * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addProfileInput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -594,11 +593,11 @@ public class ProfileAdminServlet extends AdminServlet { IProfileInput input = null; @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); NameValuePairs nvps = new NameValuePairs(); while (names.hasMoreElements()) { - String name = names.nextElement(); + String name = names.nextElement(); if (name.equals("OP_SCOPE")) continue; @@ -623,9 +622,9 @@ public class ProfileAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_INPUT_FAILED", - e1.toString()), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_INPUT_FAILED", + e1.toString()), + null, resp); return; } @@ -655,37 +654,38 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Add profile output * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addProfileOutput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -721,11 +721,11 @@ public class ProfileAdminServlet extends AdminServlet { IProfileOutput output = null; @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); NameValuePairs nvps = new NameValuePairs(); while (names.hasMoreElements()) { - String name = names.nextElement(); + String name = names.nextElement(); if (name.equals("OP_SCOPE")) continue; @@ -751,9 +751,9 @@ public class ProfileAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_OUTPUT_FAILED", - e1.toString()), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_OUTPUT_FAILED", + e1.toString()), + null, resp); return; } @@ -783,37 +783,38 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Delete policy profile * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deleteProfilePolicy(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -823,10 +824,10 @@ public class ProfileAdminServlet extends AdminServlet { String profileId = ""; String policyId = ""; @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); while (names.hasMoreElements()) { - String name = names.nextElement(); + String name = names.nextElement(); if (name.equals("OP_SCOPE")) continue; @@ -904,37 +905,38 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Delete profile input * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deleteProfileInput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -944,7 +946,7 @@ public class ProfileAdminServlet extends AdminServlet { String profileId = ""; String inputId = ""; @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); while (names.hasMoreElements()) { String name = names.nextElement(); @@ -1022,37 +1024,38 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Delete profile output * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deleteProfileOutput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1062,7 +1065,7 @@ public class ProfileAdminServlet extends AdminServlet { String profileId = ""; String outputId = ""; @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); @@ -1140,37 +1143,38 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Add default policy profile configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addPolicyDefaultConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1201,7 +1205,7 @@ public class ProfileAdminServlet extends AdminServlet { sendResponse(ERROR, null, null, resp); return; - } + } StringTokenizer ss = new StringTokenizer(policyId, ":"); String setId = ss.nextToken(); @@ -1210,9 +1214,9 @@ public class ProfileAdminServlet extends AdminServlet { IProfilePolicy policy = profile.getProfilePolicy(setId, pId); IPolicyDefault def = policy.getDefault(); IConfigStore defConfig = def.getConfigStore(); - + @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); @@ -1224,18 +1228,20 @@ public class ProfileAdminServlet extends AdminServlet { if (name.equals("RS_ID")) continue; try { - def.setConfig(name,req.getParameter(name)); + def.setConfig(name, req.getParameter(name)); } catch (EPropertyException e) { - CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception."); - try { - profile.deleteProfilePolicy(setId, pId); - } catch (Exception e11) {} - sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp); - return; + CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception."); + try { + profile.deleteProfilePolicy(setId, pId); + } catch (Exception e11) { + } + sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp); + return; } - // defConfig.putString("params." + name, req.getParameter(name)); + // defConfig.putString("params." + name, + // req.getParameter(name)); } try { profile.getConfigStore().commit(false); @@ -1277,37 +1283,38 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Add policy constraints profile configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addPolicyConstraintConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1338,7 +1345,7 @@ public class ProfileAdminServlet extends AdminServlet { sendResponse(ERROR, null, null, resp); return; - } + } StringTokenizer ss = new StringTokenizer(policyId, ":"); String setId = ss.nextToken(); @@ -1349,10 +1356,10 @@ public class ProfileAdminServlet extends AdminServlet { IConfigStore conConfig = con.getConfigStore(); @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); while (names.hasMoreElements()) { - String name = names.nextElement(); + String name = names.nextElement(); if (name.equals("OP_SCOPE")) continue; @@ -1362,18 +1369,20 @@ public class ProfileAdminServlet extends AdminServlet { continue; try { - con.setConfig(name,req.getParameter(name)); + con.setConfig(name, req.getParameter(name)); } catch (EPropertyException e) { - CMS.debug("ProfileAdminServlet: addPolicyConstraintsConfig setConfig exception."); - try { - profile.deleteProfilePolicy(setId, pId); - } catch (Exception e11) {} - sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp); - return; + CMS.debug("ProfileAdminServlet: addPolicyConstraintsConfig setConfig exception."); + try { + profile.deleteProfilePolicy(setId, pId); + } catch (Exception e11) { + } + sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp); + return; } - // conConfig.putString("params." + name, req.getParameter(name)); + // conConfig.putString("params." + name, + // req.getParameter(name)); } try { profile.getConfigStore().commit(false); @@ -1416,37 +1425,38 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Modify default policy profile configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyPolicyDefaultConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1477,7 +1487,7 @@ public class ProfileAdminServlet extends AdminServlet { sendResponse(ERROR, null, null, resp); return; - } + } StringTokenizer ss = new StringTokenizer(policyId, ":"); String setId = ss.nextToken(); @@ -1485,9 +1495,9 @@ public class ProfileAdminServlet extends AdminServlet { IProfilePolicy policy = profile.getProfilePolicy(setId, pId); IPolicyDefault def = policy.getDefault(); IConfigStore defConfig = def.getConfigStore(); - + @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); @@ -1499,15 +1509,16 @@ public class ProfileAdminServlet extends AdminServlet { if (name.equals("RS_ID")) continue; try { - def.setConfig(name,req.getParameter(name)); + def.setConfig(name, req.getParameter(name)); } catch (EPropertyException e) { - CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception."); - sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp); - return; + CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception."); + sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp); + return; } - // defConfig.putString("params." + name, req.getParameter(name)); + // defConfig.putString("params." + name, + // req.getParameter(name)); } try { profile.getConfigStore().commit(false); @@ -1549,37 +1560,38 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Modify profile input configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyInputConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1616,7 +1628,7 @@ public class ProfileAdminServlet extends AdminServlet { IConfigStore inputConfig = input.getConfigStore(); @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); @@ -1669,37 +1681,38 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Modify profile output configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyOutputConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1736,7 +1749,7 @@ public class ProfileAdminServlet extends AdminServlet { IConfigStore outputConfig = output.getConfigStore(); @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); @@ -1748,7 +1761,7 @@ public class ProfileAdminServlet extends AdminServlet { if (name.equals("RS_ID")) continue; outputConfig.putString("params." + name, - req.getParameter(name)); + req.getParameter(name)); } try { profile.getConfigStore().commit(false); @@ -1790,37 +1803,38 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Modify policy constraints profile configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyPolicyConstraintConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1851,7 +1865,7 @@ public class ProfileAdminServlet extends AdminServlet { sendResponse(ERROR, null, null, resp); return; - } + } StringTokenizer ss = new StringTokenizer(policyId, ":"); String setId = ss.nextToken(); @@ -1861,9 +1875,9 @@ public class ProfileAdminServlet extends AdminServlet { IConfigStore conConfig = con.getConfigStore(); @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); - CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig policy " + policy + " con " + con); + CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig policy " + policy + " con " + con); while (names.hasMoreElements()) { String name = (String) names.nextElement(); @@ -1874,17 +1888,19 @@ public class ProfileAdminServlet extends AdminServlet { if (name.equals("RS_ID")) continue; - // CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig name" + name + " val " + req.getParameter(name)); + // CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig name" + // + name + " val " + req.getParameter(name)); try { - con.setConfig(name,req.getParameter(name)); + con.setConfig(name, req.getParameter(name)); } catch (EPropertyException e) { - CMS.debug("ProfileAdminServlet: modifyPolicyConstraintsConfig setConfig exception."); - sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp); - return; + CMS.debug("ProfileAdminServlet: modifyPolicyConstraintsConfig setConfig exception."); + sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp); + return; } - //conConfig.putString("params." + name, req.getParameter(name)); + // conConfig.putString("params." + name, + // req.getParameter(name)); } try { profile.getConfigStore().commit(false); @@ -1927,23 +1943,23 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } public void getPolicyDefaultConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); StringTokenizer st = new StringTokenizer(id, ";"); @@ -1955,9 +1971,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(profileId); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getPolicyDefaultConfig() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getPolicyDefaultConfig() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } IProfilePolicy policy = null; @@ -1987,15 +2003,15 @@ public class ProfileAdminServlet extends AdminServlet { } public void getPolicyConstraintConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); String constraintsList = req.getParameter(Constants.PR_CONSTRAINTS_LIST); // this one gets called when one of the elements in the default list get // selected, then it returns the list of supported constraintsPolicy if (constraintsList != null) { - + } StringTokenizer st = new StringTokenizer(id, ";"); @@ -2007,9 +2023,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(profileId); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getPolicyConstraintConfig() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getPolicyConstraintConfig() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } StringTokenizer ss = new StringTokenizer(policyId, ":"); @@ -2035,8 +2051,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void getProfilePolicy(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); // only allow profile retrival if it is disabled @@ -2046,9 +2062,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(id); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getProfilePolicy() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getProfilePolicy() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } NameValuePairs nvp = new NameValuePairs(); @@ -2070,9 +2086,9 @@ public class ProfileAdminServlet extends AdminServlet { IPolicyConstraint con = policy.getConstraint(); IConfigStore conConfig = con.getConfigStore(); - nvp.add(setId + ":" + policy.getId(), - def.getName(getLocale(req)) + ";" + - con.getName(getLocale(req))); + nvp.add(setId + ":" + policy.getId(), + def.getName(getLocale(req)) + ";" + + con.getName(getLocale(req))); } } @@ -2080,17 +2096,17 @@ public class ProfileAdminServlet extends AdminServlet { } public void getProfileOutput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); IProfile profile = null; try { profile = mProfileSub.getProfile(id); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getProfileOutput() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getProfileOutput() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } NameValuePairs nvp = new NameValuePairs(); @@ -2107,17 +2123,17 @@ public class ProfileAdminServlet extends AdminServlet { } public void getProfileInput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); IProfile profile = null; try { profile = mProfileSub.getProfile(id); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getProfileInput() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getProfileInput() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } NameValuePairs nvp = new NameValuePairs(); @@ -2134,9 +2150,9 @@ public class ProfileAdminServlet extends AdminServlet { } public void getInputConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { - + HttpServletResponse resp) + throws ServletException, IOException { + String id = req.getParameter(Constants.RS_ID); StringTokenizer st = new StringTokenizer(id, ";"); String profileId = st.nextToken(); @@ -2146,9 +2162,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(profileId); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getInputConfig() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getInputConfig() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } IProfileInput profileInput = null; @@ -2160,14 +2176,14 @@ public class ProfileAdminServlet extends AdminServlet { while (names.hasMoreElements()) { String name = names.nextElement(); IDescriptor desc = profileInput.getConfigDescriptor( - getLocale(req), name); + getLocale(req), name); if (desc == null) { nvp.add(name, ";" + ";" + profileInput.getConfig(name)); } else { - nvp.add(name, desc.getSyntax() + ";" + + nvp.add(name, desc.getSyntax() + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + - profileInput.getConfig(name)); + profileInput.getConfig(name)); } } @@ -2175,8 +2191,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void getOutputConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); StringTokenizer st = new StringTokenizer(id, ";"); @@ -2187,9 +2203,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(profileId); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getOutputConfig() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getOutputConfig() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } IProfileOutput profileOutput = null; @@ -2201,14 +2217,14 @@ public class ProfileAdminServlet extends AdminServlet { while (names.hasMoreElements()) { String name = names.nextElement(); IDescriptor desc = profileOutput.getConfigDescriptor( - getLocale(req), name); + getLocale(req), name); if (desc == null) { nvp.add(name, ";" + ";" + profileOutput.getConfig(name)); } else { - nvp.add(name, desc.getSyntax() + ";" + + nvp.add(name, desc.getSyntax() + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + - profileOutput.getConfig(name)); + profileOutput.getConfig(name)); } } @@ -2216,14 +2232,14 @@ public class ProfileAdminServlet extends AdminServlet { } public void listProfileInstances(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { NameValuePairs nvp = new NameValuePairs(); Enumeration<String> e = mProfileSub.getProfileIds(); while (e.hasMoreElements()) { - String profileId = e.nextElement(); + String profileId = e.nextElement(); IProfile profile = null; try { @@ -2231,7 +2247,7 @@ public class ProfileAdminServlet extends AdminServlet { } catch (EBaseException e1) { // error } - + String status = null; if (mProfileSub.isProfileEnable(profileId)) { @@ -2247,8 +2263,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void getProfileInstanceConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); IProfile profile = null; @@ -2256,9 +2272,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(id); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getProfileInstanceConfig() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getProfileInstanceConfig() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } NameValuePairs nvp = new NameValuePairs(); @@ -2285,20 +2301,21 @@ public class ProfileAdminServlet extends AdminServlet { /** * Delete profile instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deleteProfileInstance(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2324,14 +2341,14 @@ public class ProfileAdminServlet extends AdminServlet { String config = null; - ISubsystem subsystem = CMS.getSubsystem("ca"); + ISubsystem subsystem = CMS.getSubsystem("ca"); String subname = "ca"; - if (subsystem == null) - subname = "ra"; + if (subsystem == null) + subname = "ra"; try { - config = CMS.getConfigStore().getString("instanceRoot") + + config = CMS.getConfigStore().getString("instanceRoot") + "/profiles/" + subname + "/" + id + ".cfg"; } catch (EBaseException e) { // store a message in the signed audit log file @@ -2346,7 +2363,7 @@ public class ProfileAdminServlet extends AdminServlet { sendResponse(ERROR, null, null, resp); return; } - + try { mProfileSub.deleteProfile(id, config); } catch (EProfileException e) { @@ -2386,22 +2403,22 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } public void - putUserPWPair(String combo) { + putUserPWPair(String combo) { int semicolon; semicolon = combo.indexOf(";"); @@ -2411,12 +2428,11 @@ public class ProfileAdminServlet extends AdminServlet { CMS.putPasswordCache(user, pw); } - public boolean isValidId(String id) - { + public boolean isValidId(String id) { for (int i = 0; i < id.length(); i++) { - char c = id.charAt(i); - if (!Character.isLetterOrDigit(c)) - return false; + char c = id.charAt(i); + if (!Character.isLetterOrDigit(c)) + return false; } return true; } @@ -2424,20 +2440,21 @@ public class ProfileAdminServlet extends AdminServlet { /** * Add profile instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addProfileInstance(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2465,14 +2482,14 @@ public class ProfileAdminServlet extends AdminServlet { IProfile p = null; try { - p = mProfileSub.getProfile(id); + p = mProfileSub.getProfile(id); } catch (EProfileException e1) { } if (p != null) { sendResponse(ERROR, POLICY_INST_ID_ALREADY_USED, null, resp); return; } - + String impl = req.getParameter("impl"); String name = req.getParameter("name"); String desc = req.getParameter("desc"); @@ -2516,8 +2533,8 @@ public class ProfileAdminServlet extends AdminServlet { profile = mProfileSub.createProfile(id, impl, info.getClassName(), config); - profile.setName(getLocale(req), name); - profile.setDescription(getLocale(req), name); + profile.setName(getLocale(req), name); + profile.setDescription(getLocale(req), name); if (visible != null && visible.equals("true")) { profile.setVisible(true); } else { @@ -2528,10 +2545,10 @@ public class ProfileAdminServlet extends AdminServlet { mProfileSub.createProfileConfig(id, impl, config); if (profile instanceof IProfileEx) { - // populates profile specific plugins such as - // policies, inputs and outputs - ((IProfileEx)profile).populate(); - } + // populates profile specific plugins such as + // policies, inputs and outputs + ((IProfileEx) profile).populate(); + } } catch (Exception e) { CMS.debug("ProfileAdminServlet: " + e.toString()); @@ -2571,37 +2588,38 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Modify profile instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyProfileInstance(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2656,7 +2674,7 @@ public class ProfileAdminServlet extends AdminServlet { audit(auditMessage); try { - profile.getConfigStore().commit(false); + profile.getConfigStore().commit(false); } catch (Exception e) { } @@ -2674,25 +2692,24 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } - protected String getNonNull(String s) { - if (s == null) - return ""; - return s; - } + protected String getNonNull(String s) { + if (s == null) + return ""; + return s; + } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java index 2842542e..b71bf4f1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -68,12 +67,11 @@ import com.netscape.certsrv.publish.RulePlugin; import com.netscape.certsrv.security.ICryptoSubsystem; import com.netscape.cmsutil.password.IPasswordStore; - /** - * A class representing an publishing servlet for the - * Publishing subsystem. This servlet is responsible - * to serve configuration requests for the Publishing subsystem. - * + * A class representing an publishing servlet for the Publishing subsystem. This + * servlet is responsible to serve configuration requests for the Publishing + * subsystem. + * * @version $Revision$, $Date$ */ public class PublisherAdminServlet extends AdminServlet { @@ -85,8 +83,8 @@ public class PublisherAdminServlet extends AdminServlet { public final static String PROP_AUTHORITY = "authority"; private final static String INFO = "PublisherAdminServlet"; - private final static String PW_TAG_CA_LDAP_PUBLISHING = - "CA LDAP Publishing"; + private final static String PW_TAG_CA_LDAP_PUBLISHING = + "CA LDAP Publishing"; public final static String NOMAPPER = "<NONE>"; private IPublisherProcessor mProcessor = null; private IAuthority mAuth = null; @@ -110,22 +108,22 @@ public class PublisherAdminServlet extends AdminServlet { if (mAuth != null) if (mAuth instanceof ICertificateAuthority) { mProcessor = ((ICertificateAuthority) mAuth).getPublisherProcessor(); - } else - throw new ServletException(authority + " does not have publishing processor!"); + } else + throw new ServletException(authority + " does not have publishing processor!"); } /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); CMS.debug("PublisherAdminServlet: in service"); @@ -133,14 +131,14 @@ public class PublisherAdminServlet extends AdminServlet { String op = req.getParameter(Constants.OP_TYPE); if (op == null) { - //System.out.println("SRVLT_INVALID_PROTOCOL"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + // System.out.println("SRVLT_INVALID_PROTOCOL"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); return; } - // for the rest + // for the rest try { super.authenticate(req); @@ -149,8 +147,8 @@ public class PublisherAdminServlet extends AdminServlet { return; } } catch (IOException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); return; } try { @@ -160,8 +158,8 @@ public class PublisherAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) { @@ -188,13 +186,13 @@ public class PublisherAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_RULE_RULES)) { getRuleInstConfig(req, resp); return; - } + } } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) { @@ -214,20 +212,20 @@ public class PublisherAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) { testSetLDAPDest(req, resp); return; - } + } } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) { @@ -242,7 +240,7 @@ public class PublisherAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_MAPPER_RULES)) { listMapperInsts(req, resp); return; - } else if (scope.equals(ScopeDef.SC_RULE_IMPLS)) { + } else if (scope.equals(ScopeDef.SC_RULE_IMPLS)) { listRulePlugins(req, resp); return; } else if (scope.equals(ScopeDef.SC_RULE_RULES)) { @@ -253,8 +251,8 @@ public class PublisherAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) { @@ -275,13 +273,13 @@ public class PublisherAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_RULE_RULES)) { addRuleInst(req, resp, scope); return; - } + } } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) { @@ -304,31 +302,31 @@ public class PublisherAdminServlet extends AdminServlet { return; } } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), + null, resp); return; } } else { - //System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + // System.out.println("SRVLT_INVALID_OP_SCOPE"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } catch (EBaseException e) { sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; - } - //System.out.println("SRVLT_FAIL_PERFORM 2"); + } + // System.out.println("SRVLT_FAIL_PERFORM 2"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); return; } private IExtendedPluginInfo getExtendedPluginInfo(IPublisherProcessor - p) { + p) { Enumeration mappers = p.getMapperInsts().keys(); Enumeration publishers = p.getPublisherInsts().keys(); @@ -337,11 +335,11 @@ public class PublisherAdminServlet extends AdminServlet { for (; mappers.hasMoreElements();) { String name = (String) mappers.nextElement(); - if (map.length()== 0) { - map.append(name); + if (map.length() == 0) { + map.append(name); } else { - map.append(","); - map.append(name); + map.append(","); + map.append(name); } } StringBuffer publish = new StringBuffer(); @@ -374,17 +372,17 @@ public class PublisherAdminServlet extends AdminServlet { // Should get the registered rules from processor // instead of plugin - // OLD: impl = getClassByNameAsExtendedPluginInfo(plugin.getClassPath()); + // OLD: impl = + // getClassByNameAsExtendedPluginInfo(plugin.getClassPath()); impl = getExtendedPluginInfo(p_processor); } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_MAPPER)) { IPublisherProcessor p_processor = mProcessor; Plugin plugin = (Plugin) p_processor.getMapperPlugins().get(implName - ); + ); impl = getClassByNameAsExtendedPluginInfo(plugin.getClassPath()); - } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_PUBLISHER) - ) { + } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_PUBLISHER)) { IPublisherProcessor p_processor = mProcessor; Plugin plugin = (Plugin) p_processor.getPublisherPlugins().get(implName); @@ -408,13 +406,13 @@ public class PublisherAdminServlet extends AdminServlet { } - /** - * retrieve extended plugin info such as brief description, type info - * from policy, authentication, - * need to add: listener, mapper and publishing plugins + /** + * retrieve extended plugin info such as brief description, type info from + * policy, authentication, need to add: listener, mapper and publishing + * plugins */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); @@ -423,14 +421,14 @@ public class PublisherAdminServlet extends AdminServlet { String implType = id.substring(0, colon); String implName = id.substring(colon + 1); - NameValuePairs params = - getExtendedPluginInfo(getLocale(req), implType, implName); + NameValuePairs params = + getExtendedPluginInfo(getLocale(req), implType, implName); sendResponse(SUCCESS, null, params, resp); } - + private void getLDAPDest(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mAuth.getConfigStore(); @@ -482,34 +480,34 @@ public class PublisherAdminServlet extends AdminServlet { params.add(name, value); } } - params.add(Constants.PR_PUBLISHING_ENABLE, - publishcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE)); + params.add(Constants.PR_PUBLISHING_ENABLE, + publishcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE)); params.add(Constants.PR_PUBLISHING_QUEUE_ENABLE, - publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_ENABLE, Constants.TRUE)); + publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_ENABLE, Constants.TRUE)); params.add(Constants.PR_PUBLISHING_QUEUE_THREADS, - publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_THREADS, "3")); + publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_THREADS, "3")); params.add(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, - publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, "40")); + publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, "40")); params.add(Constants.PR_PUBLISHING_QUEUE_PRIORITY, - publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PRIORITY, "0")); + publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PRIORITY, "0")); params.add(Constants.PR_PUBLISHING_QUEUE_STATUS, - publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_STATUS, "200")); - params.add(Constants.PR_ENABLE, - ldapcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE)); + publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_STATUS, "200")); + params.add(Constants.PR_ENABLE, + ldapcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE)); sendResponse(SUCCESS, null, params, resp); } private void setLDAPDest(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); - //Save New Settings to the config file + // Save New Settings to the config file IConfigStore config = mAuth.getConfigStore(); IConfigStore publishcfg = config.getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE); IConfigStore ldapcfg = publishcfg.getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE); IConfigStore ldap = ldapcfg.getSubStore(IPublisherProcessor.PROP_LDAP); - //set enable flag + // set enable flag publishcfg.putString(IPublisherProcessor.PROP_ENABLE, req.getParameter(Constants.PR_PUBLISHING_ENABLE)); String enable = req.getParameter(Constants.PR_ENABLE); @@ -518,8 +516,8 @@ public class PublisherAdminServlet extends AdminServlet { // need to disable the ldap module here mProcessor.setLdapConnModule(null); } - - //set reset of the parameters + + // set reset of the parameters Enumeration e = req.getParameterNames(); String pwd = null; @@ -536,9 +534,9 @@ public class PublisherAdminServlet extends AdminServlet { continue; if (name.equals(Constants.PR_PUBLISHING_ENABLE)) continue; - // don't store password in the config file. - if (name.equals(Constants.PR_BIND_PASSWD)) - continue; // old style password read from config. + // don't store password in the config file. + if (name.equals(Constants.PR_BIND_PASSWD)) + continue; // old style password read from config. if (name.equals(Constants.PR_DIRECTORY_MANAGER_PWD)) { pwd = req.getParameter(name); continue; @@ -567,40 +565,36 @@ public class PublisherAdminServlet extends AdminServlet { /* Don't enter the publishing pw into the config store */ ldap.putString(name, req.getParameter(name)); } - + commit(true); - /* Do a "PUT" of the new pw to the watchdog" - ** do not remove - cfu - if (pwd != null) - CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd); + /* + * Do a "PUT" of the new pw to the watchdog"* do not remove - cfu if + * (pwd != null) CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd); */ // support publishing dirsrv with different pwd than internaldb // update passwordFile String prompt = ldap.getString(Constants.PR_BINDPWD_PROMPT); IPasswordStore pwdStore = CMS.getPasswordStore(); - CMS.debug("PublisherAdminServlet: setLDAPDest(): saving password for "+ prompt + " to password file"); + CMS.debug("PublisherAdminServlet: setLDAPDest(): saving password for " + prompt + " to password file"); pwdStore.putPassword(prompt, pwd); pwdStore.commit(); CMS.debug("PublisherAdminServlet: setLDAPDest(): password saved"); -/* we'll shut down and restart the PublisherProcessor instead - // what a hack to do this without require restart server -// ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); - ILdapConnModule connModule = mProcessor.getLdapConnModule(); - ILdapAuthInfo authInfo = null; - if (connModule != null) { - authInfo = connModule.getLdapAuthInfo(); - } - -// authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); - if (authInfo != null) { - CMS.debug("PublisherAdminServlet: setLDAPDest(): adding password to memory cache"); - authInfo.addPassword(prompt, pwd); - } else - CMS.debug("PublisherAdminServlet: setLDAPDest(): authInfo null"); -*/ + /* + * we'll shut down and restart the PublisherProcessor instead // what a + * hack to do this without require restart server // ILdapAuthInfo + * authInfo = CMS.getLdapAuthInfo(); ILdapConnModule connModule = + * mProcessor.getLdapConnModule(); ILdapAuthInfo authInfo = null; if + * (connModule != null) { authInfo = connModule.getLdapAuthInfo(); } + * + * // authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); if (authInfo + * != null) { CMS.debug( + * "PublisherAdminServlet: setLDAPDest(): adding password to memory cache" + * ); authInfo.addPassword(prompt, pwd); } else + * CMS.debug("PublisherAdminServlet: setLDAPDest(): authInfo null"); + */ try { CMS.debug("PublisherAdminServlet: setLDAPDest(): restarting publishing processor"); @@ -613,24 +607,24 @@ public class PublisherAdminServlet extends AdminServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_RES_LDAP", ex.toString())); } - //XXX See if we can dynamically in B2 + // XXX See if we can dynamically in B2 sendResponse(SUCCESS, null, null, resp); } private void testSetLDAPDest(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); CMS.debug("PublisherAdmineServlet: in testSetLDAPDest"); - //Save New Settings to the config file + // Save New Settings to the config file IConfigStore config = mAuth.getConfigStore(); IConfigStore publishcfg = config.getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE); IConfigStore ldapcfg = publishcfg.getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE); IConfigStore ldap = ldapcfg.getSubStore(IPublisherProcessor.PROP_LDAP); - //set enable flag - publishcfg.putString(IPublisherProcessor.PROP_ENABLE, - req.getParameter(Constants.PR_PUBLISHING_ENABLE)); + // set enable flag + publishcfg.putString(IPublisherProcessor.PROP_ENABLE, + req.getParameter(Constants.PR_PUBLISHING_ENABLE)); String ldapPublish = req.getParameter(Constants.PR_ENABLE); ldapcfg.putString(IPublisherProcessor.PROP_ENABLE, ldapPublish); @@ -639,7 +633,7 @@ public class PublisherAdminServlet extends AdminServlet { mProcessor.setLdapConnModule(null); } - //set reset of the parameters + // set reset of the parameters Enumeration e = req.getParameterNames(); String pwd = null; @@ -656,9 +650,9 @@ public class PublisherAdminServlet extends AdminServlet { continue; if (name.equals(Constants.PR_PUBLISHING_ENABLE)) continue; - // don't store password in the config file. - if (name.equals(Constants.PR_BIND_PASSWD)) - continue; // old style password read from config. + // don't store password in the config file. + if (name.equals(Constants.PR_BIND_PASSWD)) + continue; // old style password read from config. if (name.equals(Constants.PR_DIRECTORY_MANAGER_PWD)) { pwd = req.getParameter(name); continue; @@ -687,25 +681,25 @@ public class PublisherAdminServlet extends AdminServlet { /* Don't enter the publishing pw into the config store */ ldap.putString(name, req.getParameter(name)); } - + // test before commit if (publishcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) && - ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) { - params.add("title", - "You've attempted to configure CMS to connect" + - " to a LDAP directory. The connection status is" + - " as follows:\n \n"); + ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) { + params.add("title", + "You've attempted to configure CMS to connect" + + " to a LDAP directory. The connection status is" + + " as follows:\n \n"); LDAPConnection conn = null; ILdapConnInfo connInfo = - CMS.getLdapConnInfo(ldap.getSubStore( - ILdapBoundConnFactory.PROP_LDAPCONNINFO)); - //LdapAuthInfo authInfo = - //new LdapAuthInfo(ldap.getSubStore( - // ILdapBoundConnFactory.PROP_LDAPAUTHINFO)); - String host = connInfo.getHost(); + CMS.getLdapConnInfo(ldap.getSubStore( + ILdapBoundConnFactory.PROP_LDAPCONNINFO)); + // LdapAuthInfo authInfo = + // new LdapAuthInfo(ldap.getSubStore( + // ILdapBoundConnFactory.PROP_LDAPAUTHINFO)); + String host = connInfo.getHost(); int port = connInfo.getPort(); boolean secure = connInfo.getSecure(); - //int authType = authInfo.getAuthType(); + // int authType = authInfo.getAuthType(); String authType = ldap.getSubStore( ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_LDAPAUTHTYPE); int version = connInfo.getVersion(); @@ -714,57 +708,57 @@ public class PublisherAdminServlet extends AdminServlet { if (authType.equals(ILdapAuthInfo.LDAP_SSLCLIENTAUTH_STR)) { try { - //certNickName = authInfo.getParms()[0]; + // certNickName = authInfo.getParms()[0]; certNickName = ldap.getSubStore( ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_CLIENTCERTNICKNAME); conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory( certNickName)); CMS.debug("Publishing Test certNickName=" + certNickName); - params.add(Constants.PR_CONN_INITED, - "Create ssl LDAPConnection with certificate: " + - certNickName + dashes(70 - 44 - certNickName.length()) + " Success"); + params.add(Constants.PR_CONN_INITED, + "Create ssl LDAPConnection with certificate: " + + certNickName + dashes(70 - 44 - certNickName.length()) + " Success"); } catch (Exception ex) { - params.add(Constants.PR_CONN_INIT_FAIL, - "Create ssl LDAPConnection with certificate: " + - certNickName + dashes(70 - 44 - certNickName.length()) + " failure\n" + " exception: " + ex); - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then LDAP publishing will fail.\n" + - "Do you want to save the configuration anyway?"); + params.add(Constants.PR_CONN_INIT_FAIL, + "Create ssl LDAPConnection with certificate: " + + certNickName + dashes(70 - 44 - certNickName.length()) + " failure\n" + " exception: " + ex); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } try { conn.connect(host, port); - params.add(Constants.PR_CONN_OK, - "Connect to directory server " + - host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success"); - params.add(Constants.PR_AUTH_OK, - "Authentication: SSL client authentication" + - dashes(70 - 41) + " Success" + - "\nBind to the directory as: " + certNickName + - dashes(70 - 26 - certNickName.length()) + " Success"); + params.add(Constants.PR_CONN_OK, + "Connect to directory server " + + host + " at port " + port + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success"); + params.add(Constants.PR_AUTH_OK, + "Authentication: SSL client authentication" + + dashes(70 - 41) + " Success" + + "\nBind to the directory as: " + certNickName + + dashes(70 - 26 - certNickName.length()) + " Success"); } catch (LDAPException ex) { if (ex.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. - params.add(Constants.PR_CONN_FAIL, - "Connect to directory server " + - host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + - " Failure\n" + - " error: server unavailable"); + params.add(Constants.PR_CONN_FAIL, + "Connect to directory server " + + host + " at port " + port + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + + " Failure\n" + + " error: server unavailable"); } else { - params.add(Constants.PR_CONN_FAIL, - "Connect to directory server " + - host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + - " Failure"); + params.add(Constants.PR_CONN_FAIL, + "Connect to directory server " + + host + " at port " + port + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + + " Failure"); } - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " + - "LDAP publishing will fail.\n" + - "Do you want to save the configuration anyway?"); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } @@ -773,99 +767,97 @@ public class PublisherAdminServlet extends AdminServlet { if (secure) { conn = new LDAPConnection( CMS.getLdapJssSSLSocketFactory()); - params.add(Constants.PR_CONN_INITED, - "Create ssl LDAPConnection" + - dashes(70 - 25) + " Success"); + params.add(Constants.PR_CONN_INITED, + "Create ssl LDAPConnection" + + dashes(70 - 25) + " Success"); } else { conn = new LDAPConnection(); - params.add(Constants.PR_CONN_INITED, - "Create LDAPConnection" + - dashes(70 - 21) + " Success"); + params.add(Constants.PR_CONN_INITED, + "Create LDAPConnection" + + dashes(70 - 21) + " Success"); } } catch (Exception ex) { - params.add(Constants.PR_CONN_INIT_FAIL, - "Create LDAPConnection" + - dashes(70 - 21) + " Failure\n" + - "exception: " + ex); - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " + - "LDAP publishing will fail.\n" + - "Do you want to save the configuration anyway?"); + params.add(Constants.PR_CONN_INIT_FAIL, + "Create LDAPConnection" + + dashes(70 - 21) + " Failure\n" + + "exception: " + ex); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } try { conn.connect(host, port); - params.add(Constants.PR_CONN_OK, - "Connect to directory server " + - host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success"); + params.add(Constants.PR_CONN_OK, + "Connect to directory server " + + host + " at port " + port + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success"); } catch (LDAPException ex) { if (ex.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. - params.add(Constants.PR_CONN_FAIL, - "Connect to directory server " + - host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" + - "\nerror: server unavailable"); + params.add(Constants.PR_CONN_FAIL, + "Connect to directory server " + + host + " at port " + port + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" + + "\nerror: server unavailable"); } else { - params.add(Constants.PR_CONN_FAIL, - "Connect to directory server " + - host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" + - "\nexception: " + ex); + params.add(Constants.PR_CONN_FAIL, + "Connect to directory server " + + host + " at port " + port + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" + + "\nexception: " + ex); } - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " + - "LDAP publishing will fail.\n" + - "Do you want to save the configuration anyway?"); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } try { - //bindAs = authInfo.getParms()[0]; + // bindAs = authInfo.getParms()[0]; bindAs = ldap.getSubStore( ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_BINDDN); conn.authenticate(version, bindAs, pwd); - params.add(Constants.PR_AUTH_OK, - "Authentication: Basic authentication" + - dashes(70 - 36) + " Success" + - "\nBind to the directory as: " + bindAs + - dashes(70 - 26 - bindAs.length()) + " Success"); + params.add(Constants.PR_AUTH_OK, + "Authentication: Basic authentication" + + dashes(70 - 36) + " Success" + + "\nBind to the directory as: " + bindAs + + dashes(70 - 26 - bindAs.length()) + " Success"); } catch (LDAPException ex) { - if (ex.getLDAPResultCode() == - LDAPException.NO_SUCH_OBJECT) { - params.add(Constants.PR_AUTH_FAIL, - "Authentication: Basic authentication" + - dashes(70 - 36) + "Failure" + - "\nBind to the directory as: " + bindAs + - dashes(70 - 26 - bindAs.length()) + - "Failure" + "\nThe object doesn't exist. " + - "Please correct the value assigned in the" + - " \"Directory manager DN\" field."); - } else if (ex.getLDAPResultCode() == - LDAPException.INVALID_CREDENTIALS) { - params.add(Constants.PR_AUTH_FAIL, - "Authentication: Basic authentication" + - dashes(70 - 36) + " Failure" + - "\nBind to the directory as: " + bindAs + - dashes(70 - 26 - bindAs.length()) + - " Failure" + "\nInvalid password. " + - "Please correct the value assigned in the" + - " \"Password\" field."); + if (ex.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT) { + params.add(Constants.PR_AUTH_FAIL, + "Authentication: Basic authentication" + + dashes(70 - 36) + "Failure" + + "\nBind to the directory as: " + bindAs + + dashes(70 - 26 - bindAs.length()) + + "Failure" + "\nThe object doesn't exist. " + + "Please correct the value assigned in the" + + " \"Directory manager DN\" field."); + } else if (ex.getLDAPResultCode() == LDAPException.INVALID_CREDENTIALS) { + params.add(Constants.PR_AUTH_FAIL, + "Authentication: Basic authentication" + + dashes(70 - 36) + " Failure" + + "\nBind to the directory as: " + bindAs + + dashes(70 - 26 - bindAs.length()) + + " Failure" + "\nInvalid password. " + + "Please correct the value assigned in the" + + " \"Password\" field."); } else { - params.add(Constants.PR_AUTH_FAIL, - "Authentication: Basic authentication" + - dashes(70 - 36) + " Failure" + - "\nBind to the directory as: " + bindAs + - dashes(70 - 26 - bindAs.length()) + - " Failure"); + params.add(Constants.PR_AUTH_FAIL, + "Authentication: Basic authentication" + + dashes(70 - 36) + " Failure" + + "\nBind to the directory as: " + bindAs + + dashes(70 - 26 - bindAs.length()) + + " Failure"); } - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " + - "LDAP publishing will fail.\n" + - "Do you want to save the configuration anyway?"); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } @@ -873,55 +865,55 @@ public class PublisherAdminServlet extends AdminServlet { } - //commit(true); + // commit(true); if (ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) && - pwd != null) { + pwd != null) { - /* Do a "PUT" of the new pw to the watchdog" - ** do not remove - cfu - CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd); + /* + * Do a "PUT" of the new pw to the watchdog"* do not remove - cfu + * CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd); */ // support publishing dirsrv with different pwd than internaldb // update passwordFile String prompt = ldap.getString(Constants.PR_BINDPWD_PROMPT); IPasswordStore pwdStore = CMS.getPasswordStore(); - CMS.debug("PublisherAdminServlet: testSetLDAPDest(): saving password for "+ - prompt + " to password file"); + CMS.debug("PublisherAdminServlet: testSetLDAPDest(): saving password for " + + prompt + " to password file"); pwdStore.putPassword(prompt, pwd); pwdStore.commit(); CMS.debug("PublisherAdminServlet: testSetLDAPDest(): password saved"); -/* we'll shut down and restart the PublisherProcessor instead - // what a hack to do this without require restart server -// ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); - ILdapConnModule connModule = mProcessor.getLdapConnModule(); - ILdapAuthInfo authInfo = null; - if (connModule != null) { - authInfo = connModule.getLdapAuthInfo(); - } else - CMS.debug("PublisherAdminServlet: testSetLDAPDest(): connModule null"); - -// authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); - if (authInfo != null) { - CMS.debug("PublisherAdminServlet: testSetLDAPDest(): adding password to memory cache"); - authInfo.addPassword(prompt, pwd); - } else - CMS.debug("PublisherAdminServlet: testSetLDAPDest(): authInfo null"); -*/ + /* + * we'll shut down and restart the PublisherProcessor instead // + * what a hack to do this without require restart server // + * ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); ILdapConnModule + * connModule = mProcessor.getLdapConnModule(); ILdapAuthInfo + * authInfo = null; if (connModule != null) { authInfo = + * connModule.getLdapAuthInfo(); } else + * CMS.debug("PublisherAdminServlet: testSetLDAPDest(): connModule null" + * ); + * + * // authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); if + * (authInfo != null) { CMS.debug( + * "PublisherAdminServlet: testSetLDAPDest(): adding password to memory cache" + * ); authInfo.addPassword(prompt, pwd); } else + * CMS.debug("PublisherAdminServlet: testSetLDAPDest(): authInfo null" + * ); + */ } - //params.add(Constants.PR_SAVE_OK, - // "\n \nConfiguration changes are now committed."); + // params.add(Constants.PR_SAVE_OK, + // "\n \nConfiguration changes are now committed."); mProcessor.shutdown(); if (publishcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) { mProcessor.startup(); - //params.add("restarted", "Publishing is restarted."); + // params.add("restarted", "Publishing is restarted."); if (ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) { ICertAuthority authority = (ICertAuthority) mProcessor.getAuthority(); - if (!(authority instanceof ICertificateAuthority)) + if (!(authority instanceof ICertificateAuthority)) return; ICertificateAuthority ca = (ICertificateAuthority) authority; @@ -929,26 +921,26 @@ public class PublisherAdminServlet extends AdminServlet { try { mProcessor.publishCACert(ca.getCACert()); CMS.debug("PublisherAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_PUB_CA_CERT")); - params.add("publishCA", - "CA certificate is published."); + params.add("publishCA", + "CA certificate is published."); } catch (Exception ex) { // exception not thrown - not seen as a fatal error. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_NO_PUB_CA_CERT", ex.toString())); - params.add("publishCA", - "Failed to publish CA certificate."); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_NO_PUB_CA_CERT", ex.toString())); + params.add("publishCA", + "Failed to publish CA certificate."); int index = ex.toString().indexOf("Failed to create CA"); if (index > -1) { params.add("createError", - ex.toString().substring(index)); + ex.toString().substring(index)); } mProcessor.shutdown(); // Do you want to enable LDAP publishing anyway - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " + - "the CA certificate won't be published.\n" + - "Do you want to enable LDAP publishing anyway?"); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "the CA certificate won't be published.\n" + + "Do you want to enable LDAP publishing anyway?"); sendResponse(SUCCESS, null, params, resp); return; @@ -958,65 +950,65 @@ public class PublisherAdminServlet extends AdminServlet { CMS.debug("PublisherAdminServlet: about to update CRL"); ca.publishCRLNow(); CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_PUB_CRL")); - params.add("publishCRL", - "CRL is published."); + params.add("publishCRL", + "CRL is published."); } catch (Exception ex) { // exception not thrown - not seen as a fatal error. - log(ILogger.LL_FAILURE, - "Could not publish crl " + ex.toString()); - params.add("publishCRL", - "Failed to publish CRL."); + log(ILogger.LL_FAILURE, + "Could not publish crl " + ex.toString()); + params.add("publishCRL", + "Failed to publish CRL."); mProcessor.shutdown(); // Do you want to enable LDAP publishing anyway - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " + - "the CRL won't be published.\n" + - "Do you want to enable LDAP publishing anyway?"); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "the CRL won't be published.\n" + + "Do you want to enable LDAP publishing anyway?"); sendResponse(SUCCESS, null, params, resp); return; } } commit(true); - params.add(Constants.PR_SAVE_OK, - "\n \nConfiguration changes are now committed."); + params.add(Constants.PR_SAVE_OK, + "\n \nConfiguration changes are now committed."); params.add("restarted", "Publishing is restarted."); } else { commit(true); - params.add(Constants.PR_SAVE_OK, - "\n \nConfiguration changes are now committed."); - params.add("stopped", - "Publishing is stopped."); + params.add(Constants.PR_SAVE_OK, + "\n \nConfiguration changes are now committed."); + params.add("stopped", + "Publishing is stopped."); } - //XXX See if we can dynamically in B2 + // XXX See if we can dynamically in B2 sendResponse(SUCCESS, null, params, resp); } - private synchronized void addMapperPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addMapperPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the manager id unique? if (mProcessor.getMapperPlugins().containsKey((Object) id)) { sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(), + null, resp); return; } String classPath = req.getParameter(Constants.PR_MAPPER_CLASS); if (classPath == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_NULL_CLASS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NULL_CLASS"), null, resp); return; } @@ -1057,10 +1049,10 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1068,8 +1060,8 @@ public class PublisherAdminServlet extends AdminServlet { MapperPlugin plugin = new MapperPlugin(id, classPath); mProcessor.getMapperPlugins().put(id, plugin); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_MAPPER_ADDED", "")); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_MAPPER_ADDED", "")); NameValuePairs params = new NameValuePairs(); @@ -1087,27 +1079,27 @@ public class PublisherAdminServlet extends AdminServlet { return true; } - private synchronized void addMapperInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addMapperInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } if (!isValidID(id)) { - sendResponse(ERROR, "Invalid ID '" + id + "'", - null, resp); + sendResponse(ERROR, "Invalid ID '" + id + "'", + null, resp); return; } if (mProcessor.getMapperInsts().containsKey((Object) id)) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), - null, resp); + null, resp); return; } @@ -1122,13 +1114,13 @@ public class PublisherAdminServlet extends AdminServlet { // check if implementation exists. MapperPlugin plugin = - (MapperPlugin) mProcessor.getMapperPlugins().get( - implname); + (MapperPlugin) mProcessor.getMapperPlugins().get( + implname); if (plugin == null) { sendResponse(ERROR, - new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(), - null, resp); + new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(), + null, resp); return; } @@ -1145,11 +1137,11 @@ public class PublisherAdminServlet extends AdminServlet { String val = req.getParameter(kv.substring(0, index)); if (val == null) { - substore.put(kv.substring(0, index), - kv.substring(index + 1)); + substore.put(kv.substring(0, index), + kv.substring(index + 1)); } else { - substore.put(kv.substring(0, index), - val); + substore.put(kv.substring(0, index), + val); } } } @@ -1165,20 +1157,20 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -1203,46 +1195,46 @@ public class PublisherAdminServlet extends AdminServlet { // clean up. instancesConfig.removeSubStore(id); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // inited and commited ok. now add mapper instance to list. mProcessor.getMapperInsts().put(id, new MapperProxy(true, mapperInst)); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_MAPPER_INST_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_MAPPER_INST_ADDED", id)); NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_MAPPER_IMPL_NAME, implname); sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void listMapperPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listMapperPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = mProcessor.getMapperPlugins().keys(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - MapperPlugin value = (MapperPlugin) - mProcessor.getMapperPlugins().get(name); + MapperPlugin value = (MapperPlugin) + mProcessor.getMapperPlugins().get(name); // get Description - String c = value.getClassPath(); + String c = value.getClassPath(); String desc = "unknown"; try { ILdapMapper lp = (ILdapMapper) - Class.forName(c).newInstance(); + Class.forName(c).newInstance(); desc = lp.getDescription(); } catch (Exception exp) { - sendResponse(ERROR, exp.toString(), null, - resp); + sendResponse(ERROR, exp.toString(), null, + resp); return; } params.add(name, value.getClassPath() + "," + desc); @@ -1261,8 +1253,8 @@ public class PublisherAdminServlet extends AdminServlet { } } - private synchronized void listMapperInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listMapperInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -1278,40 +1270,40 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void delMapperInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void delMapperInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does a`mapper instance exist? if (mProcessor.getMapperInsts().containsKey(id) == false) { sendResponse(ERROR, - new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), - null, resp); + new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), + null, resp); return; } // only remove from memory // cannot shutdown because we don't keep track of whether it's - // being used. + // being used. ILdapMapper mapperInst = (ILdapMapper) - mProcessor.getMapperInstance(id); + mProcessor.getMapperInstance(id); mProcessor.getMapperInsts().remove((Object) id); // remove the configuration. IConfigStore destStore = - mConfig.getSubStore( - mAuth.getId() + ".publish.mapper"); + mConfig.getSubStore( + mAuth.getId() + ".publish.mapper"); IConfigStore instancesConfig = destStore.getSubStore("instance"); instancesConfig.removeSubStore(id); @@ -1319,41 +1311,40 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void delMapperPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void delMapperPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } if (mProcessor.getMapperPlugins().containsKey(id) == false) { sendResponse(ERROR, - new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", id)).toString(), - null, resp); + new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", id)).toString(), + null, resp); return; } // first check if any instances from this mapper // DON'T remove mapper if any instance - for (Enumeration e = mProcessor.getMapperInsts().keys(); - e.hasMoreElements();) { + for (Enumeration e = mProcessor.getMapperInsts().keys(); e.hasMoreElements();) { String name = (String) e.nextElement(); ILdapMapper mapper = mProcessor.getMapperInstance(name); @@ -1362,15 +1353,15 @@ public class PublisherAdminServlet extends AdminServlet { return; } } - + // then delete this mapper mProcessor.getMapperPlugins().remove((Object) id); IConfigStore destStore = - mConfig.getSubStore( - mAuth.getId() + ".publish.mapper"); + mConfig.getSubStore( + mAuth.getId() + ".publish.mapper"); IConfigStore instancesConfig = - destStore.getSubStore("impl"); + destStore.getSubStore("impl"); instancesConfig.removeSubStore(id); // commiting @@ -1378,26 +1369,26 @@ public class PublisherAdminServlet extends AdminServlet { mConfig.commit(true); } catch (EBaseException e) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void getMapperConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getMapperConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1411,50 +1402,50 @@ public class PublisherAdminServlet extends AdminServlet { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } sendResponse(0, null, params, resp); return; } - private synchronized void getMapperInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void getMapperInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does mapper instance exist? if (mProcessor.getMapperInsts().containsKey(id) == false) { sendResponse(ERROR, - new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), - null, resp); + new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), + null, resp); return; } ILdapMapper mapperInst = (ILdapMapper) - mProcessor.getMapperInstance(id); + mProcessor.getMapperInstance(id); Vector configParams = mapperInst.getInstanceParams(); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_MAPPER_IMPL_NAME, - getMapperPluginName(mapperInst)); + params.add(Constants.PR_MAPPER_IMPL_NAME, + getMapperPluginName(mapperInst)); // implName is always required so always send it. if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } @@ -1462,24 +1453,24 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void modMapperInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void modMapperInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // Does the manager instance exist? if (!mProcessor.getMapperInsts().containsKey((Object) id)) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), - null, resp); + null, resp); return; } @@ -1492,19 +1483,19 @@ public class PublisherAdminServlet extends AdminServlet { } // get plugin for implementation MapperPlugin plugin = - (MapperPlugin) mProcessor.getMapperPlugins().get(implname); + (MapperPlugin) mProcessor.getMapperPlugins().get(implname); if (plugin == null) { sendResponse(ERROR, - new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(), - null, resp); + new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(), + null, resp); return; } // save old instance substore params in case new one fails. ILdapMapper oldinst = - (ILdapMapper) mProcessor.getMapperInstance(id); + (ILdapMapper) mProcessor.getMapperInstance(id); Vector oldConfigParms = oldinst.getInstanceParams(); NameValuePairs saveParams = new NameValuePairs(); @@ -1516,7 +1507,7 @@ public class PublisherAdminServlet extends AdminServlet { int index = kv.indexOf('='); saveParams.add(kv.substring(0, index), - kv.substring(index + 1)); + kv.substring(index + 1)); } } @@ -1525,8 +1516,8 @@ public class PublisherAdminServlet extends AdminServlet { // remove old substore. IConfigStore destStore = - mConfig.getSubStore(mAuth.getId() + - ".publish.mapper"); + mConfig.getSubStore(mAuth.getId() + + ".publish.mapper"); IConfigStore instancesConfig = destStore.getSubStore("instance"); // create new substore. @@ -1557,26 +1548,26 @@ public class PublisherAdminServlet extends AdminServlet { ILdapMapper newMgrInst = null; try { - newMgrInst = (ILdapMapper) + newMgrInst = (ILdapMapper) Class.forName(className).newInstance(); } catch (ClassNotFoundException e) { // cleanup restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } // initialize the mapper @@ -1586,26 +1577,26 @@ public class PublisherAdminServlet extends AdminServlet { } catch (EBaseException e) { // don't commit in this case and cleanup the new substore. restore(instancesConfig, id, saveParams); - sendResponse(ERROR, e.toString(getLocale(req)), null, - resp); + sendResponse(ERROR, e.toString(getLocale(req)), null, + resp); return; } catch (Throwable e) { restore(instancesConfig, id, saveParams); - sendResponse(ERROR, e.toString(), null, - resp); + sendResponse(ERROR, e.toString(), null, + resp); return; } - // initialized ok. commiting + // initialized ok. commiting try { mConfig.commit(true); } catch (EBaseException e) { // clean up. restore(instancesConfig, id, saveParams); - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1614,31 +1605,31 @@ public class PublisherAdminServlet extends AdminServlet { mProcessor.getMapperInsts().put(id, new MapperProxy(true, newMgrInst)); mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_MAPPER_REPLACED", id)); + CMS.getLogMessage("ADMIN_SRVLT_MAPPER_REPLACED", id)); NameValuePairs params = new NameValuePairs(); sendResponse(SUCCESS, null, params, resp); return; } - private synchronized void addRulePlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addRulePlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the rule id unique? if (mProcessor.getRulePlugins().containsKey((Object) id)) { sendResponse(ERROR, - new ELdapException(CMS.getUserMessage("CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(getLocale(req)), - null, resp); + new ELdapException(CMS.getUserMessage("CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(getLocale(req)), + null, resp); return; } @@ -1687,10 +1678,10 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1698,8 +1689,8 @@ public class PublisherAdminServlet extends AdminServlet { RulePlugin plugin = new RulePlugin(id, classPath); mProcessor.getRulePlugins().put(id, plugin); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_RULE_PLUG_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_RULE_PLUG_ADDED", id)); NameValuePairs params = new NameValuePairs(); @@ -1707,26 +1698,26 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void addRuleInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addRuleInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } if (!isValidID(id)) { - sendResponse(ERROR, "Invalid ID '" + id + "'", - null, resp); + sendResponse(ERROR, "Invalid ID '" + id + "'", + null, resp); return; } if (mProcessor.getRuleInsts().containsKey((Object) id)) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), - null, resp); + null, resp); return; } @@ -1741,23 +1732,23 @@ public class PublisherAdminServlet extends AdminServlet { // check if implementation exists. RulePlugin plugin = - (RulePlugin) mProcessor.getRulePlugins().get( - implname); + (RulePlugin) mProcessor.getRulePlugins().get( + implname); if (plugin == null) { sendResponse(ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), - null, resp); + new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), + null, resp); return; } Vector configParams = mProcessor.getRuleDefaultParams(implname); IConfigStore destStore = - mConfig.getSubStore(mAuth.getId() - + ".publish.rule"); + mConfig.getSubStore(mAuth.getId() + + ".publish.rule"); IConfigStore instancesConfig = - destStore.getSubStore("instance"); + destStore.getSubStore("instance"); IConfigStore substore = instancesConfig.makeSubStore(id); if (configParams != null) { @@ -1767,13 +1758,13 @@ public class PublisherAdminServlet extends AdminServlet { String val = req.getParameter(kv.substring(0, index)); if (val == null) { - substore.put(kv.substring(0, index), - kv.substring(index + 1)); + substore.put(kv.substring(0, index), + kv.substring(index + 1)); } else { if (val.equals(NOMAPPER)) val = ""; - substore.put(kv.substring(0, index), - val); + substore.put(kv.substring(0, index), + val); } } } @@ -1789,20 +1780,20 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -1828,40 +1819,40 @@ public class PublisherAdminServlet extends AdminServlet { // clean up. instancesConfig.removeSubStore(id); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // inited and commited ok. now add manager instance to list. mProcessor.getRuleInsts().put(id, ruleInst); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_ADDED", id)); NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_RULE_IMPL_NAME, implname); sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void listRulePlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listRulePlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = mProcessor.getRulePlugins().keys(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - RulePlugin value = (RulePlugin) - mProcessor.getRulePlugins().get(name); + RulePlugin value = (RulePlugin) + mProcessor.getRulePlugins().get(name); // get Description - String c = value.getClassPath(); + String c = value.getClassPath(); String desc = "unknown"; try { ILdapRule lp = (ILdapRule) - Class.forName(c).newInstance(); + Class.forName(c).newInstance(); desc = lp.getDescription(); } catch (Exception exp) { @@ -1872,8 +1863,8 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void listRuleInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listRuleInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String insts = null; @@ -1881,8 +1872,8 @@ public class PublisherAdminServlet extends AdminServlet { for (; e.hasMoreElements();) { String name = (String) e.nextElement(); - ILdapRule value = (ILdapRule) - mProcessor.getRuleInsts().get((Object) name); + ILdapRule value = (ILdapRule) + mProcessor.getRuleInsts().get((Object) name); String enabled = value.enabled() ? "enabled" : "disabled"; params.add(name, value.getInstanceName() + ";visible;" + enabled); @@ -1901,47 +1892,46 @@ public class PublisherAdminServlet extends AdminServlet { } } - private synchronized void delRulePlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void delRulePlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does rule exist? if (mProcessor.getRulePlugins().containsKey(id) == false) { sendResponse(ERROR, - new ERulePluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_PLUGIN_NOT_FOUND", id)).toString(), - null, resp); + new ERulePluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_PLUGIN_NOT_FOUND", id)).toString(), + null, resp); return; } // first check if any instances from this rule // DON'T remove rule if any instance - for (Enumeration e = mProcessor.getRuleInsts().elements(); - e.hasMoreElements();) { - ILdapRule rule = (ILdapRule) - e.nextElement(); + for (Enumeration e = mProcessor.getRuleInsts().elements(); e.hasMoreElements();) { + ILdapRule rule = (ILdapRule) + e.nextElement(); if (id.equals(getRulePluginName(rule))) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_IN_USE"), null, resp); return; } } - + // then delete this rule mProcessor.getRulePlugins().remove((Object) id); IConfigStore destStore = - mConfig.getSubStore( - mAuth.getId() + ".rule"); + mConfig.getSubStore( + mAuth.getId() + ".rule"); IConfigStore instancesConfig = destStore.getSubStore("impl"); instancesConfig.removeSubStore(id); @@ -1950,26 +1940,26 @@ public class PublisherAdminServlet extends AdminServlet { mConfig.commit(true); } catch (EBaseException e) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void delRuleInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void delRuleInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1978,23 +1968,23 @@ public class PublisherAdminServlet extends AdminServlet { // does rule instance exist? if (mProcessor.getRuleInsts().containsKey(id) == false) { sendResponse(ERROR, - new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(), - null, resp); + new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(), + null, resp); return; } // only remove from memory // cannot shutdown because we don't keep track of whether it's - // being used. + // being used. ILdapRule ruleInst = (ILdapRule) - mProcessor.getRuleInsts().get(id); + mProcessor.getRuleInsts().get(id); mProcessor.getRuleInsts().remove((Object) id); // remove the configuration. IConfigStore destStore = - mConfig.getSubStore( - mAuth.getId() + ".publish.rule"); + mConfig.getSubStore( + mAuth.getId() + ".publish.rule"); IConfigStore instancesConfig = destStore.getSubStore("instance"); instancesConfig.removeSubStore(id); @@ -2002,26 +1992,26 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void getRuleConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getRuleConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -2035,50 +2025,50 @@ public class PublisherAdminServlet extends AdminServlet { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } sendResponse(0, null, params, resp); return; } - private synchronized void getRuleInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void getRuleInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does rule instance exist? if (mProcessor.getRuleInsts().containsKey(id) == false) { sendResponse(ERROR, - new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(), - null, resp); + new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(), + null, resp); return; } ILdapRule ruleInst = (ILdapRule) - mProcessor.getRuleInsts().get(id); + mProcessor.getRuleInsts().get(id); Vector configParams = ruleInst.getInstanceParams(); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_RULE_IMPL_NAME, - getRulePluginName(ruleInst)); + params.add(Constants.PR_RULE_IMPL_NAME, + getRulePluginName(ruleInst)); // implName is always required so always send it. if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } @@ -2086,23 +2076,23 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void modRuleInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void modRuleInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // Does the manager instance exist? if (!mProcessor.getRuleInsts().containsKey((Object) id)) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), - null, resp); + null, resp); return; } @@ -2114,22 +2104,23 @@ public class PublisherAdminServlet extends AdminServlet { return; } - // get plugin for implementation + // get plugin for implementation RulePlugin plugin = - (RulePlugin) mProcessor.getRulePlugins().get(implname); + (RulePlugin) mProcessor.getRulePlugins().get(implname); if (plugin == null) { sendResponse(ERROR, - //new ERulePluginNotFound(implname).toString(getLocale(req)), - "", - null, resp); + // new + // ERulePluginNotFound(implname).toString(getLocale(req)), + "", + null, resp); return; } - // save old instance substore params in case new one fails. + // save old instance substore params in case new one fails. - ILdapRule oldinst = - (ILdapRule) mProcessor.getRuleInsts().get((Object) id); + ILdapRule oldinst = + (ILdapRule) mProcessor.getRuleInsts().get((Object) id); Vector oldConfigParms = oldinst.getInstanceParams(); NameValuePairs saveParams = new NameValuePairs(); @@ -2141,7 +2132,7 @@ public class PublisherAdminServlet extends AdminServlet { int index = kv.indexOf('='); saveParams.add(kv.substring(0, index), - kv.substring(index + 1)); + kv.substring(index + 1)); } } @@ -2150,8 +2141,8 @@ public class PublisherAdminServlet extends AdminServlet { // remove old substore. IConfigStore destStore = - mConfig.getSubStore( - mAuth.getId() + ".publish.rule"); + mConfig.getSubStore( + mAuth.getId() + ".publish.rule"); IConfigStore instancesConfig = destStore.getSubStore("instance"); // create new substore. @@ -2171,8 +2162,8 @@ public class PublisherAdminServlet extends AdminServlet { String val = req.getParameter(key); if (val == null) { - substore.put(key, - kv.substring(index + 1)); + substore.put(key, + kv.substring(index + 1)); } else { if (val.equals(NOMAPPER)) val = ""; @@ -2192,20 +2183,20 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -2224,16 +2215,16 @@ public class PublisherAdminServlet extends AdminServlet { return; } - // initialized ok. commiting + // initialized ok. commiting try { mConfig.commit(true); } catch (EBaseException e) { // clean up. restore(instancesConfig, id, saveParams); - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -2241,40 +2232,40 @@ public class PublisherAdminServlet extends AdminServlet { mProcessor.getRuleInsts().put(id, newRuleInst); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_REP", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_REP", id)); NameValuePairs params = new NameValuePairs(); sendResponse(SUCCESS, null, params, resp); return; } - private synchronized void addPublisherPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addPublisherPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the manager id unique? if (mProcessor.getPublisherPlugins().containsKey((Object) id)) { sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(), + null, resp); return; } String classPath = req.getParameter(Constants.PR_PUBLISHER_CLASS); if (classPath == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_NULL_CLASS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NULL_CLASS"), null, resp); return; } @@ -2316,10 +2307,10 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -2327,8 +2318,8 @@ public class PublisherAdminServlet extends AdminServlet { PublisherPlugin plugin = new PublisherPlugin(id, classPath); mProcessor.getPublisherPlugins().put(id, plugin); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_PUB_PLUG_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_PUB_PLUG_ADDED", id)); NameValuePairs params = new NameValuePairs(); @@ -2336,28 +2327,28 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void addPublisherInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addPublisherInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } if (!isValidID(id)) { - sendResponse(ERROR, "Invalid ID '" + id + "'", - null, resp); + sendResponse(ERROR, "Invalid ID '" + id + "'", + null, resp); return; } if (mProcessor.getPublisherInsts().containsKey((Object) id)) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), - null, resp); + null, resp); return; } @@ -2372,20 +2363,20 @@ public class PublisherAdminServlet extends AdminServlet { // check if implementation exists. PublisherPlugin plugin = - (PublisherPlugin) mProcessor.getPublisherPlugins().get( - implname); + (PublisherPlugin) mProcessor.getPublisherPlugins().get( + implname); if (plugin == null) { sendResponse(ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), - null, resp); + new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), + null, resp); return; } Vector configParams = mProcessor.getPublisherDefaultParams(implname); IConfigStore destStore = - mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); + mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); IConfigStore instancesConfig = destStore.getSubStore("instance"); IConfigStore substore = instancesConfig.makeSubStore(id); @@ -2404,15 +2395,15 @@ public class PublisherAdminServlet extends AdminServlet { if (index == -1) { substore.put(kv, ""); } else { - substore.put(kv.substring(0, index), - kv.substring(index + 1)); + substore.put(kv.substring(0, index), + kv.substring(index + 1)); } } else { if (index == -1) { substore.put(kv, val); } else { - substore.put(kv.substring(0, index), - val); + substore.put(kv.substring(0, index), + val); } } } @@ -2429,20 +2420,20 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -2467,16 +2458,16 @@ public class PublisherAdminServlet extends AdminServlet { // clean up. instancesConfig.removeSubStore(id); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // inited and commited ok. now add manager instance to list. mProcessor.getPublisherInsts().put(id, new PublisherProxy(true, publisherInst)); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_ADDED", id)); NameValuePairs params = new NameValuePairs(); @@ -2485,8 +2476,8 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void listPublisherPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listPublisherPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -2494,15 +2485,15 @@ public class PublisherAdminServlet extends AdminServlet { while (e.hasMoreElements()) { String name = (String) e.nextElement(); - PublisherPlugin value = (PublisherPlugin) - mProcessor.getPublisherPlugins().get(name); + PublisherPlugin value = (PublisherPlugin) + mProcessor.getPublisherPlugins().get(name); // get Description - String c = value.getClassPath(); + String c = value.getClassPath(); String desc = "unknown"; try { ILdapPublisher lp = (ILdapPublisher) - Class.forName(c).newInstance(); + Class.forName(c).newInstance(); desc = lp.getDescription(); } catch (Exception exp) { @@ -2523,8 +2514,8 @@ public class PublisherAdminServlet extends AdminServlet { } } - private synchronized void listPublisherInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listPublisherInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -2543,48 +2534,47 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void delPublisherPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delPublisherPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does publisher exist? if (mProcessor.getPublisherPlugins().containsKey(id) == false) { sendResponse(ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", id)).toString(), - null, resp); + new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", id)).toString(), + null, resp); return; } // first check if any instances from this publisher // DON'T remove publisher if any instance - for (Enumeration e = mProcessor.getPublisherInsts().keys(); - e.hasMoreElements();) { + for (Enumeration e = mProcessor.getPublisherInsts().keys(); e.hasMoreElements();) { String name = (String) e.nextElement(); - ILdapPublisher publisher = - mProcessor.getPublisherInstance(name); + ILdapPublisher publisher = + mProcessor.getPublisherInstance(name); if (id.equals(getPublisherPluginName(publisher))) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_IN_USE"), null, resp); return; } } - + // then delete this publisher mProcessor.getPublisherPlugins().remove((Object) id); IConfigStore destStore = - mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); + mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); IConfigStore instancesConfig = destStore.getSubStore("impl"); instancesConfig.removeSubStore(id); @@ -2593,8 +2583,8 @@ public class PublisherAdminServlet extends AdminServlet { mConfig.commit(true); } catch (EBaseException e) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -2602,18 +2592,18 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void delPublisherInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delPublisherInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -2622,21 +2612,21 @@ public class PublisherAdminServlet extends AdminServlet { // does publisher instance exist? if (mProcessor.getPublisherInsts().containsKey(id) == false) { sendResponse(ERROR, - new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(), - null, resp); + new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(), + null, resp); return; } // only remove from memory // cannot shutdown because we don't keep track of whether it's - // being used. + // being used. ILdapPublisher publisherInst = mProcessor.getPublisherInstance(id); mProcessor.getPublisherInsts().remove((Object) id); // remove the configuration. IConfigStore destStore = - mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); + mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); IConfigStore instancesConfig = destStore.getSubStore("instance"); instancesConfig.removeSubStore(id); @@ -2644,10 +2634,10 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } sendResponse(SUCCESS, null, params, resp); @@ -2655,25 +2645,24 @@ public class PublisherAdminServlet extends AdminServlet { } /** - * used for getting the required configuration parameters (with - * possible default values) for a particular plugin - * implementation name specified in the RS_ID. Actually, there is - * no logic in here to set any default value here...there's no - * default value for any parameter in this publishing subsystem - * at this point. Later, if we do have one (or some), it can be - * added. The interface remains the same. + * used for getting the required configuration parameters (with possible + * default values) for a particular plugin implementation name specified in + * the RS_ID. Actually, there is no logic in here to set any default value + * here...there's no default value for any parameter in this publishing + * subsystem at this point. Later, if we do have one (or some), it can be + * added. The interface remains the same. */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -2690,8 +2679,8 @@ public class PublisherAdminServlet extends AdminServlet { if (index == -1) { params.add(kv, ""); } else { - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } } @@ -2699,43 +2688,43 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void getInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void getInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does publisher instance exist? if (mProcessor.getPublisherInsts().containsKey(id) == false) { sendResponse(ERROR, - new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(), - null, resp); + new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(), + null, resp); return; } ILdapPublisher publisherInst = (ILdapPublisher) - mProcessor.getPublisherInstance(id); + mProcessor.getPublisherInstance(id); Vector configParams = publisherInst.getInstanceParams(); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_PUBLISHER_IMPL_NAME, - getPublisherPluginName(publisherInst)); + params.add(Constants.PR_PUBLISHER_IMPL_NAME, + getPublisherPluginName(publisherInst)); // implName is always required so always send it. if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } @@ -2744,33 +2733,31 @@ public class PublisherAdminServlet extends AdminServlet { } /** - * Modify publisher instance. - * This will actually create a new instance with new configuration - * parameters and replace the old instance, if the new instance - * created and initialized successfully. - * The old instance is left running. so this is very expensive. - * Restart of server recommended. + * Modify publisher instance. This will actually create a new instance with + * new configuration parameters and replace the old instance, if the new + * instance created and initialized successfully. The old instance is left + * running. so this is very expensive. Restart of server recommended. */ - private synchronized void modPublisherInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void modPublisherInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { // expensive operation. String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // Does the manager instance exist? if (!mProcessor.getPublisherInsts().containsKey((Object) id)) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), - null, resp); + null, resp); return; } @@ -2782,18 +2769,18 @@ public class PublisherAdminServlet extends AdminServlet { return; } - // get plugin for implementation + // get plugin for implementation PublisherPlugin plugin = - (PublisherPlugin) mProcessor.getPublisherPlugins().get(implname); + (PublisherPlugin) mProcessor.getPublisherPlugins().get(implname); if (plugin == null) { sendResponse(ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), - null, resp); + new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), + null, resp); return; } - // save old instance substore params in case new one fails. + // save old instance substore params in case new one fails. ILdapPublisher oldinst = mProcessor.getPublisherInstance(id); Vector oldConfigParms = oldinst.getInstanceParams(); @@ -2813,8 +2800,8 @@ public class PublisherAdminServlet extends AdminServlet { pubType = "crl"; } - saveParams.add(kv.substring(0, index), - kv.substring(index + 1)); + saveParams.add(kv.substring(0, index), + kv.substring(index + 1)); } } } @@ -2824,7 +2811,7 @@ public class PublisherAdminServlet extends AdminServlet { // remove old substore. IConfigStore destStore = - mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); + mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); IConfigStore instancesConfig = destStore.getSubStore("instance"); // get objects added and deleted @@ -2859,9 +2846,9 @@ public class PublisherAdminServlet extends AdminServlet { } // process any changes to the ldap object class definitions - if (pubType.equals("cacert")) { + if (pubType.equals("cacert")) { processChangedOC(saveParams, substore, "caObjectClass"); - substore.put("pubtype", "cacert"); + substore.put("pubtype", "cacert"); } if (pubType.equals("crl")) { @@ -2880,20 +2867,20 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -2912,16 +2899,16 @@ public class PublisherAdminServlet extends AdminServlet { return; } - // initialized ok. commiting + // initialized ok. commiting try { mConfig.commit(true); } catch (EBaseException e) { // clean up. restore(instancesConfig, id, saveParams); - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -2929,8 +2916,8 @@ public class PublisherAdminServlet extends AdminServlet { mProcessor.getPublisherInsts().put(id, new PublisherProxy(true, newMgrInst)); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_REP", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_REP", id)); NameValuePairs params = new NameValuePairs(); @@ -2938,54 +2925,57 @@ public class PublisherAdminServlet extends AdminServlet { return; } - // convenience function - takes list1, list2. Returns what is in list1 + // convenience function - takes list1, list2. Returns what is in list1 // but not in list2 private String[] getExtras(String[] list1, String[] list2) { - Vector <String> extras = new Vector<String>(); - for (int i=0; i< list1.length; i++) { - boolean match=false; - for (int j=0; j < list2.length; j++) { - if ((list1[i].trim()).equalsIgnoreCase(list2[j].trim())) { - match = true; - break; - } - } - if (!match) extras.add(list1[i].trim()); - } - - return (String[])extras.toArray(new String[extras.size()]); + Vector<String> extras = new Vector<String>(); + for (int i = 0; i < list1.length; i++) { + boolean match = false; + for (int j = 0; j < list2.length; j++) { + if ((list1[i].trim()).equalsIgnoreCase(list2[j].trim())) { + match = true; + break; + } + } + if (!match) + extras.add(list1[i].trim()); + } + + return (String[]) extras.toArray(new String[extras.size()]); } - // convenience function - takes list1, list2. Concatenates the two + // convenience function - takes list1, list2. Concatenates the two // lists removing duplicates private String[] joinLists(String[] list1, String[] list2) { - Vector <String> sum = new Vector<String>(); - for (int i=0; i< list1.length; i++) { - sum.add(list1[i]); - } - - for (int i=0; i < list2.length; i++) { - boolean match=false; - for (int j=0; j < list1.length; j++) { - if ((list2[i].trim()).equalsIgnoreCase(list1[j].trim())) { - match = true; - break; - } - } - if (!match) sum.add(list2[i].trim()); - } - - return (String[])sum.toArray(new String[sum.size()]); + Vector<String> sum = new Vector<String>(); + for (int i = 0; i < list1.length; i++) { + sum.add(list1[i]); + } + + for (int i = 0; i < list2.length; i++) { + boolean match = false; + for (int j = 0; j < list1.length; j++) { + if ((list2[i].trim()).equalsIgnoreCase(list1[j].trim())) { + match = true; + break; + } + } + if (!match) + sum.add(list2[i].trim()); + } + + return (String[]) sum.toArray(new String[sum.size()]); } // convenience funtion. Takes a string array and delimiter // and returns a String with the concatenation private static String join(String[] s, String delimiter) { - if (s.length == 0) return ""; + if (s.length == 0) + return ""; StringBuffer buffer = new StringBuffer(s[0]); if (s.length > 1) { - for (int i=1; i< s.length; i++) { + for (int i = 1; i < s.length; i++) { buffer.append(delimiter).append(s[i].trim()); } } @@ -3005,36 +2995,38 @@ public class PublisherAdminServlet extends AdminServlet { oldAdded = saveParams.getValue(objName + "Added"); oldDeleted = saveParams.getValue(objName + "Deleted"); - if ((oldOC == null) || (newOC == null)) return; - if (oldOC.equalsIgnoreCase(newOC)) return; + if ((oldOC == null) || (newOC == null)) + return; + if (oldOC.equalsIgnoreCase(newOC)) + return; - String [] oldList = oldOC.split(","); - String [] newList = newOC.split(","); - String [] deletedList = getExtras(oldList, newList); - String [] addedList = getExtras(newList, oldList); + String[] oldList = oldOC.split(","); + String[] newList = newOC.split(","); + String[] deletedList = getExtras(oldList, newList); + String[] addedList = getExtras(newList, oldList); // CMS.debug("addedList = " + join(addedList, ",")); // CMS.debug("deletedList = " + join(deletedList, ",")); - if ((addedList.length ==0) && (deletedList.length == 0)) - return; // no changes + if ((addedList.length == 0) && (deletedList.length == 0)) + return; // no changes if (oldAdded != null) { // CMS.debug("oldAdded is " + oldAdded); - String [] oldAddedList = oldAdded.split(","); + String[] oldAddedList = oldAdded.split(","); addedList = joinLists(addedList, oldAddedList); } if (oldDeleted != null) { // CMS.debug("oldDeleted is " + oldDeleted); - String [] oldDeletedList = oldDeleted.split(","); + String[] oldDeletedList = oldDeleted.split(","); deletedList = joinLists(deletedList, oldDeletedList); } String[] addedList1 = getExtras(addedList, deletedList); String[] deletedList1 = getExtras(deletedList, addedList); - //create the final strings and write to config + // create the final strings and write to config String addedListStr = join(addedList1, ","); String deletedListStr = join(deletedList1, ","); @@ -3046,8 +3038,8 @@ public class PublisherAdminServlet extends AdminServlet { } // convenience routine. - private static void restore(IConfigStore store, - String id, NameValuePairs saveParams) { + private static void restore(IConfigStore store, + String id, NameValuePairs saveParams) { store.removeSubStore(id); IConfigStore rstore = store.makeSubStore(id); @@ -3057,7 +3049,7 @@ public class PublisherAdminServlet extends AdminServlet { String key = (String) keys.nextElement(); String value = saveParams.getValue(key); - if (value != null) + if (value != null) rstore.put(key, value); } } @@ -3078,7 +3070,7 @@ public class PublisherAdminServlet extends AdminServlet { public void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, - ILogger.S_LDAP, level, "PublishingAdminServlet: " + msg); + mLogger.log(ILogger.EV_SYSTEM, + ILogger.S_LDAP, level, "PublishingAdminServlet: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java index 35bbb91a..ddea62d6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; @@ -36,13 +35,11 @@ import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.ra.IRegistrationAuthority; import com.netscape.certsrv.request.IRequestListener; - /** - * A class representings an administration servlet for Registration - * Authority. This servlet is responsible to serve RA - * administrative operations such as configuration parameter - * updates. - * + * A class representings an administration servlet for Registration Authority. + * This servlet is responsible to serve RA administrative operations such as + * configuration parameter updates. + * * @version $Revision$, $Date$ */ public class RAAdminServlet extends AdminServlet { @@ -53,15 +50,17 @@ public class RAAdminServlet extends AdminServlet { protected static final String PROP_ENABLED = "enabled"; - /*========================================================== - * variables - *==========================================================*/ + /* + * ========================================================== variables + * ========================================================== + */ private final static String INFO = "RAAdminServlet"; private IRegistrationAuthority mRA = null; - /*========================================================== - * constructors - *==========================================================*/ + /* + * ========================================================== constructors + * ========================================================== + */ /** * Constructs RA servlet. @@ -70,9 +69,10 @@ public class RAAdminServlet extends AdminServlet { super(); } - /*========================================================== - * public methods - *==========================================================*/ + /* + * ========================================================== public methods + * ========================================================== + */ /** * Initializes this servlet. @@ -90,35 +90,35 @@ public class RAAdminServlet extends AdminServlet { } /** - * Serves HTTP request. Each request is authenticated to - * the authenticate manager. + * Serves HTTP request. Each request is authenticated to the authenticate + * manager. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); - //get all operational flags + // get all operational flags String op = req.getParameter(Constants.OP_TYPE); String scope = req.getParameter(Constants.OP_SCOPE); - //check operational flags + // check operational flags if ((op == null) || (scope == null)) { sendResponse(1, "Invalid Protocol", null, resp); return; } - //authenticate the user + // authenticate the user super.authenticate(req); - //perform services + // perform services try { AUTHZ_RES_NAME = "certServer.ra.configuration"; if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) { @@ -144,8 +144,8 @@ public class RAAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) { @@ -157,7 +157,7 @@ public class RAAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP)) { setNotificationReqCompConfig(req, resp); return; - }else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) { + } else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) { setNotificationRevCompConfig(req, resp); return; } else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) { @@ -169,22 +169,23 @@ public class RAAdminServlet extends AdminServlet { } } } catch (Exception e) { - //System.out.println("XXX >>>" + e.toString() + "<<<"); + // System.out.println("XXX >>>" + e.toString() + "<<<"); sendResponse(1, "Unknown operation", null, resp); } return; } - /*========================================================== - * private methods - *==========================================================*/ - + /* + * ========================================================== private + * methods========================================================== + */ + /* * handle getting completion (cert issued) notification config info */ private void getNotificationCompConfig(HttpServletRequest req, - HttpServletResponse resp, IConfigStore rc) throws ServletException, + HttpServletResponse resp, IConfigStore rc) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); @@ -203,19 +204,19 @@ public class RAAdminServlet extends AdminServlet { params.add(name, rc.getString(name, "")); } - params.add(Constants.PR_ENABLE, - rc.getString(PROP_ENABLED, Constants.FALSE)); - //System.out.println("Send: "+params.toString()); + params.add(Constants.PR_ENABLE, + rc.getString(PROP_ENABLED, Constants.FALSE)); + // System.out.println("Send: "+params.toString()); sendResponse(SUCCESS, null, params, resp); } private void getNotificationReqCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore config = mRA.getConfigStore(); IConfigStore nc = - config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE); @@ -224,12 +225,12 @@ public class RAAdminServlet extends AdminServlet { } private void getNotificationRevCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore config = mRA.getConfigStore(); IConfigStore nc = - config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE); @@ -241,14 +242,14 @@ public class RAAdminServlet extends AdminServlet { * handle getting request in queue notification config info */ private void getNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mRA.getConfigStore(); IConfigStore nc = - config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore riq = nc.getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE); @@ -268,9 +269,9 @@ public class RAAdminServlet extends AdminServlet { params.add(name, riq.getString(name, "")); } - params.add(Constants.PR_ENABLE, - riq.getString(PROP_ENABLED, Constants.FALSE)); - //System.out.println("Send: "+params.toString()); + params.add(Constants.PR_ENABLE, + riq.getString(PROP_ENABLED, Constants.FALSE)); + // System.out.println("Send: "+params.toString()); sendResponse(SUCCESS, null, params, resp); } @@ -278,15 +279,15 @@ public class RAAdminServlet extends AdminServlet { * handle setting request in queue notification config info */ private void setNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore config = mRA.getConfigStore(); IConfigStore nc = - config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore riq = nc.getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE); - //set rest of the parameters + // set rest of the parameters Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { @@ -321,9 +322,9 @@ public class RAAdminServlet extends AdminServlet { * handle setting request complete notification config info */ private void setNotificationCompConfig(HttpServletRequest req, - HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException, + HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException, IOException, EBaseException { - //set rest of the parameters + // set rest of the parameters Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { @@ -355,24 +356,24 @@ public class RAAdminServlet extends AdminServlet { } private void setNotificationReqCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore config = mRA.getConfigStore(); IConfigStore nc = - config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE); setNotificationCompConfig(req, resp, rc, mRA.getCertIssuedListener()); - + } private void setNotificationRevCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore config = mRA.getConfigStore(); IConfigStore nc = - config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE); @@ -380,7 +381,7 @@ public class RAAdminServlet extends AdminServlet { } private void getConnectorConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore raConfig = mRA.getConfigStore(); IConfigStore connectorConfig = raConfig.getSubStore("connector"); @@ -395,15 +396,10 @@ public class RAAdminServlet extends AdminServlet { } /* - Enumeration enum = req.getParameterNames(); - NameValuePairs params = new NameValuePairs(); - while (enum.hasMoreElements()) { - String key = (String)enum.nextElement(); - if (key.equals("RS_ID")) { - String val = req.getParameter(key); - if (val.equals("CA Connector")) - } - } + * Enumeration enum = req.getParameterNames(); NameValuePairs params = + * new NameValuePairs(); while (enum.hasMoreElements()) { String key = + * (String)enum.nextElement(); if (key.equals("RS_ID")) { String val = + * req.getParameter(key); if (val.equals("CA Connector")) } } */ Enumeration enum1 = req.getParameterNames(); @@ -427,13 +423,13 @@ public class RAAdminServlet extends AdminServlet { } private void setConnectorConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore raConfig = mRA.getConfigStore(); IConfigStore connectorConfig = raConfig.getSubStore("connector"); IConfigStore caConnectorConfig = null; - // String nickname = raConfig.getString("certNickname", ""); + // String nickname = raConfig.getString("certNickname", ""); if (isCAConnector(req)) { caConnectorConfig = connectorConfig.getSubStore("CA"); @@ -455,12 +451,10 @@ public class RAAdminServlet extends AdminServlet { continue; if (name.equals(Constants.OP_SCOPE)) continue; -/* - if (name.equals("nickName")) { - caConnectorConfig.putString(name, nickname); - continue; - } -*/ + /* + * if (name.equals("nickName")) { + * caConnectorConfig.putString(name, nickname); continue; } + */ caConnectorConfig.putString(name, req.getParameter(name)); } } @@ -526,50 +520,41 @@ public class RAAdminServlet extends AdminServlet { return false; } - //reading the RA general information + // reading the RA general information private void readGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); /* - ISubsystem eeGateway = - SubsystemRegistry.getInstance().get("eeGateway"); - String value = "false"; - if (eeGateway != null) { - IConfigStore eeConfig = eeGateway.getConfigStore(); - if (eeConfig != null) - value = eeConfig.getString("enabled", "true"); - } - params.add(Constants.PR_EE_ENABLED, value); + * ISubsystem eeGateway = + * SubsystemRegistry.getInstance().get("eeGateway"); String value = + * "false"; if (eeGateway != null) { IConfigStore eeConfig = + * eeGateway.getConfigStore(); if (eeConfig != null) value = + * eeConfig.getString("enabled", "true"); } + * params.add(Constants.PR_EE_ENABLED, value); */ - + sendResponse(SUCCESS, null, params, resp); } - //mdify RA General Information + // mdify RA General Information private void modifyGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { /* - ISubsystem eeGateway = - SubsystemRegistry.getInstance().get("eeGateway"); - IConfigStore eeConfig = null; - if (eeGateway != null) - eeConfig = eeGateway.getConfigStore(); - - Enumeration enum = req.getParameterNames(); - while (enum.hasMoreElements()) { - String key = (String)enum.nextElement(); - if (key.equals(Constants.PR_EE_ENABLED)) { - if (eeConfig != null) - eeConfig.putString("enabled", - req.getParameter(Constants.PR_EE_ENABLED)); - } - } - + * ISubsystem eeGateway = + * SubsystemRegistry.getInstance().get("eeGateway"); IConfigStore + * eeConfig = null; if (eeGateway != null) eeConfig = + * eeGateway.getConfigStore(); + * + * Enumeration enum = req.getParameterNames(); while + * (enum.hasMoreElements()) { String key = (String)enum.nextElement(); + * if (key.equals(Constants.PR_EE_ENABLED)) { if (eeConfig != null) + * eeConfig.putString("enabled", + * req.getParameter(Constants.PR_EE_ENABLED)); } } */ sendResponse(RESTART, null, null, resp); commit(true); diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java index 7605eb2e..36cc7100 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; @@ -41,7 +40,7 @@ import com.netscape.certsrv.registry.IPluginRegistry; /** * This implements the administration servlet for registry subsystem. - * + * * @version $Revision$, $Date$ */ public class RegistryAdminServlet extends AdminServlet { @@ -53,8 +52,8 @@ public class RegistryAdminServlet extends AdminServlet { public final static String PROP_AUTHORITY = "authority"; private final static String INFO = "RegistryAdminServlet"; - private final static String PW_PASSWORD_CACHE_ADD = - "PASSWORD_CACHE_ADD"; + private final static String PW_PASSWORD_CACHE_ADD = + "PASSWORD_CACHE_ADD"; public final static String PROP_PREDICATE = "predicate"; private IAuthority mAuthority = null; @@ -104,8 +103,8 @@ public class RegistryAdminServlet extends AdminServlet { * Serves HTTP admin request. */ public void service(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { super.service(req, resp); super.authenticate(req); @@ -113,7 +112,7 @@ public class RegistryAdminServlet extends AdminServlet { AUTHZ_RES_NAME = "certServer.registry.configuration"; String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); - + if (scope.equals(ScopeDef.SC_SUPPORTED_CONSTRAINTPOLICIES)) { if (op.equals(OpDef.OP_READ)) if (!readAuthorize(req, resp)) @@ -124,25 +123,25 @@ public class RegistryAdminServlet extends AdminServlet { } } - private boolean readAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean readAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return false; } return true; } - private boolean modifyAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean modifyAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return false; } return true; @@ -152,8 +151,8 @@ public class RegistryAdminServlet extends AdminServlet { * Process Policy Implementation Management. */ public void processImplMgmt(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); String scope = req.getParameter(Constants.OP_SCOPE); @@ -176,16 +175,16 @@ public class RegistryAdminServlet extends AdminServlet { addImpl(req, resp); } else sendResponse(ERROR, INVALID_POLICY_IMPL_OP, - null, resp); + null, resp); } public void addImpl(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get the policy impl id. String id = req.getParameter(Constants.RS_ID); - String scope = req.getParameter(Constants.OP_SCOPE); + String scope = req.getParameter(Constants.OP_SCOPE); String classPath = req.getParameter(Constants.PR_POLICY_CLASS); String desc = req.getParameter(Constants.PR_POLICY_DESC); @@ -198,17 +197,17 @@ public class RegistryAdminServlet extends AdminServlet { IPluginInfo info = mRegistry.createPluginInfo(id, desc, classPath); try { - mRegistry.addPluginInfo(scope, id, info); + mRegistry.addPluginInfo(scope, id, info); } catch (Exception e) { - CMS.debug(e.toString()); + CMS.debug(e.toString()); } sendResponse(SUCCESS, null, nvp, resp); } public void deleteImpl(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get the policy impl id. String id = req.getParameter(Constants.RS_ID); @@ -225,13 +224,13 @@ public class RegistryAdminServlet extends AdminServlet { sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp); return; } - + NameValuePairs nvp = new NameValuePairs(); try { - mRegistry.removePluginInfo(scope, id); + mRegistry.removePluginInfo(scope, id); } catch (Exception e) { - CMS.debug(e.toString()); + CMS.debug(e.toString()); } sendResponse(SUCCESS, null, nvp, resp); @@ -241,26 +240,26 @@ public class RegistryAdminServlet extends AdminServlet { * Lists all registered profile impementations */ public void listImpls(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String scope = req.getParameter(Constants.OP_SCOPE); Enumeration<String> impls = mRegistry.getIds(scope); NameValuePairs nvp = new NameValuePairs(); while (impls.hasMoreElements()) { - String id = impls.nextElement(); + String id = impls.nextElement(); IPluginInfo info = mRegistry.getPluginInfo(scope, id); - nvp.add(id, info.getClassName() + "," + - info.getDescription(getLocale(req)) + "," + info.getName(getLocale(req))); - } + nvp.add(id, info.getClassName() + "," + + info.getDescription(getLocale(req)) + "," + info.getName(getLocale(req))); + } sendResponse(SUCCESS, null, nvp, resp); } - public void getSupportedConstraintPolicies(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + public void getSupportedConstraintPolicies(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); if (id == null) { @@ -273,7 +272,7 @@ public class RegistryAdminServlet extends AdminServlet { IPluginInfo info = mRegistry.getPluginInfo("defaultPolicy", id); String className = info.getClassName(); IPolicyDefault policyDefaultClass = (IPolicyDefault) - Class.forName(className).newInstance(); + Class.forName(className).newInstance(); if (policyDefaultClass != null) { Enumeration<String> impls = mRegistry.getIds("constraintPolicy"); @@ -283,14 +282,14 @@ public class RegistryAdminServlet extends AdminServlet { IPluginInfo constraintInfo = mRegistry.getPluginInfo( "constraintPolicy", constraintID); IPolicyConstraint policyConstraintClass = (IPolicyConstraint) - Class.forName(constraintInfo.getClassName()).newInstance(); + Class.forName(constraintInfo.getClassName()).newInstance(); CMS.debug("RegistryAdminServlet: getSUpportedConstraint " + constraintInfo.getClassName()); if (policyConstraintClass.isApplicable(policyDefaultClass)) { CMS.debug("RegistryAdminServlet: getSUpportedConstraint isApplicable " + constraintInfo.getClassName()); nvp.add(constraintID, constraintInfo.getClassName() + "," + - constraintInfo.getDescription(getLocale(req)) + "," + constraintInfo.getName(getLocale(req))); + constraintInfo.getDescription(getLocale(req)) + "," + constraintInfo.getName(getLocale(req))); } } } @@ -302,8 +301,8 @@ public class RegistryAdminServlet extends AdminServlet { } public void getProfileImplConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get the policy impl id. String id = req.getParameter(Constants.RS_ID); @@ -320,7 +319,7 @@ public class RegistryAdminServlet extends AdminServlet { sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp); return; } - + NameValuePairs nvp = new NameValuePairs(); String className = info.getClassName(); @@ -337,19 +336,19 @@ public class RegistryAdminServlet extends AdminServlet { if (names != null) { while (names.hasMoreElements()) { String name = names.nextElement(); - CMS.debug("RegistryAdminServlet: getProfileImpl descriptor " + name); + CMS.debug("RegistryAdminServlet: getProfileImpl descriptor " + name); IDescriptor desc = template.getConfigDescriptor(getLocale(req), name); if (desc != null) { - try { - String value = getNonNull(desc.getSyntax()) + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + getNonNull(desc.getDefaultValue()); - - CMS.debug("RegistryAdminServlet: getProfileImpl " + value); - nvp.add(name, value); - } catch (Exception e) { - - CMS.debug("RegistryAdminServlet: getProfileImpl skipped descriptor for " + name); - } + try { + String value = getNonNull(desc.getSyntax()) + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + getNonNull(desc.getDefaultValue()); + + CMS.debug("RegistryAdminServlet: getProfileImpl " + value); + nvp.add(name, value); + } catch (Exception e) { + + CMS.debug("RegistryAdminServlet: getProfileImpl skipped descriptor for " + name); + } } else { CMS.debug("RegistryAdminServlet: getProfileImpl cannot find descriptor for " + name); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java index fe8d1826..4074ba9f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.CertificateExpiredException; @@ -58,16 +57,14 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cmsutil.util.Cert; - /** - * A class representing an administration servlet for - * User/Group Manager. It communicates with client - * SDK to allow remote administration of User/Group + * A class representing an administration servlet for User/Group Manager. It + * communicates with client SDK to allow remote administration of User/Group * manager. - * - * This servlet will be registered to remote - * administration subsystem by usrgrp manager. - * + * + * This servlet will be registered to remote administration subsystem by usrgrp + * manager. + * * @version $Revision$, $Date$ */ public class UsrGrpAdminServlet extends AdminServlet { @@ -83,22 +80,21 @@ public class UsrGrpAdminServlet extends AdminServlet { private final static String RES_OCSP_GROUP = "certServer.ocsp.group"; private final static String RES_TKS_GROUP = "certServer.tks.group"; private final static String SYSTEM_USER = "$System$"; - // private final static String RES_GROUP = "root.common.goldfish"; + // private final static String RES_GROUP = "root.common.goldfish"; private final static String BACK_SLASH = "\\"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = - "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; private IUGSubsystem mMgr = null; private IAuthzSubsystem mAuthz = null; - private static String [] mMultiRoleGroupEnforceList = null; - private final static String MULTI_ROLE_ENABLE= "multiroles.enable"; + private static String[] mMultiRoleGroupEnforceList = null; + private final static String MULTI_ROLE_ENABLE = "multiroles.enable"; private final static String MULTI_ROLE_ENFORCE_GROUP_LIST = "multiroles.false.groupEnforceList"; - /** * Constructs User/Group manager servlet. */ @@ -126,7 +122,7 @@ public class UsrGrpAdminServlet extends AdminServlet { * Serves incoming User/Group management request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); String scope = super.getParameter(req, Constants.OP_SCOPE); @@ -134,9 +130,9 @@ public class UsrGrpAdminServlet extends AdminServlet { if (op == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL")); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); return; } @@ -148,63 +144,57 @@ public class UsrGrpAdminServlet extends AdminServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS")); sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + null, resp); return; } // authorization // temporary test before servlets are exposed with authtoken /* - SessionContext sc = SessionContext.getContext(); - AuthToken authToken = (AuthToken) sc.get(SessionContext.AUTH_TOKEN); - - AuthzToken authzTok = null; - CMS.debug("UserGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CHECK_AUTHZ_SUB")); - // hardcoded for now .. just testing - try { - authzTok = mAuthz.authorize("DirAclAuthz", authToken, RES_GROUP, "read"); - } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_CALL_FAIL",e.toString())); - } - if (AuthzToken.AUTHZ_STATUS_FAIL.equals(authzTok.get(AuthzToken.TOKEN_AUTHZ_STATUS))) { - // audit would have been needed here if this weren't just a test... - - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS")); - - sendResponse(ERROR, - MessageFormatter.getLocalizedString( - getLocale(req), - AdminResources.class.getName(), - AdminResources.SRVLT_FAIL_AUTHS), - null, resp); - return; - } + * SessionContext sc = SessionContext.getContext(); AuthToken authToken + * = (AuthToken) sc.get(SessionContext.AUTH_TOKEN); + * + * AuthzToken authzTok = null; CMS.debug("UserGrpAdminServlet: " + + * CMS.getLogMessage("ADMIN_SRVLT_CHECK_AUTHZ_SUB")); // hardcoded for + * now .. just testing try { authzTok = mAuthz.authorize("DirAclAuthz", + * authToken, RES_GROUP, "read"); } catch (EBaseException e) { + * log(ILogger.LL_FAILURE, + * CMS.getLogMessage("ADMIN_SRVLT_AUTH_CALL_FAIL",e.toString())); } if + * (AuthzToken + * .AUTHZ_STATUS_FAIL.equals(authzTok.get(AuthzToken.TOKEN_AUTHZ_STATUS + * ))) { // audit would have been needed here if this weren't just a + * test... + * + * log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS")); + * + * sendResponse(ERROR, MessageFormatter.getLocalizedString( + * getLocale(req), AdminResources.class.getName(), + * AdminResources.SRVLT_FAIL_AUTHS), null, resp); return; } */ - try { ISubsystem subsystem = CMS.getSubsystem("ca"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_CA_GROUP; subsystem = CMS.getSubsystem("ra"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_RA_GROUP; subsystem = CMS.getSubsystem("kra"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_KRA_GROUP; subsystem = CMS.getSubsystem("ocsp"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_OCSP_GROUP; subsystem = CMS.getSubsystem("tks"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_TKS_GROUP; if (scope != null) { if (scope.equals(ScopeDef.SC_USER_TYPE)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } @@ -216,8 +206,8 @@ public class UsrGrpAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -234,8 +224,8 @@ public class UsrGrpAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -252,8 +242,8 @@ public class UsrGrpAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -270,8 +260,8 @@ public class UsrGrpAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -285,8 +275,8 @@ public class UsrGrpAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -296,11 +286,11 @@ public class UsrGrpAdminServlet extends AdminServlet { findUsers(req, resp); return; } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } @@ -308,21 +298,21 @@ public class UsrGrpAdminServlet extends AdminServlet { } catch (EBaseException e) { log(ILogger.LL_FAILURE, e.toString()); sendResponse(ERROR, e.toString(getLocale(req)), - null, resp); + null, resp); return; } catch (Exception e) { log(ILogger.LL_FAILURE, e.toString()); log(ILogger.LL_FAILURE, CMS.getLogMessage(" ADMIN_SRVLT_FAIL_PERFORM")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); return; } } private void getUserType(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String id = super.getParameter(req, Constants.RS_ID); IUser user = mMgr.getUser(id); @@ -337,14 +327,14 @@ public class UsrGrpAdminServlet extends AdminServlet { } /** - * Searches for users in LDAP directory. List uids only - * + * Searches for users in LDAP directory. List uids only + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin */ - private synchronized void findUsers(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void findUsers(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -355,7 +345,7 @@ public class UsrGrpAdminServlet extends AdminServlet { e = mMgr.listUsers("*"); } catch (Exception ex) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); return; } @@ -383,27 +373,26 @@ public class UsrGrpAdminServlet extends AdminServlet { } /** - * List user information. Certificates covered in a separate - * protocol for findUserCerts(). List of group memberships are - * also provided. - * + * List user information. Certificates covered in a separate protocol for + * findUserCerts(). List of group memberships are also provided. + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin */ - private synchronized void findUser(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void findUser(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - //get id first + // get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -416,7 +405,7 @@ public class UsrGrpAdminServlet extends AdminServlet { } catch (Exception e) { e.printStackTrace(); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); return; } @@ -427,7 +416,7 @@ public class UsrGrpAdminServlet extends AdminServlet { params.add(Constants.PR_USER_STATE, user.getState()); // get list of groups, and get a list of those that this - // uid belongs to + // uid belongs to Enumeration e = null; try { @@ -435,7 +424,7 @@ public class UsrGrpAdminServlet extends AdminServlet { } catch (Exception ex) { ex.printStackTrace(); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); return; } @@ -445,7 +434,7 @@ public class UsrGrpAdminServlet extends AdminServlet { IGroup group = (IGroup) e.nextElement(); if (group.isMember(id) == true) { - if (grpString.length()!=0) { + if (grpString.length() != 0) { grpString.append(","); } grpString.append(group.getGroupID()); @@ -461,31 +450,31 @@ public class UsrGrpAdminServlet extends AdminServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); return; } /** * List user certificate(s) - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin */ - private synchronized void findUserCerts(HttpServletRequest req, - HttpServletResponse resp, Locale clientLocale) - throws ServletException, + private synchronized void findUserCerts(HttpServletRequest req, + HttpServletResponse resp, Locale clientLocale) + throws ServletException, IOException, EBaseException { - //get id first + // get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -498,7 +487,7 @@ public class UsrGrpAdminServlet extends AdminServlet { } catch (Exception e) { e.printStackTrace(); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); return; } @@ -506,23 +495,23 @@ public class UsrGrpAdminServlet extends AdminServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); return; } X509Certificate[] certs = - (X509Certificate[]) user.getX509Certificates(); + (X509Certificate[]) user.getX509Certificates(); if (certs != null) { for (int i = 0; i < certs.length; i++) { ICertPrettyPrint print = CMS.getCertPrettyPrint(certs[i]); - // add base64 encoding - String base64 = CMS.getEncodedCert(certs[i]); - + // add base64 encoding + String base64 = CMS.getEncodedCert(certs[i]); + // pretty print certs params.add(getCertificateString(certs[i]), - print.toString(clientLocale) + "\n" + base64); + print.toString(clientLocale) + "\n" + base64); } sendResponse(SUCCESS, null, params, resp); return; @@ -542,18 +531,18 @@ public class UsrGrpAdminServlet extends AdminServlet { // note that it did not represent a certificate fully return cert.getVersion() + ";" + cert.getSerialNumber().toString() + - ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN(); + ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN(); } /** * Searchess for groups in LDAP server - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#group + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#group */ - private synchronized void findGroups(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void findGroups(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -582,25 +571,24 @@ public class UsrGrpAdminServlet extends AdminServlet { } /** - * finds a group - * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * finds a group Request/Response Syntax: + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin */ - private synchronized void findGroup(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void findGroup(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); - //get id first + // get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -619,14 +607,14 @@ public class UsrGrpAdminServlet extends AdminServlet { params.add(Constants.PR_GROUP_GROUP, group.getGroupID()); params.add(Constants.PR_GROUP_DESC, - group.getDescription()); + group.getDescription()); Enumeration members = group.getMemberNames(); StringBuffer membersString = new StringBuffer(); if (members != null) { while (members.hasMoreElements()) { - if (membersString.length()!=0) { + if (membersString.length() != 0) { membersString.append(", "); } @@ -644,7 +632,7 @@ public class UsrGrpAdminServlet extends AdminServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"), null, resp); return; } @@ -653,24 +641,25 @@ public class UsrGrpAdminServlet extends AdminServlet { /** * Adds a new user to LDAP server * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addUser(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void addUser(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -694,8 +683,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -713,8 +702,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_RS_ID_BS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_RS_ID_BS"), + null, resp); return; } @@ -732,8 +721,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_SPECIAL_ID", id), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_SPECIAL_ID", id), + null, resp); return; } @@ -756,7 +745,7 @@ public class UsrGrpAdminServlet extends AdminServlet { sendResponse(ERROR, msg, null, resp); return; - } else + } else user.setFullName(fname); String email = super.getParameter(req, Constants.PR_USER_EMAIL); @@ -783,7 +772,7 @@ public class UsrGrpAdminServlet extends AdminServlet { throw new EUsrGrpException(passwdCheck.getReason(pword)); - //UsrGrpResources.BAD_PASSWD); + // UsrGrpResources.BAD_PASSWD); } user.setPassword(pword); @@ -835,10 +824,10 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); return; } - + if (e.hasMoreElements()) { IGroup group = (IGroup) e.nextElement(); @@ -858,18 +847,18 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); return; } } // for audit log SessionContext sContext = SessionContext.getContext(); String adminId = (String) sContext.get(SessionContext.USER_ID); - + mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, - new Object[] {adminId, id, groupName} - ); + AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, + new Object[] { adminId, id, groupName } + ); } NameValuePairs params = new NameValuePairs(); @@ -899,10 +888,10 @@ public class UsrGrpAdminServlet extends AdminServlet { if (user.getUserID() == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED_1", "uid"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED_1", "uid"), null, resp); } else { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); } return; } catch (LDAPException e) { @@ -920,7 +909,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); return; } catch (Exception e) { log(ILogger.LL_FAILURE, e.toString()); @@ -935,7 +924,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); return; } } catch (EBaseException eAudit1) { @@ -963,41 +952,42 @@ public class UsrGrpAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Adds a certificate to a user * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addUserCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void addUserCert(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -1021,8 +1011,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1068,7 +1058,7 @@ public class UsrGrpAdminServlet extends AdminServlet { try { CryptoManager manager = CryptoManager.getInstance(); - + PKCS7 pkcs7 = new PKCS7(p7Cert); X509Certificate p7certs[] = pkcs7.getCertificates(); @@ -1084,7 +1074,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); return; } // fix for 370099 - cert ordering can not be assumed @@ -1095,7 +1085,7 @@ public class UsrGrpAdminServlet extends AdminServlet { // the ordering if (p7certs[0].getSubjectDN().toString().equals( p7certs[0].getIssuerDN().toString()) && - (p7certs.length == 1)) { + (p7certs.length == 1)) { certs[0] = p7certs[0]; CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_SINGLE_CERT_IMPORT")); } else if (p7certs[0].getIssuerDN().toString().equals(p7certs[1].getSubjectDN().toString())) { @@ -1119,7 +1109,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); return; } @@ -1140,8 +1130,8 @@ public class UsrGrpAdminServlet extends AdminServlet { for (j = jBegin; j < jEnd; j++) { CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_IN_CHAIN", String.valueOf(j), String.valueOf(p7certs[j].getSubjectDN()))); org.mozilla.jss.crypto.X509Certificate leafCert = - null; - + null; + leafCert = manager.importCACertPackage(p7certs[j].getEncoded()); @@ -1152,10 +1142,10 @@ public class UsrGrpAdminServlet extends AdminServlet { } if (leafCert instanceof InternalCertificate) { - ((InternalCertificate) leafCert).setSSLTrust( - InternalCertificate.VALID_CA | - InternalCertificate.TRUSTED_CA | - InternalCertificate.TRUSTED_CLIENT_CA); + ((InternalCertificate) leafCert).setSSLTrust( + InternalCertificate.VALID_CA | + InternalCertificate.TRUSTED_CA | + InternalCertificate.TRUSTED_CLIENT_CA); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NOT_INTERNAL_CERT", String.valueOf(p7certs[j].getSubjectDN()))); @@ -1163,13 +1153,15 @@ public class UsrGrpAdminServlet extends AdminServlet { } /* - } catch (CryptoManager.UserCertConflictException ex) { - // got a "user cert" in the chain, most likely the CA - // cert of this instance, which has a private key. Ignore - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_PKS7_IGNORED", ex.toString())); - */ + * } catch (CryptoManager.UserCertConflictException ex) { // + * got a "user cert" in the chain, most likely the CA // + * cert of this instance, which has a private key. Ignore + * log(ILogger.LL_FAILURE, + * CMS.getLogMessage("ADMIN_SRVLT_PKS7_IGNORED", + * ex.toString())); + */ } catch (Exception ex) { - //----- + // ----- log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_ERROR", ex.toString())); // store a message in the signed audit log file @@ -1182,7 +1174,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); return; } } catch (Exception e) { @@ -1198,7 +1190,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_O_ERROR"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_O_ERROR"), null, resp); return; } @@ -1236,10 +1228,10 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_EXPIRED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_EXPIRED"), null, resp); return; } catch (CertificateNotYetValidException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_NOT_YET_VALID", + log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_NOT_YET_VALID", String.valueOf(certs[0].getSubjectDN()))); // store a message in the signed audit log file @@ -1252,7 +1244,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID"), null, resp); return; } catch (LDAPException e) { @@ -1265,13 +1257,12 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); - if (e.getLDAPResultCode() == - LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { + if (e.getLDAPResultCode() == LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_CERT_EXISTS"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_CERT_EXISTS"), null, resp); } else { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); } return; } catch (Exception e) { @@ -1287,21 +1278,21 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); return; } // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -1315,45 +1306,46 @@ public class UsrGrpAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Removes a certificate for a user * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin * <P> - * + * * In this method, "certDN" is actually a combination of version, - * serialNumber, issuerDN, and SubjectDN. + * serialNumber, issuerDN, and SubjectDN. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modifyUserCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void modifyUserCert(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -1377,8 +1369,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1431,21 +1423,21 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); return; } // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -1459,44 +1451,44 @@ public class UsrGrpAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** - * removes a user. user not removed if belongs to any group - * (Administrators should remove the user from "uniquemember" of - * any group he/she belongs to before trying to remove the user - * itself. + * removes a user. user not removed if belongs to any group (Administrators + * should remove the user from "uniquemember" of any group he/she belongs to + * before trying to remove the user itself. * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void removeUser(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void removeUser(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -1505,7 +1497,7 @@ public class UsrGrpAdminServlet extends AdminServlet { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - //get id first + // get id first String id = super.getParameter(req, Constants.RS_ID); boolean mustDelete = false; int index = 0; @@ -1528,8 +1520,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // get list of groups, and see if uid belongs to any @@ -1570,8 +1562,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV_G"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV_G"), + null, resp); return; } } @@ -1604,7 +1596,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV"), null, resp); return; } } catch (EBaseException eAudit1) { @@ -1632,41 +1624,42 @@ public class UsrGrpAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Adds a new group in local scope. * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#group + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#group * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addGroup(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void addGroup(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -1675,7 +1668,7 @@ public class UsrGrpAdminServlet extends AdminServlet { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - //get id first + // get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { @@ -1691,8 +1684,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1743,8 +1736,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_ADD_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_ADD_FAILED"), + null, resp); return; } } catch (EBaseException eAudit1) { @@ -1772,41 +1765,42 @@ public class UsrGrpAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * removes a group * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#group + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#group * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void removeGroup(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void removeGroup(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -1815,7 +1809,7 @@ public class UsrGrpAdminServlet extends AdminServlet { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - //get id first + // get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { @@ -1831,8 +1825,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1875,44 +1869,45 @@ public class UsrGrpAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * modifies a group * <P> - * - * last person of the super power group "Certificate - * Server Administrators" can never be removed. + * + * last person of the super power group "Certificate Server Administrators" + * can never be removed. * <P> - * - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#group + * + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#group * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modifyGroup(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void modifyGroup(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -1921,7 +1916,7 @@ public class UsrGrpAdminServlet extends AdminServlet { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - //get id first + // get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { @@ -1937,8 +1932,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1968,7 +1963,7 @@ public class UsrGrpAdminServlet extends AdminServlet { if (multiRole) { group.addMemberName(memberName); } else { - if( isGroupInMultiRoleEnforceList(groupName)) { + if (isGroupInMultiRoleEnforceList(groupName)) { if (!isDuplicate(groupName, memberName)) { group.addMemberName(memberName); } else { @@ -2019,8 +2014,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_MODIFY_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_MODIFY_FAILED"), + null, resp); return; } } catch (EBaseException eAudit1) { @@ -2048,50 +2043,49 @@ public class UsrGrpAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } - private boolean isGroupInMultiRoleEnforceList(String groupName) - { + private boolean isGroupInMultiRoleEnforceList(String groupName) { String groupList = null; if (groupName == null || groupName.equals("")) { return true; } if (mMultiRoleGroupEnforceList == null) { - try { - groupList = mConfig.getString(MULTI_ROLE_ENFORCE_GROUP_LIST); - } catch (Exception e) { - } - - if (groupList != null && !groupList.equals("")) { - mMultiRoleGroupEnforceList = groupList.split(","); - for (int j = 0 ; j < mMultiRoleGroupEnforceList.length; j++) { - mMultiRoleGroupEnforceList[j] = mMultiRoleGroupEnforceList[j].trim(); - } - } - } - - if (mMultiRoleGroupEnforceList == null) - return true; - - for (int i = 0; i < mMultiRoleGroupEnforceList.length; i++) { - if (groupName.equals(mMultiRoleGroupEnforceList[i])) { - return true; - } - } - return false; + try { + groupList = mConfig.getString(MULTI_ROLE_ENFORCE_GROUP_LIST); + } catch (Exception e) { + } + + if (groupList != null && !groupList.equals("")) { + mMultiRoleGroupEnforceList = groupList.split(","); + for (int j = 0; j < mMultiRoleGroupEnforceList.length; j++) { + mMultiRoleGroupEnforceList[j] = mMultiRoleGroupEnforceList[j].trim(); + } + } + } + + if (mMultiRoleGroupEnforceList == null) + return true; + + for (int i = 0; i < mMultiRoleGroupEnforceList.length; i++) { + if (groupName.equals(mMultiRoleGroupEnforceList[i])) { + return true; + } + } + return false; } private boolean isDuplicate(String groupName, String memberName) { @@ -2100,7 +2094,7 @@ public class UsrGrpAdminServlet extends AdminServlet { // Let's not mess with users that are already a member of this group boolean isMember = false; try { - isMember = mMgr.isMemberOf(memberName,groupName); + isMember = mMgr.isMemberOf(memberName, groupName); } catch (Exception e) { } @@ -2134,24 +2128,25 @@ public class UsrGrpAdminServlet extends AdminServlet { /** * Modifies an existing user in local scope. * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modifyUser(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void modifyUser(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -2160,7 +2155,7 @@ public class UsrGrpAdminServlet extends AdminServlet { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - //get id first + // get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { @@ -2176,8 +2171,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -2186,7 +2181,7 @@ public class UsrGrpAdminServlet extends AdminServlet { if ((fname == null) || (fname.length() == 0)) { String msg = - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED", "full name"); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED", "full name"); log(ILogger.LL_FAILURE, msg); @@ -2226,7 +2221,7 @@ public class UsrGrpAdminServlet extends AdminServlet { throw new EUsrGrpException(passwdCheck.getReason(pword)); - //UsrGrpResources.BAD_PASSWD); + // UsrGrpResources.BAD_PASSWD); } user.setPassword(pword); @@ -2270,7 +2265,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); return; } } catch (EBaseException eAudit1) { @@ -2298,17 +2293,17 @@ public class UsrGrpAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } @@ -2316,6 +2311,6 @@ public class UsrGrpAdminServlet extends AdminServlet { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_USRGRP, - level, "UsrGrpAdminServlet: " + msg); + level, "UsrGrpAdminServlet: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java index 696b091e..7df37706 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -99,10 +99,9 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cms.servlet.common.Utils; import com.netscape.cmsutil.xml.XMLObject; - /** * This is the base class of all CS servlet. - * + * * @version $Revision$, $Date$ */ public abstract class CMSServlet extends HttpServlet { @@ -127,76 +126,55 @@ public abstract class CMSServlet extends HttpServlet { public final static String AUTHZ_CONFIG_STORE = "authz"; public final static String AUTHZ_SRC_XML = "web.xml"; public final static String PROP_AUTHZ_MGR = "AuthzMgr"; - public final static String PROP_ACL = "ACLinfo"; + public final static String PROP_ACL = "ACLinfo"; public final static String AUTHZ_MGR_BASIC = "BasicAclAuthz"; public final static String AUTHZ_MGR_LDAP = "DirAclAuthz"; private final static String FAILED = "1"; private final static String HDR_LANG = "accept-language"; - - // final error message - if error and exception templates don't work + + // final error message - if error and exception templates don't work // send out this text string directly to output. public final static String PROP_FINAL_ERROR_MSG = "finalErrorMsg"; public final static String ERROR_MSG_TOKEN = "$ERROR_MSG"; - public final static String FINAL_ERROR_MSG = - "<HTML>\n" + - "<BODY BGCOLOR=white>\n" + - "<P>\n" + - "The Certificate System has encountered " + - "an unrecoverable error.\n" + - "<P>\n" + - "Error Message:<BR>\n" + - "<I>$ERROR_MSG</I>\n" + - "<P>\n" + - "Please contact your local administrator for assistance.\n" + - "</BODY>\n" + - "</HTML>\n"; + public final static String FINAL_ERROR_MSG = + "<HTML>\n" + + "<BODY BGCOLOR=white>\n" + + "<P>\n" + + "The Certificate System has encountered " + + "an unrecoverable error.\n" + + "<P>\n" + + "Error Message:<BR>\n" + + "<I>$ERROR_MSG</I>\n" + + "<P>\n" + + "Please contact your local administrator for assistance.\n" + + "</BODY>\n" + + "</HTML>\n"; // properties from configuration. - protected final static String - PROP_UNAUTHORIZED_TEMPLATE = "unauthorizedTemplate"; - protected final static String - UNAUTHORIZED_TEMPLATE = "/GenUnauthorized.template"; - protected final static String - PROP_SUCCESS_TEMPLATE = "successTemplate"; - protected final static String - SUCCESS_TEMPLATE = "/GenSuccess.template"; - protected final static String - PROP_PENDING_TEMPLATE = "pendingTemplate"; - protected final static String - PENDING_TEMPLATE = "/GenPending.template"; - protected final static String - PROP_SVC_PENDING_TEMPLATE = "svcpendingTemplate"; - protected final static String - SVC_PENDING_TEMPLATE = "/GenSvcPending.template"; - protected final static String - PROP_REJECTED_TEMPLATE = "rejectedTemplate"; - protected final static String - REJECTED_TEMPLATE = "/GenRejected.template"; - protected final static String - PROP_ERROR_TEMPLATE = "errorTemplate"; - protected final static String - ERROR_TEMPLATE = "/GenError.template"; - protected final static String - PROP_EXCEPTION_TEMPLATE = "unexpectedErrorTemplate"; - protected final static String - EXCEPTION_TEMPLATE = "/GenUnexpectedError.template"; - - private final static String - PROP_UNAUTHOR_TEMPLATE_FILLER = "unauthorizedTemplateFiller"; - protected final static String - PROP_SUCCESS_TEMPLATE_FILLER = "successTemplateFiller"; - private final static String - PROP_ERROR_TEMPLATE_FILLER = "errorTemplateFiller"; - private final static String - PROP_PENDING_TEMPLATE_FILLER = "pendingTemplateFiller"; - private final static String - PROP_SVC_PENDING_TEMPLATE_FILLER = "svcpendingTemplateFiller"; - private final static String - PROP_REJECTED_TEMPLATE_FILLER = "rejectedTemplateFiller"; - private final static String - PROP_EXCEPTION_TEMPLATE_FILLER = "exceptionTemplateFiller"; + protected final static String PROP_UNAUTHORIZED_TEMPLATE = "unauthorizedTemplate"; + protected final static String UNAUTHORIZED_TEMPLATE = "/GenUnauthorized.template"; + protected final static String PROP_SUCCESS_TEMPLATE = "successTemplate"; + protected final static String SUCCESS_TEMPLATE = "/GenSuccess.template"; + protected final static String PROP_PENDING_TEMPLATE = "pendingTemplate"; + protected final static String PENDING_TEMPLATE = "/GenPending.template"; + protected final static String PROP_SVC_PENDING_TEMPLATE = "svcpendingTemplate"; + protected final static String SVC_PENDING_TEMPLATE = "/GenSvcPending.template"; + protected final static String PROP_REJECTED_TEMPLATE = "rejectedTemplate"; + protected final static String REJECTED_TEMPLATE = "/GenRejected.template"; + protected final static String PROP_ERROR_TEMPLATE = "errorTemplate"; + protected final static String ERROR_TEMPLATE = "/GenError.template"; + protected final static String PROP_EXCEPTION_TEMPLATE = "unexpectedErrorTemplate"; + protected final static String EXCEPTION_TEMPLATE = "/GenUnexpectedError.template"; + + private final static String PROP_UNAUTHOR_TEMPLATE_FILLER = "unauthorizedTemplateFiller"; + protected final static String PROP_SUCCESS_TEMPLATE_FILLER = "successTemplateFiller"; + private final static String PROP_ERROR_TEMPLATE_FILLER = "errorTemplateFiller"; + private final static String PROP_PENDING_TEMPLATE_FILLER = "pendingTemplateFiller"; + private final static String PROP_SVC_PENDING_TEMPLATE_FILLER = "svcpendingTemplateFiller"; + private final static String PROP_REJECTED_TEMPLATE_FILLER = "rejectedTemplateFiller"; + private final static String PROP_EXCEPTION_TEMPLATE_FILLER = "exceptionTemplateFiller"; protected final static String RA_AGENT_GROUP = "Registration Manager Agents"; protected final static String CA_AGENT_GROUP = "Certificate Manager Agents"; @@ -206,25 +184,18 @@ public abstract class CMSServlet extends HttpServlet { protected final static String ADMIN_GROUP = "Administrators"; // default http params NOT to save in request.(config values added to list ) - private static final String - PROP_DONT_SAVE_HTTP_PARAMS = "dontSaveHttpParams"; - private static final String[] - DONT_SAVE_HTTP_PARAMS = { "pwd", "password", "passwd", + private static final String PROP_DONT_SAVE_HTTP_PARAMS = "dontSaveHttpParams"; + private static final String[] DONT_SAVE_HTTP_PARAMS = { "pwd", "password", "passwd", "challengePassword", "confirmChallengePassword" }; // default http headers to save in request. (config values added to list) - private static final String - PROP_SAVE_HTTP_HEADERS = "saveHttpHeaders"; - private static final String[] - SAVE_HTTP_HEADERS = { "accept-language", "user-agent", }; + private static final String PROP_SAVE_HTTP_HEADERS = "saveHttpHeaders"; + private static final String[] SAVE_HTTP_HEADERS = { "accept-language", "user-agent", }; // request prefixes to distinguish from other request attributes. - public static final String - PFX_HTTP_HEADER = "HTTP_HEADER"; - public static final String - PFX_HTTP_PARAM = "HTTP_PARAM"; - public static final String - PFX_AUTH_TOKEN = "AUTH_TOKEN"; + public static final String PFX_HTTP_HEADER = "HTTP_HEADER"; + public static final String PFX_HTTP_PARAM = "HTTP_PARAM"; + public static final String PFX_AUTH_TOKEN = "AUTH_TOKEN"; /* input http params */ protected final static String AUTHMGR_PARAM = "authenticator"; @@ -232,10 +203,10 @@ public abstract class CMSServlet extends HttpServlet { /* fixed credential passed to auth managers */ protected final static String CERT_AUTH_CRED = "sslClientCert"; - public static final String CERT_ATTR = - "javax.servlet.request.X509Certificate"; + public static final String CERT_ATTR = + "javax.servlet.request.X509Certificate"; - // members. + // members. protected boolean mRenderResult = true; protected String mFinalErrorMsg = FINAL_ERROR_MSG; @@ -243,7 +214,7 @@ public abstract class CMSServlet extends HttpServlet { protected ServletConfig mServletConfig = null; protected ServletContext mServletContext = null; - private CMSFileLoader mFileLoader = null; + private CMSFileLoader mFileLoader = null; protected Vector<String> mDontSaveHttpParams = new Vector<String>(); protected Vector<String> mSaveHttpHeaders = new Vector<String>(); @@ -251,14 +222,14 @@ public abstract class CMSServlet extends HttpServlet { protected String mId = null; protected IConfigStore mConfig = null; - // the authority, RA, CA, KRA this servlet is serving. + // the authority, RA, CA, KRA this servlet is serving. protected IAuthority mAuthority = null; protected IRequestQueue mRequestQueue = null; // system logger. protected ILogger mLogger = CMS.getLogger(); protected int mLogCategory = ILogger.S_OTHER; - private MessageDigest mSHADigest = null; + private MessageDigest mSHADigest = null; protected String mGetClientCert = "false"; protected String mAuthMgr = null; @@ -270,18 +241,18 @@ public abstract class CMSServlet extends HttpServlet { protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); protected String mOutputTemplatePath = null; private IUGSubsystem mUG = (IUGSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_UG); + CMS.getSubsystem(CMS.SUBSYSTEM_UG); private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = - "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; + "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; + "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL = - "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; + "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; + "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = - "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; + "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; public CMSServlet() { } @@ -328,33 +299,33 @@ public abstract class CMSServlet extends HttpServlet { if (mAuthority != null) mRequestQueue = mAuthority.getRequestQueue(); - // set default templates. + // set default templates. setDefaultTemplates(sc); // for logging to the right authority category. if (mAuthority == null) { mLogCategory = ILogger.S_OTHER; } else { - if (mAuthority instanceof ICertificateAuthority) + if (mAuthority instanceof ICertificateAuthority) mLogCategory = ILogger.S_CA; - else if (mAuthority instanceof IRegistrationAuthority) + else if (mAuthority instanceof IRegistrationAuthority) mLogCategory = ILogger.S_RA; - else if (mAuthority instanceof IKeyRecoveryAuthority) + else if (mAuthority instanceof IKeyRecoveryAuthority) mLogCategory = ILogger.S_KRA; - else + else mLogCategory = ILogger.S_OTHER; } try { - // get final error message. + // get final error message. // used when templates can't even be loaded. - String eMsg = - sc.getInitParameter(PROP_FINAL_ERROR_MSG); + String eMsg = + sc.getInitParameter(PROP_FINAL_ERROR_MSG); if (eMsg != null) mFinalErrorMsg = eMsg; - // get any configured templates. + // get any configured templates. Enumeration<CMSLoadTemplate> templs = mTemplates.elements(); while (templs.hasMoreElements()) { @@ -363,13 +334,13 @@ public abstract class CMSServlet extends HttpServlet { if (templ == null || templ.mPropName == null) { continue; } - String tName = - sc.getInitParameter(templ.mPropName); + String tName = + sc.getInitParameter(templ.mPropName); if (tName != null) templ.mTemplateName = tName; - String fillerName = - sc.getInitParameter(templ.mFillerPropName); + String fillerName = + sc.getInitParameter(templ.mFillerPropName); if (fillerName != null) { ICMSTemplateFiller filler = newFillerObject(fillerName); @@ -379,32 +350,32 @@ public abstract class CMSServlet extends HttpServlet { } } - // get http params NOT to store in a IRequest and - // get http headers TO store in a IRequest. + // get http params NOT to store in a IRequest and + // get http headers TO store in a IRequest. getDontSaveHttpParams(sc); getSaveHttpHeaders(sc); } catch (Exception e) { - // should never occur since we provide defaults above. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS", - e.toString())); + // should never occur since we provide defaults above. + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS", + e.toString())); throw new ServletException(e.toString()); } try { mSHADigest = MessageDigest.getInstance("SHA1"); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS", + e.toString())); throw new ServletException(e.toString()); } } - + public String getId() { return mId; } - + public String getAuthMgr() { return mAuthMgr; } @@ -416,44 +387,43 @@ public abstract class CMSServlet extends HttpServlet { return false; } - public void outputHttpParameters(HttpServletRequest httpReq) - { - CMS.debug("CMSServlet:service() uri = " + httpReq.getRequestURI()); + public void outputHttpParameters(HttpServletRequest httpReq) { + CMS.debug("CMSServlet:service() uri = " + httpReq.getRequestURI()); Enumeration<?> paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { - String pn = (String)paramNames.nextElement(); + String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( pn.startsWith("__") || - pn.endsWith("password") || - pn.endsWith("passwd") || - pn.endsWith("pwd") || - pn.equalsIgnoreCase("admin_password_again") || - pn.equalsIgnoreCase("directoryManagerPwd") || - pn.equalsIgnoreCase("bindpassword") || - pn.equalsIgnoreCase("bindpwd") || - pn.equalsIgnoreCase("passwd") || - pn.equalsIgnoreCase("password") || - pn.equalsIgnoreCase("pin") || - pn.equalsIgnoreCase("pwd") || - pn.equalsIgnoreCase("pwdagain") || - pn.startsWith("p12Password") || - pn.equalsIgnoreCase("uPasswd") ) { - CMS.debug("CMSServlet::service() param name='" + pn + - "' value='(sensitive)'" ); + if (pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.startsWith("p12Password") || + pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("CMSServlet::service() param name='" + pn + + "' value='(sensitive)'"); } else { - CMS.debug("CMSServlet::service() param name='" + pn + - "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("CMSServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); } } } - public void service(HttpServletRequest httpReq, - HttpServletResponse httpResp) - throws ServletException, IOException { + public void service(HttpServletRequest httpReq, + HttpServletResponse httpResp) + throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); @@ -473,16 +443,16 @@ public abstract class CMSServlet extends HttpServlet { httpReq.setCharacterEncoding("UTF-8"); if (CMS.debugOn()) { - outputHttpParameters(httpReq); + outputHttpParameters(httpReq); } CMS.debug("CMSServlet: " + mId + " start to service."); String className = this.getClass().getName(); - // get a cms request + // get a cms request CMSRequest cmsRequest = newCMSRequest(); - // set argblock - cmsRequest.setHttpParams(CMS.createArgBlock("http-request-params",toHashtable(httpReq))); + // set argblock + cmsRequest.setHttpParams(CMS.createArgBlock("http-request-params", toHashtable(httpReq))); // set http request cmsRequest.setHttpReq(httpReq); @@ -516,21 +486,22 @@ public abstract class CMSServlet extends HttpServlet { renderResult(cmsRequest); SessionContext.releaseContext(); return; - } + } long startTime = CMS.getCurrentDate().getTime(); process(cmsRequest); renderResult(cmsRequest); Date endDate = CMS.getCurrentDate(); long endTime = endDate.getTime(); if (CMS.debugOn()) { - CMS.debug(CMS.DEBUG_INFORM, "CMSServlet: curDate=" + endDate + " id=" + mId + " time=" + (endTime - startTime)); + CMS.debug(CMS.DEBUG_INFORM, "CMSServlet: curDate=" + endDate + " id=" + mId + " time=" + (endTime - startTime)); } iCommandQueue.unRegisterProccess((Object) cmsRequest, (Object) this); } catch (EBaseException e) { iCommandQueue.unRegisterProccess((Object) cmsRequest, (Object) this); - // ByteArrayOutputStream os = new ByteArrayOutputStream(); for debugging only + // ByteArrayOutputStream os = new ByteArrayOutputStream(); for + // debugging only // PrintStream ps = new PrintStream(os); - //e.printStackTrace(ps); + // e.printStackTrace(ps); log(e.toString()); renderException(cmsRequest, e); } catch (Exception ex) { @@ -551,39 +522,38 @@ public abstract class CMSServlet extends HttpServlet { /** * Create a new CMSRequest object. This should be overriden by servlets - * implementing different types of request - * @return a new CMSRequest object + * implementing different types of request + * + * @return a new CMSRequest object */ protected CMSRequest newCMSRequest() { return new CMSRequest(); } /** - * process an HTTP request. Servlets must override this with their - * own implementation - * @throws EBaseException if the servlet was unable to satisfactorily - * process the request + * process an HTTP request. Servlets must override this with their own + * implementation + * + * @throws EBaseException if the servlet was unable to satisfactorily + * process the request */ - protected void process(CMSRequest cmsRequest) - throws EBaseException - { + protected void process(CMSRequest cmsRequest) + throws EBaseException { } - /** - * Output a template. - * If an error occurs while outputing the template the exception template - * is used to display the error. + * Output a template. If an error occurs while outputing the template the + * exception template is used to display the error. * * @param cmsReq the CS request */ protected void renderResult(CMSRequest cmsReq) - throws IOException { + throws IOException { if (!mRenderResult) return; Integer status = cmsReq.getStatus(); - + CMSLoadTemplate ltempl = (CMSLoadTemplate) mTemplates.get(status); if (ltempl == null || ltempl.mTemplateName == null) { @@ -594,13 +564,12 @@ public abstract class CMSServlet extends HttpServlet { renderTemplate(cmsReq, ltempl.mTemplateName, filler); } - + private static final String PRESERVED = "preserved"; public static final String TEMPLATE_NAME = "templateName"; - + protected void outputArgBlockAsXML(XMLObject xmlObj, Node parent, - String argBlockName, IArgBlock argBlock) - { + String argBlockName, IArgBlock argBlock) { Node argBlockContainer = xmlObj.createContainer(parent, argBlockName); if (argBlock != null) { @@ -614,15 +583,14 @@ public abstract class CMSServlet extends HttpServlet { } } - protected void outputXML(HttpServletResponse httpResp, CMSTemplateParams params) - { + protected void outputXML(HttpServletResponse httpResp, CMSTemplateParams params) { XMLObject xmlObj = null; try { xmlObj = new XMLObject(); Node root = xmlObj.createRoot("xml"); outputArgBlockAsXML(xmlObj, root, "header", params.getHeader()); - outputArgBlockAsXML(xmlObj, root, "fixed", params.getFixed()); + outputArgBlockAsXML(xmlObj, root, "fixed", params.getFixed()); Enumeration<IArgBlock> records = params.queryRecords(); Node recordsNode = xmlObj.createContainer(root, "records"); @@ -645,14 +613,14 @@ public abstract class CMSServlet extends HttpServlet { } protected void renderTemplate( - CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException { + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException { try { IArgBlock httpParams = cmsReq.getHttpParams(); Locale[] locale = new Locale[1]; CMSTemplate template = - getTemplate(templateName, cmsReq.getHttpReq(), locale); + getTemplate(templateName, cmsReq.getHttpReq(), locale); CMSTemplateParams templateParams = null; if (filler != null) { @@ -670,20 +638,20 @@ public abstract class CMSServlet extends HttpServlet { } if (httpParams != null) { - String httpTemplateName = - httpParams.getValueAsString( - TEMPLATE_NAME, null); + String httpTemplateName = + httpParams.getValueAsString( + TEMPLATE_NAME, null); if (httpTemplateName != null) { templateName = httpTemplateName; } } - if (templateParams == null) + if (templateParams == null) templateParams = new CMSTemplateParams(null, null); - // #359630 - // inject preserved http parameter into the template + // #359630 + // inject preserved http parameter into the template if (httpParams != null) { String preserved = httpParams.getValueAsString( PRESERVED, null); @@ -704,40 +672,40 @@ public abstract class CMSServlet extends HttpServlet { cmsReq.getHttpResp().setContentLength(bos.size()); bos.writeTo(cmsReq.getHttpResp().getOutputStream()); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", templateName, e.toString())); - renderException(cmsReq, - new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", templateName, e.toString())); + renderException(cmsReq, + new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); return; } } /** - * Output exception (unexpected error) template - * This is different from other templates in that if an exception occurs - * while rendering the exception a message is printed out directly. - * If the message gets an error an IOException is thrown. - * In others if an exception occurs while rendering the template the - * exception template (this) is called. + * Output exception (unexpected error) template This is different from other + * templates in that if an exception occurs while rendering the exception a + * message is printed out directly. If the message gets an error an + * IOException is thrown. In others if an exception occurs while rendering + * the template the exception template (this) is called. * <p> + * * @param cmsReq the CS request to pass to template filler if any. * @param e the unexpected exception */ - protected void renderException(CMSRequest cmsReq, EBaseException e) - throws IOException { + protected void renderException(CMSRequest cmsReq, EBaseException e) + throws IOException { try { Locale[] locale = new Locale[1]; - CMSLoadTemplate loadTempl = - (CMSLoadTemplate) mTemplates.get(CMSRequest.EXCEPTION); - CMSTemplate template = getTemplate(loadTempl.mTemplateName, + CMSLoadTemplate loadTempl = + (CMSLoadTemplate) mTemplates.get(CMSRequest.EXCEPTION); + CMSTemplate template = getTemplate(loadTempl.mTemplateName, cmsReq.getHttpReq(), locale); ICMSTemplateFiller filler = loadTempl.mFiller; CMSTemplateParams templateParams = null; // When an exception occurs the exit is non-local which probably // will leave the requestStatus value set to something other - // than CMSRequest.EXCEPTION, so force the requestStatus to - // EXCEPTION since it must be that if we're here. + // than CMSRequest.EXCEPTION, so force the requestStatus to + // EXCEPTION since it must be that if we're here. cmsReq.setStatus(CMSRequest.EXCEPTION); if (filler != null) { @@ -749,7 +717,7 @@ public abstract class CMSServlet extends HttpServlet { } if (e != null) { templateParams.getFixed().set( - ICMSTemplateFiller.EXCEPTION, e.toString(locale[0])); + ICMSTemplateFiller.EXCEPTION, e.toString(locale[0])); } // just output arg blocks as XML @@ -772,25 +740,25 @@ public abstract class CMSServlet extends HttpServlet { } } - public void renderFinalError(CMSRequest cmsReq, Exception ex) - throws IOException { - // this template is the last resort for all other unexpected - // errors in other templates so we can only output text. + public void renderFinalError(CMSRequest cmsReq, Exception ex) + throws IOException { + // this template is the last resort for all other unexpected + // errors in other templates so we can only output text. HttpServletResponse httpResp = cmsReq.getHttpResp(); httpResp.setContentType("text/html"); ServletOutputStream out = httpResp.getOutputStream(); - - // replace $ERRORMSG with exception message if included. + + // replace $ERRORMSG with exception message if included. String finalErrMsg = mFinalErrorMsg; int tokenIdx = mFinalErrorMsg.indexOf(ERROR_MSG_TOKEN); if (tokenIdx != -1) { - finalErrMsg = + finalErrMsg = mFinalErrorMsg.substring(0, tokenIdx) + - ex.toString() + - mFinalErrorMsg.substring( - tokenIdx + ERROR_MSG_TOKEN.length()); + ex.toString() + + mFinalErrorMsg.substring( + tokenIdx + ERROR_MSG_TOKEN.length()); } out.println(finalErrMsg); return; @@ -803,31 +771,23 @@ public abstract class CMSServlet extends HttpServlet { SSLSocket s = null; /* - try { - s = (SSLSocket) ((HTTPRequest) httpReq).getConnection().getSocket(); - } catch (ClassCastException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_SSL_NO_INVALIDATE")); - // ignore. - return; - } - try { - s.invalidateSession(); - s.resetHandshake(); - }catch (SocketException se) { - } + * try { s = (SSLSocket) ((HTTPRequest) + * httpReq).getConnection().getSocket(); } catch (ClassCastException e) + * { CMS.getLogger().log( ILogger.EV_SYSTEM, ILogger.S_OTHER, + * ILogger.LL_WARN, CMS.getLogMessage("CMSGW_SSL_NO_INVALIDATE")); // + * ignore. return; } try { s.invalidateSession(); s.resetHandshake(); + * }catch (SocketException se) { } */ return; } /** - * construct a authentication credentials to pass into authentication + * construct a authentication credentials to pass into authentication * manager. */ public static AuthCredentials getAuthCreds( - IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert) - throws EBaseException { + IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert) + throws EBaseException { // get credentials from http parameters. String[] reqCreds = authMgr.getRequiredCreds(); AuthCredentials creds = new AuthCredentials(); @@ -837,8 +797,8 @@ public abstract class CMSServlet extends HttpServlet { if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) { // cert could be null; - creds.set(reqCred, new X509Certificate[] { clientCert} - ); + creds.set(reqCred, new X509Certificate[] { clientCert } + ); } else { String value = argBlock.getValueAsString(reqCred); @@ -854,19 +814,19 @@ public abstract class CMSServlet extends HttpServlet { /** * get ssl client authenticated certificate */ - protected X509Certificate - getSSLClientCertificate(HttpServletRequest httpReq) - throws EBaseException { + protected X509Certificate + getSSLClientCertificate(HttpServletRequest httpReq) + throws EBaseException { X509Certificate cert = null; - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO, - CMS.getLogMessage("CMSGW_GETTING_SSL_CLIENT_CERT")); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO, + CMS.getLogMessage("CMSGW_GETTING_SSL_CLIENT_CERT")); - // iws60 support Java Servlet Spec V2.2, attribute + // iws60 support Java Servlet Spec V2.2, attribute // javax.servlet.request.X509Certificate now contains array // of X509Certificates instead of one X509Certificate object - X509Certificate[] allCerts = (X509Certificate[]) httpReq.getAttribute(CERT_ATTR); + X509Certificate[] allCerts = (X509Certificate[]) httpReq.getAttribute(CERT_ATTR); if (allCerts == null || allCerts.length == 0) { throw new EBaseException("You did not provide a valid certificate for this operation"); @@ -876,10 +836,10 @@ public abstract class CMSServlet extends HttpServlet { if (cert == null) { // just don't have a cert. - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL")); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL")); return null; - } + } // convert to sun's x509 cert interface. try { @@ -888,53 +848,53 @@ public abstract class CMSServlet extends HttpServlet { cert = new X509CertImpl(certEncoded); } catch (CertificateEncodingException e) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_ENCODE", e.getMessage())); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_ENCODE", e.getMessage())); return null; } catch (CertificateException e) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_DECODE", e.getMessage())); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_DECODE", e.getMessage())); return null; } - return cert; + return cert; } /** * get a template based on result status. */ protected CMSTemplate getTemplate( - String templateName, HttpServletRequest httpReq, Locale[] locale) - throws EBaseException, IOException { + String templateName, HttpServletRequest httpReq, Locale[] locale) + throws EBaseException, IOException { // this converts to system dependent file seperator char. if (mServletConfig == null) { - CMS.debug( "CMSServlet:getTemplate() - mServletConfig is null!" ); + CMS.debug("CMSServlet:getTemplate() - mServletConfig is null!"); return null; } if (mServletConfig.getServletContext() == null) { } if (templateName == null) { } - String realpath = - mServletConfig.getServletContext().getRealPath("/" + templateName); + String realpath = + mServletConfig.getServletContext().getRealPath("/" + templateName); if (realpath == null) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", templateName)); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", templateName)); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } File realpathFile = new File(realpath); - File templateFile = - getLangFile(httpReq, realpathFile, locale); + File templateFile = + getLangFile(httpReq, realpathFile, locale); String charSet = httpReq.getCharacterEncoding(); if (charSet == null) { charSet = "UTF8"; } - CMSTemplate template = - (CMSTemplate) mFileLoader.getCMSFile(templateFile, charSet); + CMSTemplate template = + (CMSTemplate) mFileLoader.getCMSFile(templateFile, charSet); return template; } @@ -943,13 +903,13 @@ public abstract class CMSServlet extends HttpServlet { * log according to authority category. */ protected void log(int event, int level, String msg) { - mLogger.log(event, mLogCategory, level, - "Servlet " + mId + ": " + msg); + mLogger.log(event, mLogCategory, level, + "Servlet " + mId + ": " + msg); } protected void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level, - "Servlet " + mId + ": " + msg); + mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level, + "Servlet " + mId + ": " + msg); } /** @@ -965,8 +925,8 @@ public abstract class CMSServlet extends HttpServlet { dontSaveParams = sc.getInitParameter( PROP_DONT_SAVE_HTTP_PARAMS); if (dontSaveParams != null) { - StringTokenizer params = - new StringTokenizer(dontSaveParams, ","); + StringTokenizer params = + new StringTokenizer(dontSaveParams, ","); while (params.hasMoreTokens()) { String param = params.nextToken(); @@ -976,8 +936,8 @@ public abstract class CMSServlet extends HttpServlet { } } catch (Exception e) { // should never happen - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE", PROP_DONT_SAVE_HTTP_PARAMS, e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE", PROP_DONT_SAVE_HTTP_PARAMS, e.toString())); // default just in case. for (int i = 0; i < DONT_SAVE_HTTP_PARAMS.length; i++) { mDontSaveHttpParams.addElement(DONT_SAVE_HTTP_PARAMS[i]); @@ -997,12 +957,12 @@ public abstract class CMSServlet extends HttpServlet { } // now get from config file if there's more. - String saveHeaders = - sc.getInitParameter(PROP_SAVE_HTTP_HEADERS); + String saveHeaders = + sc.getInitParameter(PROP_SAVE_HTTP_HEADERS); - if (saveHeaders != null) { - StringTokenizer headers = - new StringTokenizer(saveHeaders, ","); + if (saveHeaders != null) { + StringTokenizer headers = + new StringTokenizer(saveHeaders, ","); while (headers.hasMoreTokens()) { String hdr = headers.nextToken(); @@ -1021,8 +981,8 @@ public abstract class CMSServlet extends HttpServlet { * save http headers in a IRequest. */ protected void saveHttpHeaders( - HttpServletRequest httpReq, IRequest req) - throws EBaseException { + HttpServletRequest httpReq, IRequest req) + throws EBaseException { Hashtable<String, String> headers = new Hashtable<String, String>(); Enumeration<String> hdrs = mSaveHttpHeaders.elements(); @@ -1041,7 +1001,7 @@ public abstract class CMSServlet extends HttpServlet { * save http headers in a IRequest. */ protected void saveHttpParams( - IArgBlock httpParams, IRequest req) { + IArgBlock httpParams, IRequest req) { Hashtable<String, String> saveParams = new Hashtable<String, String>(); Enumeration<String> names = httpParams.elements(); @@ -1075,14 +1035,14 @@ public abstract class CMSServlet extends HttpServlet { * handy routine for getting a cert record given a serial number. */ protected ICertRecord getCertRecord(BigInteger serialNo) { - if (mAuthority == null || - !(mAuthority instanceof ICertificateAuthority)) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_NON_CERT_AUTH")); + if (mAuthority == null || + !(mAuthority instanceof ICertificateAuthority)) { + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_NON_CERT_AUTH")); return null; } - ICertificateRepository certdb = - (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository(); + ICertificateRepository certdb = + (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository(); if (certdb == null) { log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_CERT_DB_NULL", mAuthority.toString())); @@ -1093,16 +1053,16 @@ public abstract class CMSServlet extends HttpServlet { try { certRecord = certdb.readCertificateRecord(serialNo); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString())); return null; } return certRecord; } /** - * handy routine for validating if a cert is from this CA. - * mAuthority must be a CA. + * handy routine for validating if a cert is from this CA. mAuthority must + * be a CA. */ protected boolean isCertFromCA(X509Certificate cert) { BigInteger serialno = cert.getSerialNumber(); @@ -1114,8 +1074,8 @@ public abstract class CMSServlet extends HttpServlet { } /** - * handy routine for checking if a list of certs is from this CA. - * mAuthortiy must be a CA. + * handy routine for checking if a list of certs is from this CA. mAuthortiy + * must be a CA. */ protected boolean areCertsFromCA(X509Certificate[] certs) { for (int i = certs.length - 1; i >= 0; i--) { @@ -1126,18 +1086,18 @@ public abstract class CMSServlet extends HttpServlet { } /** - * handy routine for getting a certificate from the certificate - * repository. mAuthority must be a CA. + * handy routine for getting a certificate from the certificate repository. + * mAuthority must be a CA. */ protected X509Certificate getX509Certificate(BigInteger serialNo) { - if (mAuthority == null || - !(mAuthority instanceof ICertificateAuthority)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NOT_CERT_AUTH")); + if (mAuthority == null || + !(mAuthority instanceof ICertificateAuthority)) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NOT_CERT_AUTH")); return null; } - ICertificateRepository certdb = - (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository(); + ICertificateRepository certdb = + (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository(); if (certdb == null) { log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_CERT_DB_NULL", mAuthority.toString())); @@ -1148,15 +1108,16 @@ public abstract class CMSServlet extends HttpServlet { try { cert = certdb.getX509Certificate(serialNo); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString())); return null; } return cert; } /** - * instantiate a new filler from a class name, + * instantiate a new filler from a class name, + * * @return null if can't be instantiated, new instance otherwise. */ protected ICMSTemplateFiller newFillerObject(String fillerClass) { @@ -1169,8 +1130,8 @@ public abstract class CMSServlet extends HttpServlet { if ((e instanceof RuntimeException)) { throw (RuntimeException) e; } else { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_CANT_LOAD_FILLER", fillerClass, e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_CANT_LOAD_FILLER", fillerClass, e.toString())); return null; } } @@ -1178,18 +1139,17 @@ public abstract class CMSServlet extends HttpServlet { } /** - * set default templates. - * subclasses can override, and should override at least the success - * template + * set default templates. subclasses can override, and should override at + * least the success template */ protected void setDefaultTemplates(ServletConfig sc) { // Subclasses should override these for diff templates and params in - // their constructors. - // Set a template name to null to not use these standard ones. - // When template name is set to null nothing will be displayed. + // their constructors. + // Set a template name to null to not use these standard ones. + // When template name is set to null nothing will be displayed. // Servlet is assumed to have rendered its own output. - // The only exception is the unexpected error template where the - // default one will always be used if template name is null. + // The only exception is the unexpected error template where the + // default one will always be used if template name is null. String successTemplate = null; String errorTemplate = null; String unauthorizedTemplate = null; @@ -1210,17 +1170,17 @@ public abstract class CMSServlet extends HttpServlet { if (successTemplate == null) { successTemplate = SUCCESS_TEMPLATE; if (gateway != null) - //successTemplate = "/"+gateway+successTemplate; - successTemplate = "/"+gateway+successTemplate; + // successTemplate = "/"+gateway+successTemplate; + successTemplate = "/" + gateway + successTemplate; } errorTemplate = sc.getInitParameter( PROP_ERROR_TEMPLATE); if (errorTemplate == null) { errorTemplate = ERROR_TEMPLATE; - if (gateway != null) - //errorTemplate = "/"+gateway+errorTemplate; - errorTemplate = "/"+gateway+errorTemplate; + if (gateway != null) + // errorTemplate = "/"+gateway+errorTemplate; + errorTemplate = "/" + gateway + errorTemplate; } unauthorizedTemplate = sc.getInitParameter( @@ -1228,8 +1188,8 @@ public abstract class CMSServlet extends HttpServlet { if (unauthorizedTemplate == null) { unauthorizedTemplate = UNAUTHORIZED_TEMPLATE; if (gateway != null) - //unauthorizedTemplate = "/"+gateway+unauthorizedTemplate; - unauthorizedTemplate = "/"+gateway+unauthorizedTemplate; + // unauthorizedTemplate = "/"+gateway+unauthorizedTemplate; + unauthorizedTemplate = "/" + gateway + unauthorizedTemplate; } pendingTemplate = sc.getInitParameter( @@ -1237,8 +1197,8 @@ public abstract class CMSServlet extends HttpServlet { if (pendingTemplate == null) { pendingTemplate = PENDING_TEMPLATE; if (gateway != null) - //pendingTemplate = "/"+gateway+pendingTemplate; - pendingTemplate = "/"+gateway+pendingTemplate; + // pendingTemplate = "/"+gateway+pendingTemplate; + pendingTemplate = "/" + gateway + pendingTemplate; } svcpendingTemplate = sc.getInitParameter( @@ -1246,8 +1206,8 @@ public abstract class CMSServlet extends HttpServlet { if (svcpendingTemplate == null) { svcpendingTemplate = SVC_PENDING_TEMPLATE; if (gateway != null) - //svcpendingTemplate = "/"+gateway+svcpendingTemplate; - svcpendingTemplate = "/"+gateway+svcpendingTemplate; + // svcpendingTemplate = "/"+gateway+svcpendingTemplate; + svcpendingTemplate = "/" + gateway + svcpendingTemplate; } rejectedTemplate = sc.getInitParameter( @@ -1255,8 +1215,8 @@ public abstract class CMSServlet extends HttpServlet { if (rejectedTemplate == null) { rejectedTemplate = REJECTED_TEMPLATE; if (gateway != null) - //rejectedTemplate = "/"+gateway+rejectedTemplate; - rejectedTemplate = "/"+gateway+rejectedTemplate; + // rejectedTemplate = "/"+gateway+rejectedTemplate; + rejectedTemplate = "/" + gateway + rejectedTemplate; } unexpectedErrorTemplate = sc.getInitParameter( @@ -1264,51 +1224,52 @@ public abstract class CMSServlet extends HttpServlet { if (unexpectedErrorTemplate == null) { unexpectedErrorTemplate = EXCEPTION_TEMPLATE; if (gateway != null) - //unexpectedErrorTemplate = "/"+gateway+unexpectedErrorTemplate; - unexpectedErrorTemplate = "/"+gateway+unexpectedErrorTemplate; + // unexpectedErrorTemplate = + // "/"+gateway+unexpectedErrorTemplate; + unexpectedErrorTemplate = "/" + gateway + unexpectedErrorTemplate; } } catch (Exception e) { - // this should never happen. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), - mId)); + // this should never happen. + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), + mId)); } mTemplates.put( - CMSRequest.UNAUTHORIZED, - new CMSLoadTemplate( - PROP_UNAUTHORIZED_TEMPLATE, PROP_UNAUTHOR_TEMPLATE_FILLER, - unauthorizedTemplate, null)); + CMSRequest.UNAUTHORIZED, + new CMSLoadTemplate( + PROP_UNAUTHORIZED_TEMPLATE, PROP_UNAUTHOR_TEMPLATE_FILLER, + unauthorizedTemplate, null)); mTemplates.put( - CMSRequest.SUCCESS, - new CMSLoadTemplate( - PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER, - successTemplate, new GenSuccessTemplateFiller())); + CMSRequest.SUCCESS, + new CMSLoadTemplate( + PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER, + successTemplate, new GenSuccessTemplateFiller())); mTemplates.put( - CMSRequest.PENDING, - new CMSLoadTemplate( - PROP_PENDING_TEMPLATE, PROP_PENDING_TEMPLATE_FILLER, - pendingTemplate, new GenPendingTemplateFiller())); + CMSRequest.PENDING, + new CMSLoadTemplate( + PROP_PENDING_TEMPLATE, PROP_PENDING_TEMPLATE_FILLER, + pendingTemplate, new GenPendingTemplateFiller())); mTemplates.put( - CMSRequest.SVC_PENDING, - new CMSLoadTemplate( - PROP_SVC_PENDING_TEMPLATE, PROP_SVC_PENDING_TEMPLATE_FILLER, - svcpendingTemplate, new GenSvcPendingTemplateFiller())); + CMSRequest.SVC_PENDING, + new CMSLoadTemplate( + PROP_SVC_PENDING_TEMPLATE, PROP_SVC_PENDING_TEMPLATE_FILLER, + svcpendingTemplate, new GenSvcPendingTemplateFiller())); mTemplates.put( - CMSRequest.REJECTED, - new CMSLoadTemplate( - PROP_REJECTED_TEMPLATE, PROP_REJECTED_TEMPLATE_FILLER, - rejectedTemplate, new GenRejectedTemplateFiller())); + CMSRequest.REJECTED, + new CMSLoadTemplate( + PROP_REJECTED_TEMPLATE, PROP_REJECTED_TEMPLATE_FILLER, + rejectedTemplate, new GenRejectedTemplateFiller())); mTemplates.put( - CMSRequest.ERROR, - new CMSLoadTemplate( - PROP_ERROR_TEMPLATE, PROP_ERROR_TEMPLATE_FILLER, - errorTemplate, new GenErrorTemplateFiller())); + CMSRequest.ERROR, + new CMSLoadTemplate( + PROP_ERROR_TEMPLATE, PROP_ERROR_TEMPLATE_FILLER, + errorTemplate, new GenErrorTemplateFiller())); mTemplates.put( - CMSRequest.EXCEPTION, - new CMSLoadTemplate( - PROP_EXCEPTION_TEMPLATE, PROP_EXCEPTION_TEMPLATE_FILLER, - unexpectedErrorTemplate, new GenUnexpectedErrorTemplateFiller())); + CMSRequest.EXCEPTION, + new CMSLoadTemplate( + PROP_EXCEPTION_TEMPLATE, PROP_EXCEPTION_TEMPLATE_FILLER, + unexpectedErrorTemplate, new GenUnexpectedErrorTemplateFiller())); } /** @@ -1317,8 +1278,8 @@ public abstract class CMSServlet extends HttpServlet { public static boolean clientIsNav(HttpServletRequest httpReq) { String useragent = httpReq.getHeader("user-agent"); - if (useragent.startsWith("Mozilla") && - useragent.indexOf("MSIE") == -1) + if (useragent.startsWith("Mozilla") && + useragent.indexOf("MSIE") == -1) return true; return false; } @@ -1339,40 +1300,36 @@ public abstract class CMSServlet extends HttpServlet { * set using cartman JS. (no other way to tell) */ private static String CMMF_RESPONSE = "cmmfResponse"; + public static boolean doCMMFResponse(IArgBlock httpParams) { if (httpParams.getValueAsBoolean(CMMF_RESPONSE, false)) return true; - else + else return false; } private static final String IMPORT_CERT = "importCert"; private static final String IMPORT_CHAIN = "importCAChain"; private static final String IMPORT_CERT_MIME_TYPE = "importCertMimeType"; - // default mime type - private static final String - NS_X509_USER_CERT = "application/x-x509-user-cert"; - private static final String - NS_X509_EMAIL_CERT = "application/x-x509-email-cert"; + // default mime type + private static final String NS_X509_USER_CERT = "application/x-x509-user-cert"; + private static final String NS_X509_EMAIL_CERT = "application/x-x509-email-cert"; // CMC mime types - public static final String - SIMPLE_ENROLLMENT_REQUEST = "application/pkcs10"; - public static final String - SIMPLE_ENROLLMENT_RESPONSE = "application/pkcs7-mime"; - public static final String - FULL_ENROLLMENT_REQUEST = "application/pkcs7-mime"; - public static final String - FULL_ENROLLMENT_RESPONSE = "application/pkcs7-mime"; + public static final String SIMPLE_ENROLLMENT_REQUEST = "application/pkcs10"; + public static final String SIMPLE_ENROLLMENT_RESPONSE = "application/pkcs7-mime"; + public static final String FULL_ENROLLMENT_REQUEST = "application/pkcs7-mime"; + public static final String FULL_ENROLLMENT_RESPONSE = "application/pkcs7-mime"; /** * handy routine to check if client want full enrollment response */ public static String FULL_RESPONSE = "fullResponse"; + public static boolean doFullResponse(IArgBlock httpParams) { if (httpParams.getValueAsBoolean(FULL_RESPONSE, false)) return true; - else + else return false; } @@ -1381,23 +1338,23 @@ public abstract class CMSServlet extends HttpServlet { * @return true if import cert directly is true and import cert. */ protected boolean checkImportCertToNav( - HttpServletResponse httpResp, IArgBlock httpParams, X509CertImpl cert) - throws EBaseException { + HttpServletResponse httpResp, IArgBlock httpParams, X509CertImpl cert) + throws EBaseException { if (!httpParams.getValueAsBoolean(IMPORT_CERT, false)) { return false; } boolean importCAChain = - httpParams.getValueAsBoolean(IMPORT_CHAIN, true); + httpParams.getValueAsBoolean(IMPORT_CHAIN, true); // XXX Temporary workaround because of problem with passing Mime type boolean emailCert = - httpParams.getValueAsBoolean("emailCert", false); + httpParams.getValueAsBoolean("emailCert", false); String importMimeType = (emailCert) ? - httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_EMAIL_CERT) : - httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT); + httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_EMAIL_CERT) : + httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT); - // String importMimeType = - // httpParams.getValueAsString( - // IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT); + // String importMimeType = + // httpParams.getValueAsString( + // IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT); importCertToNav(httpResp, cert, importMimeType, importCAChain); return true; } @@ -1406,17 +1363,17 @@ public abstract class CMSServlet extends HttpServlet { * handy routine to import cert to old navigator in nav mime type. */ public void importCertToNav( - HttpServletResponse httpResp, X509CertImpl cert, - String contentType, boolean importCAChain) - throws EBaseException { + HttpServletResponse httpResp, X509CertImpl cert, + String contentType, boolean importCAChain) + throws EBaseException { ServletOutputStream out = null; byte[] encoding = null; - CMS.debug("CMSServlet: importCertToNav " + - "contentType=" + contentType + " " + + CMS.debug("CMSServlet: importCertToNav " + + "contentType=" + contentType + " " + "importCAChain=" + importCAChain); - try { - out = httpResp.getOutputStream(); + try { + out = httpResp.getOutputStream(); // CA chain. if (importCAChain) { CertificateChain caChain = null; @@ -1426,9 +1383,9 @@ public abstract class CMSServlet extends HttpServlet { caChain = ((ICertAuthority) mAuthority).getCACertChain(); caCerts = caChain.getChain(); - // set user + CA cert chain in pkcs7 - X509CertImpl[] userChain = - new X509CertImpl[caCerts.length + 1]; + // set user + CA cert chain in pkcs7 + X509CertImpl[] userChain = + new X509CertImpl[caCerts.length + 1]; userChain[0] = cert; int m = 1, n = 0; @@ -1437,8 +1394,8 @@ public abstract class CMSServlet extends HttpServlet { userChain[m] = (X509CertImpl) caCerts[n]; /* - System.out.println( - m+"th Cert "+userChain[m].toString()); + * System.out.println( + * m+"th Cert "+userChain[m].toString()); */ } p7 = new PKCS7(new AlgorithmId[0], @@ -1456,16 +1413,16 @@ public abstract class CMSServlet extends HttpServlet { } httpResp.setContentType(contentType); out.write(encoding); - } catch (IOException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_RET_CERT_IMPORT_ERR", e.toString())); + } catch (IOException e) { + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_RET_CERT_IMPORT_ERR", e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_RETURNING_CERT")); } catch (CertificateEncodingException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_ENCODED_IMP_CERT", e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_ENCODED_IMP_CERT", e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } @@ -1511,75 +1468,76 @@ public abstract class CMSServlet extends HttpServlet { * handy routine for getting agent's relative path */ protected String getRelPath(IAuthority authority) { - if (authority instanceof ICertificateAuthority) + if (authority instanceof ICertificateAuthority) return "ca/"; - else if (authority instanceof IRegistrationAuthority) + else if (authority instanceof IRegistrationAuthority) return "ra/"; - else if (authority instanceof IKeyRecoveryAuthority) + else if (authority instanceof IKeyRecoveryAuthority) return "kra/"; - else + else return "/"; } /** - * A system certificate such as the CA signing certificate - * should not be allowed to delete. - * The main purpose is to avoid revoking the self signed + * A system certificate such as the CA signing certificate should not be + * allowed to delete. The main purpose is to avoid revoking the self signed * CA certificate accidentially. */ protected boolean isSystemCertificate(BigInteger serialNo) { if (!(mAuthority instanceof ICertificateAuthority)) { return false; } - X509Certificate caCert = - ((ICertificateAuthority)mAuthority).getCACert(); + X509Certificate caCert = + ((ICertificateAuthority) mAuthority).getCACert(); if (caCert != null) { - /* only check this if we are self-signed */ - if (caCert.getSubjectDN().equals(caCert.getIssuerDN())) { - if (caCert.getSerialNumber().equals(serialNo)) { - return true; + /* only check this if we are self-signed */ + if (caCert.getSubjectDN().equals(caCert.getIssuerDN())) { + if (caCert.getSerialNumber().equals(serialNo)) { + return true; + } } - } } return false; } /** * make a CRL entry from a serial number and revocation reason. + * * @return a RevokedCertImpl that can be entered in a CRL. */ protected RevokedCertImpl formCRLEntry( - BigInteger serialNo, RevocationReason reason) - throws EBaseException { + BigInteger serialNo, RevocationReason reason) + throws EBaseException { CRLReasonExtension reasonExt = new CRLReasonExtension(reason); CRLExtensions crlentryexts = new CRLExtensions(); try { crlentryexts.set(CRLReasonExtension.class.getSimpleName(), reasonExt); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_CRL_REASON", reason.toString(), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_CRL_REASON", reason.toString(), e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON")); } - RevokedCertImpl crlentry = - new RevokedCertImpl(serialNo, CMS.getCurrentDate(), crlentryexts); + RevokedCertImpl crlentry = + new RevokedCertImpl(serialNo, CMS.getCurrentDate(), crlentryexts); return crlentry; } /** * check if a certificate (serial number) is revoked on a CA. + * * @return true if cert is marked revoked in the CA's database. - * @return false if cert is not marked revoked. + * @return false if cert is not marked revoked. */ - protected boolean certIsRevoked(BigInteger serialNum) - throws EBaseException { + protected boolean certIsRevoked(BigInteger serialNum) + throws EBaseException { ICertRecord certRecord = getCertRecord(serialNum); if (certRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_BAD_CERT_SER_NUM", String.valueOf(serialNum))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_BAD_CERT_SER_NUM", String.valueOf(serialNum))); throw new ECMSGWException( CMS.getLogMessage("CMSGW_INVALID_CERT")); } @@ -1590,7 +1548,7 @@ public abstract class CMSServlet extends HttpServlet { public static String generateSalt() { Random rnd = new Random(); - String salt = new Integer( rnd.nextInt() ).toString(); + String salt = new Integer(rnd.nextInt()).toString(); return salt; } @@ -1608,8 +1566,8 @@ public abstract class CMSServlet extends HttpServlet { * @param locale array of at least one to be filled with locale found. */ public static File getLangFile( - HttpServletRequest req, File realpathFile, Locale[] locale) - throws IOException { + HttpServletRequest req, File realpathFile, Locale[] locale) + throws IOException { File file = null; String acceptLang = req.getHeader("accept-language"); @@ -1626,7 +1584,7 @@ public abstract class CMSServlet extends HttpServlet { } String name = realpathFile.getName(); - if (name == null) { // filename should never be null. + if (name == null) { // filename should never be null. throw new IOException("file has no name"); } int i; @@ -1655,8 +1613,8 @@ public abstract class CMSServlet extends HttpServlet { } String langfilepath = - parent + File.separatorChar + - lang + File.separatorChar + name; + parent + File.separatorChar + + lang + File.separatorChar + name; file = new File(langfilepath); if (file.exists()) { @@ -1688,18 +1646,18 @@ public abstract class CMSServlet extends HttpServlet { } public IAuthToken authenticate(CMSRequest req) - throws EBaseException { + throws EBaseException { return authenticate(req, mAuthMgr); } public IAuthToken authenticate(HttpServletRequest httpReq) - throws EBaseException { + throws EBaseException { return authenticate(httpReq, mAuthMgr); } - public IAuthToken authenticate(CMSRequest req, String authMgrName) - throws EBaseException { - IAuthToken authToken = authenticate(req.getHttpReq(), + public IAuthToken authenticate(CMSRequest req, String authMgrName) + throws EBaseException { + IAuthToken authToken = authenticate(req.getHttpReq(), authMgrName); saveAuthToken(authToken, req.getIRequest()); @@ -1709,19 +1667,19 @@ public abstract class CMSServlet extends HttpServlet { /** * Authentication * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication - * fails (in case of SSL-client auth, only webserver env can pick up the - * SSL violation; CS authMgr can pick up cert mis-match, so this event - * is used) - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication - * succeeded + * fails (in case of SSL-client auth, only webserver env can pick up the SSL + * violation; CS authMgr can pick up cert mis-match, so this event is used) + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when + * authentication succeeded * </ul> + * * @exception EBaseException an error has occurred */ public IAuthToken authenticate(HttpServletRequest httpReq, String authMgrName) - throws EBaseException { + throws EBaseException { String auditMessage = null; String auditSubjectID = ILogger.UNIDENTIFIED; String auditAuthMgrID = ILogger.UNIDENTIFIED; @@ -1750,19 +1708,19 @@ public abstract class CMSServlet extends HttpServlet { // // check ssl client authentication if specified. // - X509Certificate clientCert = null; + X509Certificate clientCert = null; - if (getClientCert != null && getClientCert.equals("true")) { + if (getClientCert != null && getClientCert.equals("true")) { CMS.debug("CMSServlet: retrieving SSL certificate"); clientCert = getSSLClientCertificate(httpReq); } // // check authentication by auth manager if any. - // + // if (authMgrName == null) { - // Fixed Blackflag Bug #613900: Since this code block does + // Fixed Blackflag Bug #613900: Since this code block does // NOT actually constitute an authentication failure, but // rather the case in which a given servlet has been correctly // configured to NOT require an authentication manager, the @@ -1795,10 +1753,10 @@ public abstract class CMSServlet extends HttpServlet { } AuthToken authToken = CMSGateway.checkAuthManager(httpReq, httpArgs, - clientCert, + clientCert, authMgrName); if (authToken == null) { - return null; + return null; } String userid = authToken.getInString(IAuthToken.USER_ID); @@ -1807,7 +1765,7 @@ public abstract class CMSServlet extends HttpServlet { if (userid != null) { ctx.put(SessionContext.USER_ID, userid); } - + // reset the "auditSubjectID" auditSubjectID = auditSubjectID(); @@ -1828,7 +1786,7 @@ public abstract class CMSServlet extends HttpServlet { auditSubjectID, ILogger.FAILURE, auditAuthMgrID, - auditUID); + auditUID); audit(auditMessage); // rethrow the specific exception to be handled later @@ -1837,7 +1795,7 @@ public abstract class CMSServlet extends HttpServlet { } public AuthzToken authorize(String authzMgrName, String resource, IAuthToken authToken, - String exp) throws EBaseException { + String exp) throws EBaseException { AuthzToken authzToken = null; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1911,29 +1869,30 @@ public abstract class CMSServlet extends HttpServlet { /** * Authorize must occur after Authenticate * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization * has failed - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization - * is successful - * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a - * role (in current CS that's when one accesses a role port) + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when + * authorization is successful + * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes + * a role (in current CS that's when one accesses a role port) * </ul> + * * @param authzMgrName string representing the name of the authorization - * manager + * manager * @param authToken the authentication token * @param resource a string representing the ACL resource id as defined in - * the ACL resource list + * the ACL resource list * @param operation a string representing one of the operations as defined - * within the ACL statement (e. g. - "read" for an ACL statement containing - * "(read,write)") + * within the ACL statement (e. g. - "read" for an ACL statement + * containing "(read,write)") * @exception EBaseException an error has occurred * @return the authorization token */ public AuthzToken authorize(String authzMgrName, IAuthToken authToken, - String resource, String operation) - throws EBaseException { + String resource, String operation) + throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditGroupID = auditGroupID(); @@ -1941,19 +1900,18 @@ public abstract class CMSServlet extends HttpServlet { String auditACLResource = resource; String auditOperation = operation; - SessionContext auditContext = SessionContext.getExistingContext(); String authManagerId = null; - if(auditContext != null) { + if (auditContext != null) { authManagerId = (String) auditContext.get(SessionContext.AUTH_MANAGER_ID); - - if(authManagerId != null && authManagerId.equals("TokenAuth")) { - if (auditSubjectID.equals(ILogger.NONROLEUSER) || - auditSubjectID.equals(ILogger.UNIDENTIFIED)) { - CMS.debug("CMSServlet: in authorize... TokenAuth auditSubjectID unavailable, changing to auditGroupID"); - auditID = auditGroupID; - } + + if (authManagerId != null && authManagerId.equals("TokenAuth")) { + if (auditSubjectID.equals(ILogger.NONROLEUSER) || + auditSubjectID.equals(ILogger.UNIDENTIFIED)) { + CMS.debug("CMSServlet: in authorize... TokenAuth auditSubjectID unavailable, changing to auditGroupID"); + auditID = auditGroupID; + } } } @@ -1968,7 +1926,7 @@ public abstract class CMSServlet extends HttpServlet { } if (authzMgrName == null) { - // Fixed Blackflag Bug #613900: Since this code block does + // Fixed Blackflag Bug #613900: Since this code block does // NOT actually constitute an authorization failure, but // rather the case in which a given servlet has been correctly // configured to NOT require an authorization manager, the @@ -2073,11 +2031,11 @@ public abstract class CMSServlet extends HttpServlet { /** * Signed Audit Log - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to store messages to the signed audit log. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -2089,20 +2047,19 @@ public abstract class CMSServlet extends HttpServlet { } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Subject ID - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to obtain the "SubjectID" for - * a signed audit log message. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * obtain the "SubjectID" for a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -2137,12 +2094,11 @@ public abstract class CMSServlet extends HttpServlet { /** * Signed Audit Log Group ID - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to obtain the "gid" for - * a signed audit log message. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * obtain the "gid" for a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditGroupID() { @@ -2177,14 +2133,14 @@ public abstract class CMSServlet extends HttpServlet { /** * Signed Audit Groups - * - * This method is called to extract all "groups" associated - * with the "auditSubjectID()". + * + * This method is called to extract all "groups" associated with the + * "auditSubjectID()". * <P> - * + * * @param id string containing the signed audit log message SubjectID - * @return a delimited string of groups associated - * with the "auditSubjectID()" + * @return a delimited string of groups associated with the + * "auditSubjectID()" */ private String auditGroups(String SubjectID) { // if no signed audit object exists, bail @@ -2193,7 +2149,7 @@ public abstract class CMSServlet extends HttpServlet { } if ((SubjectID == null) || - (SubjectID.equals(ILogger.UNIDENTIFIED))) { + (SubjectID.equals(ILogger.UNIDENTIFIED))) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -2211,7 +2167,7 @@ public abstract class CMSServlet extends HttpServlet { IGroup group = (IGroup) groups.nextElement(); if (group.isMember(SubjectID) == true) { - if (membersString.length()!= 0) { + if (membersString.length() != 0) { membersString.append(", "); } @@ -2219,7 +2175,7 @@ public abstract class CMSServlet extends HttpServlet { } } - if (membersString.length()!=0) { + if (membersString.length() != 0) { return membersString.toString(); } else { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -2243,18 +2199,18 @@ public abstract class CMSServlet extends HttpServlet { return locale; } - protected void outputResult(HttpServletResponse httpResp, - String contentType, byte[] content) { + protected void outputResult(HttpServletResponse httpResp, + String contentType, byte[] content) { try { OutputStream os = httpResp.getOutputStream(); - + httpResp.setContentType(contentType); httpResp.setContentLength(content.length); os.write(content); os.flush(); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); return; } } @@ -2288,34 +2244,36 @@ public abstract class CMSServlet extends HttpServlet { } catch (Exception ee) { CMS.debug("Failed to send XML output to the server."); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", ee.toString())); + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", ee.toString())); } } - protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) - { + protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) { StringBuffer result = new StringBuffer(); // Do we need to escape any characters for (int i = 0; i < v.length(); i++) { int c = v.charAt(i); if (c == ',' || c == '=' || c == '+' || c == '<' || - c == '>' || c == '#' || c == ';' || c == '\r' || - c == '\n' || c == '\\' || c == '"') { - if ((c == 0x5c) && ((i+1) < v.length())) { - int nextC = v.charAt(i+1); + c == '>' || c == '#' || c == ';' || c == '\r' || + c == '\n' || c == '\\' || c == '"') { + if ((c == 0x5c) && ((i + 1) < v.length())) { + int nextC = v.charAt(i + 1); if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' || nextC == '<' || nextC == '>' || nextC == '#' || nextC == ';' || nextC == '\r' || nextC == '\n' || nextC == '\\' || nextC == '"')) { - if (doubleEscape) result.append('\\'); + if (doubleEscape) + result.append('\\'); } else { result.append('\\'); - if (doubleEscape) result.append('\\'); + if (doubleEscape) + result.append('\\'); } } else { result.append('\\'); - if (doubleEscape) result.append('\\'); + if (doubleEscape) + result.append('\\'); } } if (c == '\r') { @@ -2323,11 +2281,10 @@ public abstract class CMSServlet extends HttpServlet { } else if (c == '\n') { result.append("0A"); } else { - result.append((char)c); + result.append((char) c); } } return result; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java index 64c59c5a..99e12555 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.File; import java.io.IOException; import java.io.PrintWriter; @@ -32,11 +31,10 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.cmsutil.util.Utils; - /** - * This servlet is started by the web server at startup, and - * it starts the CMS framework. - * + * This servlet is started by the web server at startup, and it starts the CMS + * framework. + * * @version $Revision$, $Date$ */ public class CMSStartServlet extends HttpServlet { @@ -55,34 +53,34 @@ public class CMSStartServlet extends HttpServlet { if (!f.exists()) { int index = path.lastIndexOf("CS.cfg"); if (index != -1) { - old_path = path.substring(0, index)+"CMS.cfg"; + old_path = path.substring(0, index) + "CMS.cfg"; } File f1 = new File(old_path); if (f1.exists()) { // The following block of code moves "CMS.cfg" to "CS.cfg". try { - if( Utils.isNT() ) { + if (Utils.isNT()) { // NT is very picky on the path - Utils.exec( "copy " + - f1.getAbsolutePath().replace( '/', '\\' ) + + Utils.exec("copy " + + f1.getAbsolutePath().replace('/', '\\') + " " + - f.getAbsolutePath().replace( '/', '\\' ) ); + f.getAbsolutePath().replace('/', '\\')); } else { // Create a copy of the original file which // preserves the original file permissions. - Utils.exec( "cp -p " + f1.getAbsolutePath() + " " + - f.getAbsolutePath() ); + Utils.exec("cp -p " + f1.getAbsolutePath() + " " + + f.getAbsolutePath()); } // Remove the original file if and only if // the backup copy was successful. - if( f.exists() ) { + if (f.exists()) { f1.delete(); // Make certain that the new file has // the correct permissions. - if( !Utils.isNT() ) { - Utils.exec( "chmod 00660 " + f.getAbsolutePath() ); + if (!Utils.isNT()) { + Utils.exec("chmod 00660 " + f.getAbsolutePath()); } } } catch (Exception e) { @@ -96,7 +94,7 @@ public class CMSStartServlet extends HttpServlet { } public void doGet(HttpServletRequest req, HttpServletResponse res) - throws ServletException, IOException { + throws ServletException, IOException { res.setContentType("text/html"); PrintWriter out = res.getWriter(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java index 8d853f0b..7499c781 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileInputStream; @@ -33,10 +32,10 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * This is the servlet that displays the html page for the corresponding input id. - * + * This is the servlet that displays the html page for the corresponding input + * id. + * * @version $Revision$, $Date$ */ public class DisplayHtmlServlet extends CMSServlet { @@ -55,7 +54,7 @@ public class DisplayHtmlServlet extends CMSServlet { public void init(ServletConfig sc) throws ServletException { super.init(sc); - mHTMLPath = sc.getInitParameter(PROP_HTML_PATH); + mHTMLPath = sc.getInitParameter(PROP_HTML_PATH); mTemplates.remove(CMSRequest.SUCCESS); } @@ -68,18 +67,18 @@ public class DisplayHtmlServlet extends CMSServlet { IAuthToken authToken = authenticate(cmsReq); try { - String realpath = - mServletConfig.getServletContext().getRealPath("/" + mHTMLPath); + String realpath = + mServletConfig.getServletContext().getRealPath("/" + mHTMLPath); if (realpath == null) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", mHTMLPath)); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")) ; + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", mHTMLPath)); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } File file = new File(realpath); long flen = file.length(); - byte[] bin = new byte[(int)flen]; + byte[] bin = new byte[(int) flen]; FileInputStream ins = new FileInputStream(file); int len = 0; @@ -92,9 +91,9 @@ public class DisplayHtmlServlet extends CMSServlet { ins.close(); bos.close(); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", mHTMLPath, e.toString())); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", mHTMLPath, e.toString())); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java index 9607fbe2..84fcf347 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.IOException; import java.util.Date; import java.util.Enumeration; @@ -39,14 +38,13 @@ import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; - /** - * Return some javascript to the request which contains the list of - * dynamic data in the CMS system. + * Return some javascript to the request which contains the list of dynamic data + * in the CMS system. * <p> - * This allows the requestor (browser) to make decisions about what - * to present in the UI, depending on how CMS is configured - * + * This allows the requestor (browser) to make decisions about what to present + * in the UI, depending on how CMS is configured + * * @version $Revision$, $Date$ */ public class DynamicVariablesServlet extends CMSServlet { @@ -83,10 +81,10 @@ public class DynamicVariablesServlet extends CMSServlet { private static final String VAR_CLA_CRL_URL_STRING = "clacrlurl()"; private static final Integer VAR_CLA_CRL_URL = Integer.valueOf(6); private String VAR_CLA_CRL_URL_VALUE = null; - + private String mAuthMgrCacheString = ""; - private long mAuthMgrCacheTime = 0; - private final int AUTHMGRCACHE = 10; //number of seconds to cache list of + private long mAuthMgrCacheTime = 0; + private final int AUTHMGRCACHE = 10; // number of seconds to cache list of // authmanagers for private Hashtable dynvars = null; private String mGetClientCert = "false"; @@ -99,7 +97,7 @@ public class DynamicVariablesServlet extends CMSServlet { IConfigStore config = CMS.getConfigStore().getSubStore(PROP_CLONING); try { - mCrlurl = + mCrlurl = config.getString(PROP_CRLURL, ""); } catch (EBaseException e) { } @@ -119,33 +117,38 @@ public class DynamicVariablesServlet extends CMSServlet { /** * Reads the following variables from the servlet config: * <ul> - * <li><strong>AuthMgr</strong> - the authentication manager to use to authenticate the request - * <li><strong>GetClientCert</strong> - whether to request client auth for this request - * <li><strong>authority</strong> - the authority (ca, ra, drm) to return to the client - * <li><strong>dynamicVariables</strong> - a string of the form: - * serverdate=serverdate(),subsystemname=subsystemname(), - * http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl() + * <li><strong>AuthMgr</strong> - the authentication manager to use to + * authenticate the request + * <li><strong>GetClientCert</strong> - whether to request client auth for + * this request + * <li><strong>authority</strong> - the authority (ca, ra, drm) to return to + * the client + * <li><strong>dynamicVariables</strong> - a string of the form: + * serverdate=serverdate(),subsystemname=subsystemname(), + * http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl() * </ul> - * The dynamicVariables string is parsed by splitting on commas. - * When services, the HTTP request provides a piece of javascript - * code as follows. + * The dynamicVariables string is parsed by splitting on commas. When + * services, the HTTP request provides a piece of javascript code as + * follows. * <p> * Each sub expression "lhs=rhs()" forms a javascript statement of the form - * <i>lhs=xxx;</i> Where lhs is xxx is the result of 'evaluating' the - * rhs. The possible values for the rhs() function are: + * <i>lhs=xxx;</i> Where lhs is xxx is the result of 'evaluating' the rhs. + * The possible values for the rhs() function are: * <ul> - * <li><strong>serverdate()</strong> - the timestamp of the server (used to ensure that the client - * clock is set correctly) + * <li><strong>serverdate()</strong> - the timestamp of the server (used to + * ensure that the client clock is set correctly) * <li><strong>subsystemname()</strong> - * <li><strong>http()</strong> - "true" or "false" - is this an http connection (as opposed to https) + * <li><strong>http()</strong> - "true" or "false" - is this an http + * connection (as opposed to https) * <li>authmgrs() - a comma separated list of authentication managers - * <li>clacrlurl() - the URL to get the CRL from, in the case of a Clone CA. This is - * defined in the CMS configuration parameter 'cloning.cloneMasterCrlUrl' + * <li>clacrlurl() - the URL to get the CRL from, in the case of a Clone CA. + * This is defined in the CMS configuration parameter + * 'cloning.cloneMasterCrlUrl' * </ul> + * * @see javax.servlet.Servlet#init(ServletConfig) */ - public void init(ServletConfig sc) throws ServletException { super.init(sc); mAuthMgr = sc.getInitParameter(PROP_AUTHMGR); @@ -194,8 +197,8 @@ public class DynamicVariablesServlet extends CMSServlet { } public void service(HttpServletRequest httpReq, - HttpServletResponse httpResp) - throws ServletException, IOException { + HttpServletResponse httpResp) + throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); if (!running_state) @@ -214,7 +217,7 @@ public class DynamicVariablesServlet extends CMSServlet { httpResp.setContentType("application/x-javascript"); httpResp.setHeader("Pragma", "no-cache"); - + try { ServletOutputStream os = httpResp.getOutputStream(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java b/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java index 3b8f8bd4..b4f1aed1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.IOException; import java.util.Date; import java.util.Enumeration; @@ -43,10 +42,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Retrieve information. - * + * * @version $Revision$, $Date$ */ public class GetStats extends CMSServlet { @@ -62,9 +60,9 @@ public class GetStats extends CMSServlet { } /** - * initialize the servlet. This servlet uses the template - * file "getOCSPInfo.template" to render the result page. - * + * initialize the servlet. This servlet uses the template file + * "getOCSPInfo.template" to render the result page. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -79,14 +77,13 @@ public class GetStats extends CMSServlet { mTemplates.remove(CMSRequest.SUCCESS); } - /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -98,10 +95,10 @@ public class GetStats extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -118,10 +115,10 @@ public class GetStats extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -130,12 +127,12 @@ public class GetStats extends CMSServlet { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); StatsEvent st = statsSub.getMainStatsEvent(); String op = httpReq.getParameter("op"); if (op != null && op.equals("clear")) { - statsSub.resetCounters(); + statsSub.resetCounters(); } header.addStringValue("startTime", statsSub.getStartTime().toString()); @@ -149,43 +146,42 @@ public class GetStats extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); return; } - public String getSep(int level) - { - StringBuffer s = new StringBuffer(); - for (int i = 0; i < level; i++) { - s.append("-"); - } - return s.toString(); + public String getSep(int level) { + StringBuffer s = new StringBuffer(); + for (int i = 0; i < level; i++) { + s.append("-"); + } + return s.toString(); } public void parse(CMSTemplateParams argSet, StatsEvent st, int level) { Enumeration names = st.getSubEventNames(); while (names.hasMoreElements()) { - String name = (String)names.nextElement(); - StatsEvent subSt = st.getSubEvent(name); - - IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("name", getSep(level) + " " + subSt.getName()); - rarg.addLongValue("noOfOp", subSt.getNoOfOperations()); - rarg.addLongValue("timeTaken", subSt.getTimeTaken()); - rarg.addLongValue("max", subSt.getMax()); - rarg.addLongValue("min", subSt.getMin()); - rarg.addLongValue("percentage", subSt.getPercentage()); - rarg.addLongValue("avg", subSt.getAvg()); - rarg.addLongValue("stddev", subSt.getStdDev()); - argSet.addRepeatRecord(rarg); - - parse(argSet, subSt, level+1); + String name = (String) names.nextElement(); + StatsEvent subSt = st.getSubEvent(name); + + IArgBlock rarg = CMS.createArgBlock(); + rarg.addStringValue("name", getSep(level) + " " + subSt.getName()); + rarg.addLongValue("noOfOp", subSt.getNoOfOperations()); + rarg.addLongValue("timeTaken", subSt.getTimeTaken()); + rarg.addLongValue("max", subSt.getMax()); + rarg.addLongValue("min", subSt.getMin()); + rarg.addLongValue("percentage", subSt.getPercentage()); + rarg.addLongValue("avg", subSt.getAvg()); + rarg.addLongValue("stddev", subSt.getStdDev()); + argSet.addRepeatRecord(rarg); + + parse(argSet, subSt, level + 1); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java index 89179b57..a4b72121 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -32,11 +31,9 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.IndexTemplateFiller; - /** - * This is the servlet that builds the index page in - * various ports. - * + * This is the servlet that builds the index page in various ports. + * * @version $Revision$, $Date$ */ public class IndexServlet extends CMSServlet { @@ -68,10 +65,9 @@ public class IndexServlet extends CMSServlet { mTemplateName = sc.getInitParameter(PROP_TEMPLATE); /* - mTemplates.put(CMSRequest.SUCCESS, - new CMSLoadTemplate( - PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER, - mTemplateName, new IndexTemplateFiller())); + * mTemplates.put(CMSRequest.SUCCESS, new CMSLoadTemplate( + * PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER, mTemplateName, + * new IndexTemplateFiller())); */ mTemplates.remove(CMSRequest.SUCCESS); } @@ -91,26 +87,26 @@ public class IndexServlet extends CMSServlet { * Serves HTTP request. */ public void process(CMSRequest cmsReq) throws EBaseException { - if (CMSGateway.getEnableAdminEnroll() && - mAuthority != null && - mAuthority instanceof ICertificateAuthority) { + if (CMSGateway.getEnableAdminEnroll() && + mAuthority != null && + mAuthority instanceof ICertificateAuthority) { try { cmsReq.getHttpResp().sendRedirect("/ca/adminEnroll.html"); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_REDIRECT_ADMIN_ENROLL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_REDIRECT_ADMIN_ENROLL", e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_REDIRECTING_ADMINENROLL1", - e.toString())); + e.toString())); } return; } else { try { renderTemplate( - cmsReq, mTemplateName, new IndexTemplateFiller()); + cmsReq, mTemplateName, new IndexTemplateFiller()); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_RENDER_TEMPLATE", mTemplateName, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_RENDER_TEMPLATE", mTemplateName, e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSG_ERROR_DISPLAY_TEMPLATE")); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java index 4c3dec80..6c84b88d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -34,7 +33,7 @@ import com.netscape.cmsutil.xml.XMLObject; /** * This servlet returns port information. - * + * * @version $Revision$, $Date$ */ public class PortsServlet extends CMSServlet { @@ -50,7 +49,7 @@ public class PortsServlet extends CMSServlet { public void init(ServletConfig sc) throws ServletException { super.init(sc); - // override these to output directly ourselves. + // override these to output directly ourselves. mTemplates.remove(CMSRequest.SUCCESS); mTemplates.remove(CMSRequest.ERROR); } @@ -67,10 +66,10 @@ public class PortsServlet extends CMSServlet { String port = null; if (secure.equals("true")) - port = CMS.getEESSLPort(); + port = CMS.getEESSLPort(); else port = CMS.getEENonSSLPort(); - + try { XMLObject xmlObj = null; xmlObj = new XMLObject(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java index 15bfb306..382d8821 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java @@ -2,7 +2,6 @@ package com.netscape.cms.servlet.base; - import java.io.IOException; import java.util.HashMap; import java.util.Iterator; @@ -21,34 +20,29 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; - /** * This is a servlet that proxies request to another servlet. - * - * SERVLET REDIRECTION - * Specify the URL of a servlet to forward the request to - * destServlet: /ee/ca/newservlet - * - * PARAMETER MAPPING - * In the servlet configuration (as an init-param in web.xml) you - * can optionally specify a value for the parameter 'parameterMap' - * which contains a list of HTTP parameters which should be - * translated to new names. * - * parameterMap: name1->newname1,name2->newname2 - * + * SERVLET REDIRECTION Specify the URL of a servlet to forward the request to + * destServlet: /ee/ca/newservlet + * + * PARAMETER MAPPING In the servlet configuration (as an init-param in web.xml) + * you can optionally specify a value for the parameter 'parameterMap' which + * contains a list of HTTP parameters which should be translated to new names. + * + * parameterMap: name1->newname1,name2->newname2 + * * Optionally, names can be set to static values: - * - * parameterMap: name1->name2=value - * - * Examples: - * Consider the following HTTP input parameters: - * vehicle:car make:ford model:explorer * - * The following config strings will have this effect: - * parameterMap: make->manufacturer,model->name=expedition,->suv=true - * output: vehicle:car manufactuer:ford model:expedition suv:true - * + * parameterMap: name1->name2=value + * + * Examples: Consider the following HTTP input parameters: vehicle:car make:ford + * model:explorer + * + * The following config strings will have this effect: parameterMap: + * make->manufacturer,model->name=expedition,->suv=true output: vehicle:car + * manufactuer:ford model:expedition suv:true + * * @version $Revision$, $Date$ */ public class ProxyServlet extends HttpServlet { @@ -64,40 +58,41 @@ public class ProxyServlet extends HttpServlet { private Vector mMatchStrings = new Vector(); private String mDestServletOnNoMatch = null; private String mAppendPathInfoOnNoMatch = null; - private Map mParamMap = new HashMap(); - private Map mParamValue = new HashMap(); + private Map mParamMap = new HashMap(); + private Map mParamValue = new HashMap(); public ProxyServlet() { } - private void parseParamTable(String s) { - if (s == null) return; - - String[] params = s.split(","); - for (int i=0;i<params.length;i++) { - String p = params[i]; - if (p != null) { - String[] paramNames = p.split("->"); - if (paramNames.length != 2) { - } - String from = paramNames[0]; - String to = paramNames[1]; - if (from != null && to != null) { - String[] splitTo = to.split("="); - String toName = splitTo[0]; - if (from.length() >0) { - mParamMap.put(from,toName); - } - if (splitTo.length == 2) { - String toValue = splitTo[1]; - String toValues[] = new String[1]; - toValues[0] = toValue; - mParamValue.put(toName,toValues); - } - } - } - } - } + private void parseParamTable(String s) { + if (s == null) + return; + + String[] params = s.split(","); + for (int i = 0; i < params.length; i++) { + String p = params[i]; + if (p != null) { + String[] paramNames = p.split("->"); + if (paramNames.length != 2) { + } + String from = paramNames[0]; + String to = paramNames[1]; + if (from != null && to != null) { + String[] splitTo = to.split("="); + String toName = splitTo[0]; + if (from.length() > 0) { + mParamMap.put(from, toName); + } + if (splitTo.length == 2) { + String toValue = splitTo[1]; + String toValues[] = new String[1]; + toValues[0] = toValue; + mParamValue.put(toName, toValues); + } + } + } + } + } public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -115,14 +110,13 @@ public class ProxyServlet extends HttpServlet { mAppendPathInfo = sc.getInitParameter("appendPathInfo"); mAppendPathInfoOnNoMatch = sc.getInitParameter("appendPathInfoOnNoMatch"); String map = sc.getInitParameter("parameterMap"); - if (map != null) { - parseParamTable(map); - } + if (map != null) { + parseParamTable(map); + } } public void service(HttpServletRequest req, HttpServletResponse res) throws - IOException, ServletException - { + IOException, ServletException { RequestDispatcher dispatcher = null; String dest = mDest; String uri = req.getRequestURI(); @@ -132,120 +126,118 @@ public class ProxyServlet extends HttpServlet { if (mMatchStrings.size() != 0) { boolean matched = false; for (int i = 0; i < mMatchStrings.size(); i++) { - String t = (String)mMatchStrings.elementAt(i); - if (uri.indexOf(t) != -1) { + String t = (String) mMatchStrings.elementAt(i); + if (uri.indexOf(t) != -1) { matched = true; } } if (!matched) { dest = mDestServletOnNoMatch; // append Path info for OCSP request in Get method - if (mAppendPathInfoOnNoMatch != null && - !mAppendPathInfoOnNoMatch.equals("")) { + if (mAppendPathInfoOnNoMatch != null && + !mAppendPathInfoOnNoMatch.equals("")) { dest = dest + uri.replace(mAppendPathInfoOnNoMatch, ""); } } } if (dest == null || dest.equals("")) { - // mapping everything - dest = uri; - dest = dest.replaceFirst(mSrcContext, ""); + // mapping everything + dest = uri; + dest = dest.replaceFirst(mSrcContext, ""); } if (mAppendPathInfo != null && !mAppendPathInfo.equals("")) { - dest = dest + uri.replace(mAppendPathInfo, ""); + dest = dest + uri.replace(mAppendPathInfo, ""); } if (mDestContext != null && !mDestContext.equals("")) { - dispatcher = getServletContext().getContext(mDestContext).getRequestDispatcher(dest); + dispatcher = getServletContext().getContext(mDestContext).getRequestDispatcher(dest); } else { - dispatcher = req.getRequestDispatcher(dest); + dispatcher = req.getRequestDispatcher(dest); } - // If a parameter map was specified - if (mParamMap != null && !mParamMap.isEmpty()) { - // Make a new wrapper with the new parameters - ProxyWrapper r = new ProxyWrapper(req); - r.setParameterMapAndValue(mParamMap,mParamValue); - req = r; - } - - dispatcher.forward(req, res); + // If a parameter map was specified + if (mParamMap != null && !mParamMap.isEmpty()) { + // Make a new wrapper with the new parameters + ProxyWrapper r = new ProxyWrapper(req); + r.setParameterMapAndValue(mParamMap, mParamValue); + req = r; + } + + dispatcher.forward(req, res); } } -class ProxyWrapper extends HttpServletRequestWrapper -{ - private Map mMap = null; - private Map mValueMap = null; - - public ProxyWrapper(HttpServletRequest req) - { - super(req); - } - - public void setParameterMapAndValue(Map m,Map v) - { - if (m != null) mMap = m; - if (v != null) mValueMap = v; - } - - public Map getParameterMap() - { - try { - // If we haven't specified any parameter mapping, just - // use the regular implementation - if (mMap == null) return super.getParameterMap(); - else { - // Make a new Map for us to put stuff in - Map n = new HashMap(); - // get the HTTP parameters the user supplied. - Map m = super.getParameterMap(); - Set s = m.entrySet(); - Iterator i = s.iterator(); - while (i.hasNext()) { - Map.Entry me = (Map.Entry) i.next(); - String name = (String) me.getKey(); - String[] values = (String[])(me.getValue()); - String newname = null; - if (name != null) { - newname = (String) mMap.get(name); - } - - // No mapping specified, just use existing name/value - if (newname == null || mValueMap == null) { - n.put(name,values); - } else { // new name specified - Object o = mValueMap.get(newname); - // check if new (static) value specified - if (o==null) { - n.put(newname,values); - } else { - String newvalues[] = (String[])mValueMap.get(newname); - n.put(newname,newvalues); - } - } - } - // Now, deal with static values set in the config - // which weren't set in the HTTP request - Set s2 = mValueMap.entrySet(); - Iterator i2 = s2.iterator(); - // Cycle through all the static values - while (i2.hasNext()) { - Map.Entry me2 = (Map.Entry) i2.next(); - String name2 = (String) me2.getKey(); - if (n.get(name2) == null) { - String[] values2 = (String[])me2.getValue(); - // If the parameter is not set in the map - // Set it now - n.put(name2,values2); - } - } - - return n; - } - } catch (NullPointerException npe) { - CMS.debug(npe); - return null; - } - } -} +class ProxyWrapper extends HttpServletRequestWrapper { + private Map mMap = null; + private Map mValueMap = null; + + public ProxyWrapper(HttpServletRequest req) { + super(req); + } + + public void setParameterMapAndValue(Map m, Map v) { + if (m != null) + mMap = m; + if (v != null) + mValueMap = v; + } + public Map getParameterMap() { + try { + // If we haven't specified any parameter mapping, just + // use the regular implementation + if (mMap == null) + return super.getParameterMap(); + else { + // Make a new Map for us to put stuff in + Map n = new HashMap(); + // get the HTTP parameters the user supplied. + Map m = super.getParameterMap(); + Set s = m.entrySet(); + Iterator i = s.iterator(); + while (i.hasNext()) { + Map.Entry me = (Map.Entry) i.next(); + String name = (String) me.getKey(); + String[] values = (String[]) (me.getValue()); + String newname = null; + if (name != null) { + newname = (String) mMap.get(name); + } + + // No mapping specified, just use existing name/value + if (newname == null || mValueMap == null) { + n.put(name, values); + } else { // new name specified + Object o = mValueMap.get(newname); + // check if new (static) value specified + if (o == null) { + n.put(newname, values); + } else { + String newvalues[] = (String[]) mValueMap.get(newname); + n.put(newname, newvalues); + } + } + } + // Now, deal with static values set in the config + // which weren't set in the HTTP request + Set s2 = mValueMap.entrySet(); + Iterator i2 = s2.iterator(); + // Cycle through all the static values + while (i2.hasNext()) { + Map.Entry me2 = (Map.Entry) i2.next(); + String name2 = (String) me2.getKey(); + if (n.get(name2) == null) { + String[] values2 = (String[]) me2.getValue(); + // If the parameter is not set in the map + // Set it now + n.put(name2, values2); + } + } + + return n; + } + } catch (NullPointerException npe) { + CMS.debug(npe); + return null; + } + } +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java index 5daac065..a708483f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.IOException; import java.util.Date; @@ -30,15 +29,14 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; /** - * Displays detailed information about java VM internals, including - * current JVM memory usage, and detailed information about each - * thread. + * Displays detailed information about java VM internals, including current JVM + * memory usage, and detailed information about each thread. * <p> * Also allows user to trigger a new garbage collection - * + * * @version $Revision$, $Date$ */ -public class SystemInfoServlet extends HttpServlet { +public class SystemInfoServlet extends HttpServlet { /** * @@ -53,21 +51,24 @@ public class SystemInfoServlet extends HttpServlet { } /** - * service the request, returning HTML to the client. - * This method has different behaviour depending on the - * value of the 'op' HTTP parameter. + * service the request, returning HTML to the client. This method has + * different behaviour depending on the value of the 'op' HTTP parameter. * <UL> - * <LI>op = <i>undefined</i> - display a menu with links to the other functionality of this servlet - * <li>op = gc - tell the JVM that we want to do a garbage collection and to run finalizers - * (@see java.lang.Runtime.getRuntime#gc() ) - * <li>op = general - display information about memory, and other JVM informatino - * <li>op = thread - display details about each thread. + * <LI>op = <i>undefined</i> - display a menu with links to the other + * functionality of this servlet + * <li>op = gc - tell the JVM that we want to do a garbage collection and to + * run finalizers (@see java.lang.Runtime.getRuntime#gc() ) + * <li>op = general - display information about memory, and other JVM + * informatino + * <li>op = thread - display details about each thread. * </UL> - * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse) + * + * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, + * HttpServletResponse) */ - public void service(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + public void service(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { boolean collect = false; String op = request.getParameter("op"); @@ -83,9 +84,9 @@ public class SystemInfoServlet extends HttpServlet { } } - private void mainMenu(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + private void mainMenu(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { response.getWriter().println("<HTML>"); response.getWriter().println("<H1>"); response.getWriter().println("<a href=" + request.getServletPath() + ">"); @@ -122,9 +123,9 @@ public class SystemInfoServlet extends HttpServlet { response.getWriter().println("</HTML>"); } - private void gc(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + private void gc(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { java.lang.Runtime.getRuntime().gc(); java.lang.Runtime.getRuntime().runFinalization(); response.getWriter().println("<HTML>"); @@ -140,9 +141,9 @@ public class SystemInfoServlet extends HttpServlet { response.getWriter().println("</HTML>"); } - private void general(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + private void general(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { response.getWriter().println("<HTML>"); response.getWriter().println("<H1>"); response.getWriter().println("<a href=" + request.getServletPath() + ">"); @@ -221,9 +222,9 @@ public class SystemInfoServlet extends HttpServlet { response.getWriter().println("</HTML>"); } - private void thread(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + private void thread(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { response.getWriter().println("</table>"); response.getWriter().println("<HTML>"); response.getWriter().println("<H1>"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java b/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java index 02ab5b52..ca829561 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java @@ -17,11 +17,10 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - /** - * This class represents information about the client e.g. version, - * langauge, vendor. - * + * This class represents information about the client e.g. version, langauge, + * vendor. + * * @version $Revision$, $Date$ */ public class UserInfo { @@ -36,7 +35,7 @@ public class UserInfo { /** * Returns the user language. - * + * * @param s user language info from the browser * @return user language */ @@ -53,7 +52,7 @@ public class UserInfo { /** * Returns the user country. - * + * * @param s user language info from the browser * @return user country */ @@ -67,10 +66,10 @@ public class UserInfo { } return ""; } - + /** * Returns the users agent. - * + * * @param s user language info from the browser * @return user agent */ @@ -79,7 +78,7 @@ public class UserInfo { if (s.indexOf(MSIE) != -1) { return MSIE; } - + // Check for Netscape i.e. Mozilla if (s.indexOf(MOZILLA) != -1) { return MOZILLA; @@ -87,5 +86,5 @@ public class UserInfo { // Don't know agent. Return empty string. return ""; - } + } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java index 15d069e3..8b912032 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateException; @@ -67,10 +66,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Revoke a certificate with a CMC-formatted revocation request - * + * * @version $Revision$, $Date$ */ public class CMCRevReqServlet extends CMSServlet { @@ -83,7 +81,7 @@ public class CMCRevReqServlet extends CMSServlet { // revocation templates. private final static String TPL_FILE = "revocationResult.template"; public static final String CRED_CMC = "cmcRequest"; - + private ICertificateRepository mCertDB = null; private String mFormPath = null; private IRequestQueue mQueue = null; @@ -92,29 +90,28 @@ public class CMCRevReqServlet extends CMSServlet { private final static String REVOKE = "revoke"; private final static String ON_HOLD = "on-hold"; private final static int ON_HOLD_REASON = 6; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; - - // http params + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + + // http params public static final String SERIAL_NO = TOKEN_CERT_SERIAL; public static final String REASON_CODE = "reasonCode"; public static final String CHALLENGE_PHRASE = "challengePhrase"; // request attributes public static final String SERIALNO_ARRAY = "serialNoArray"; - + public CMCRevReqServlet() { super(); } - /** + /** * initialize the servlet. - * @param sc servlet configuration, read from the web.xml file - */ + * + * @param sc servlet configuration, read from the web.xml file + */ public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -136,26 +133,26 @@ public class CMCRevReqServlet extends CMSServlet { mFormPath = mOutputTemplatePath; } - - /** - * Process the HTTP request. - * - * <ul> - * <li>http.param cmcRequest the base-64 encoded CMC request - * </ul> - * @param cmsReq the object holding the request and response information + /** + * Process the HTTP request. + * + * <ul> + * <li>http.param cmcRequest the base-64 encoded CMC request + * </ul> + * + * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { String cmcAgentSerialNumber = null; IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - + HttpServletResponse resp = cmsReq.getHttpResp(); + CMSTemplate form = null; Locale[] locale = new Locale[1]; -CMS.debug("**** mFormPath = "+mFormPath); + CMS.debug("**** mFormPath = " + mFormPath); try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { @@ -167,12 +164,11 @@ CMS.debug("**** mFormPath = "+mFormPath); IArgBlock header = CMS.createArgBlock(); IArgBlock ctx = CMS.createArgBlock(); CMSTemplateParams argSet = new CMSTemplateParams(header, ctx); - String cmc = (String) httpParams.get(CRED_CMC); if (cmc == null) { throw new EMissingCredential( - CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC)); + CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC)); } IAuthToken authToken = authenticate(cmsReq); @@ -189,10 +185,10 @@ CMS.debug("**** mFormPath = "+mFormPath); return; } - //IAuthToken authToken = getAuthToken(cmsReq); - //Object subject = authToken.get(CMCAuth.TOKEN_CERT_SERIAL); - //Object uid = authToken.get("uid"); - //=========================== + // IAuthToken authToken = getAuthToken(cmsReq); + // Object subject = authToken.get(CMCAuth.TOKEN_CERT_SERIAL); + // Object uid = authToken.get("uid"); + // =========================== String authMgr = AuditFormat.NOAUTH; BigInteger[] serialNoArray = null; @@ -200,8 +196,8 @@ CMS.debug("**** mFormPath = "+mFormPath); serialNoArray = authToken.getInBigIntegerArray(TOKEN_CERT_SERIAL); } - Integer reasonCode = Integer.valueOf(0); - if (authToken != null) { + Integer reasonCode = Integer.valueOf(0); + if (authToken != null) { reasonCode = authToken.getInInteger(REASON_CODE); } RevocationReason reason = RevocationReason.fromInt(reasonCode.intValue()); @@ -211,15 +207,15 @@ CMS.debug("**** mFormPath = "+mFormPath); String revokeAll = null; int verifiedRecordCount = 0; int totalRecordCount = 0; - + if (serialNoArray != null) { totalRecordCount = serialNoArray.length; verifiedRecordCount = serialNoArray.length; } - + X509CertImpl[] certs = null; - //for audit log. + // for audit log. String initiative = null; if (mAuthMgr != null && mAuthMgr.equals("CMCAuth")) { @@ -247,7 +243,7 @@ CMS.debug("**** mFormPath = "+mFormPath); IRequest getCertsChallengeReq = null; getCertsChallengeReq = mQueue.newRequest( - GETCERTS_FOR_CHALLENGE_REQUEST); + GETCERTS_FOR_CHALLENGE_REQUEST); getCertsChallengeReq.setExtData(SERIALNO_ARRAY, serialNoArray); mQueue.processRequest(getCertsChallengeReq); RequestStatus status = getCertsChallengeReq.getRequestStatus(); @@ -257,7 +253,7 @@ CMS.debug("**** mFormPath = "+mFormPath); header.addStringValue("request", getCertsChallengeReq.getRequestId().toString()); mRequestID = getCertsChallengeReq.getRequestId().toString(); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD")); } } @@ -268,22 +264,22 @@ CMS.debug("**** mFormPath = "+mFormPath); IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - serialNoArray[i], 16); + serialNoArray[i], 16); rarg.addStringValue("subject", - certs[i].getSubjectDN().toString()); + certs[i].getSubjectDN().toString()); rarg.addLongValue("validNotBefore", - certs[i].getNotBefore().getTime() / 1000); + certs[i].getNotBefore().getTime() / 1000); rarg.addLongValue("validNotAfter", - certs[i].getNotAfter().getTime() / 1000); - //argSet.addRepeatRecord(rarg); + certs[i].getNotAfter().getTime() / 1000); + // argSet.addRepeatRecord(rarg); } revokeAll = "(|(certRecordId=" + serialNoArray[0].toString() + "))"; - cmcAgentSerialNumber= authToken.getInString(IAuthManager.CRED_SSL_CLIENT_CERT); + cmcAgentSerialNumber = authToken.getInString(IAuthManager.CRED_SSL_CLIENT_CERT); process(argSet, header, reasonCode.intValue(), invalidityDate, initiative, req, resp, - verifiedRecordCount, revokeAll, totalRecordCount, - comments, locale[0],cmcAgentSerialNumber); - + verifiedRecordCount, revokeAll, totalRecordCount, + comments, locale[0], cmcAgentSerialNumber); + } else { header.addIntegerValue("totalRecordCount", 0); header.addIntegerValue("verifiedRecordCount", 0); @@ -292,7 +288,7 @@ CMS.debug("**** mFormPath = "+mFormPath); try { ServletOutputStream out = resp.getOutputStream(); - if ((serialNoArray== null) || (serialNoArray.length == 0)) { + if ((serialNoArray == null) || (serialNoArray.length == 0)) { cmsReq.setStatus(CMSRequest.ERROR); EBaseException ee = new EBaseException("No matched certificate is found"); @@ -300,16 +296,16 @@ CMS.debug("**** mFormPath = "+mFormPath); } else { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } @@ -318,56 +314,57 @@ CMS.debug("**** mFormPath = "+mFormPath); * Process cert status change request using the Certificate Management * protocol using CMS (CMC) * <P> - * + * * (Certificate Request - an "EE" cert status change request) * <P> - * + * * (Certificate Request Processed - an "EE" cert status change request) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when - * a cert status change request (e. g. - "revocation") is made (before + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used + * when a cert status change request (e. g. - "revocation") is made (before * approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED - * used when a certificate status is changed (revoked, expired, on-hold, - * off-hold) + * <li>signed.audit + * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a + * certificate status is changed (revoked, expired, on-hold, off-hold) * </ul> + * * @param argSet CMS template parameters * @param header argument block - * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, - * 2 - CA key compromised; should not be used, 3 - Affiliation changed, - * 4 - Certificate superceded, 5 - Cessation of operation, or - * 6 - Certificate is on hold) + * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, 2 + * - CA key compromised; should not be used, 3 - Affiliation + * changed, 4 - Certificate superceded, 5 - Cessation of + * operation, or 6 - Certificate is on hold) * @param invalidityDate certificate validity date * @param initiative string containing the audit format * @param req HTTP servlet request * @param resp HTTP servlet response * @param verifiedRecordCount number of verified records - * @param revokeAll string containing information on all of the - * certificates to be revoked + * @param revokeAll string containing information on all of the certificates + * to be revoked * @param totalRecordCount total number of records (verified and unverified) * @param comments string containing certificate comments * @param locale the system locale * @exception EBaseException an error has occurred */ private void process(CMSTemplateParams argSet, IArgBlock header, - int reason, Date invalidityDate, - String initiative, - HttpServletRequest req, - HttpServletResponse resp, - int verifiedRecordCount, - String revokeAll, - int totalRecordCount, - String comments, - Locale locale,String cmcAgentSerialNumber) - throws EBaseException { + int reason, Date invalidityDate, + String initiative, + HttpServletRequest req, + HttpServletResponse resp, + int verifiedRecordCount, + String revokeAll, + int totalRecordCount, + String comments, + Locale locale, String cmcAgentSerialNumber) + throws EBaseException { String eeSerialNumber = null; - if(cmcAgentSerialNumber!=null) { + if (cmcAgentSerialNumber != null) { eeSerialNumber = cmcAgentSerialNumber; - }else{ - X509CertImpl sslCert = ( X509CertImpl ) getSSLClientCertificate( req ); - if( sslCert != null ) { + } else { + X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req); + if (sslCert != null) { eeSerialNumber = sslCert.getSerialNumber().toString(); } } @@ -375,11 +372,11 @@ CMS.debug("**** mFormPath = "+mFormPath); boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); - String auditRequesterID = auditRequesterID( req ); - String auditSerialNumber = auditSerialNumber( eeSerialNumber ); - String auditRequestType = auditRequestType( reason ); + String auditRequesterID = auditRequesterID(req); + String auditSerialNumber = auditSerialNumber(eeSerialNumber); + String auditRequestType = auditRequestType(reason); String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE; - String auditReasonNum = String.valueOf( reason ); + String auditReasonNum = String.valueOf(reason); try { int count = 0; @@ -418,18 +415,18 @@ CMS.debug("**** mFormPath = "+mFormPath); IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); + cert.getSerialNumber(), 16); if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { rarg.addStringValue("error", "Certificate " + - cert.getSerialNumber().toString() + - " is already revoked."); + cert.getSerialNumber().toString() + + " is already revoked."); } else { oldCertsV.addElement(cert); RevokedCertImpl revCertImpl = - new RevokedCertImpl(cert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(cert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -441,14 +438,12 @@ CMS.debug("**** mFormPath = "+mFormPath); } else if (mAuthority instanceof IRegistrationAuthority) { String reqIdStr = null; - if (mRequestID != null && mRequestID.length() > 0) + if (mRequestID != null && mRequestID.length() > 0) reqIdStr = mRequestID; Vector<String> serialNumbers = new Vector<String>(); if (revokeAll != null && revokeAll.length() > 0) { - for (int i = revokeAll.indexOf('='); - i < revokeAll.length() && i > -1; - i = revokeAll.indexOf('=', i)) { + for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll.indexOf('=', i)) { if (i > -1) { i++; while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') { @@ -457,8 +452,8 @@ CMS.debug("**** mFormPath = "+mFormPath); String legalDigits = "0123456789"; int j = i; - while (j < revokeAll.length() && - legalDigits.indexOf(revokeAll.charAt(j)) != -1) { + while (j < revokeAll.length() && + legalDigits.indexOf(revokeAll.charAt(j)) != -1) { j++; } if (j > i) { @@ -485,12 +480,12 @@ CMS.debug("**** mFormPath = "+mFormPath); IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - certs[i].getSerialNumber(), 16); + certs[i].getSerialNumber(), 16); oldCertsV.addElement(certs[i]); RevokedCertImpl revCertImpl = - new RevokedCertImpl(certs[i].getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(certs[i].getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -507,12 +502,12 @@ CMS.debug("**** mFormPath = "+mFormPath); IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); + cert.getSerialNumber(), 16); oldCertsV.addElement(cert); RevokedCertImpl revCertImpl = - new RevokedCertImpl(cert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(cert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -533,7 +528,7 @@ CMS.debug("**** mFormPath = "+mFormPath); } IRequest revReq = - mQueue.newRequest(IRequest.REVOCATION_REQUEST); + mQueue.newRequest(IRequest.REVOCATION_REQUEST); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -573,29 +568,29 @@ CMS.debug("**** mFormPath = "+mFormPath); if (result.equals(IRequest.RES_ERROR)) { String[] svcErrors = - revReq.getExtDataInStringArray(IRequest.SVCERRORS); + revReq.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - //cmsReq.setErrorDescription(err); + // cmsReq.setErrorDescription(err); for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed with error: " + - err, - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed with error: " + + err, + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -608,23 +603,23 @@ CMS.debug("**** mFormPath = "+mFormPath); for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed", - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed", + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } header.addStringValue("revoked", "yes"); Integer updateCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { header.addStringValue("updateCRL", "yes"); @@ -633,15 +628,15 @@ CMS.debug("**** mFormPath = "+mFormPath); } else { header.addStringValue("updateCRLSuccess", "no"); String crlError = - revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); + revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); if (crlError != null) header.addStringValue("updateCRLError", - crlError); + crlError); } // let known crl publishing status too. Integer publishCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (publishCRLResult.equals(IRequest.RES_SUCCESS)) { @@ -649,22 +644,22 @@ CMS.debug("**** mFormPath = "+mFormPath); } else { header.addStringValue("publishCRLSuccess", "no"); String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) header.addStringValue("publishCRLError", - publError); + publError); } } } if (mAuthority instanceof ICertificateAuthority) { // let known update and publish status of all crls. Enumeration<ICRLIssuingPoint> otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) @@ -674,25 +669,25 @@ CMS.debug("**** mFormPath = "+mFormPath); if (updateResult != null) { if (updateResult.equals(IRequest.RES_SUCCESS)) { - CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", + CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", updateStatusStr)); header.addStringValue(updateStatusStr, "yes"); } else { String updateErrorStr = crl.getCrlUpdateErrorStr(); - CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", + CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", updateStatusStr)); header.addStringValue(updateStatusStr, "no"); String error = - revReq.getExtDataInString(updateErrorStr); + revReq.getExtDataInString(updateErrorStr); if (error != null) header.addStringValue(updateErrorStr, - error); + error); } String publishStatusStr = crl.getCrlPublishStatusStr(); Integer publishResult = - revReq.getExtDataInInteger(publishStatusStr); + revReq.getExtDataInInteger(publishStatusStr); if (publishResult == null) continue; @@ -700,15 +695,15 @@ CMS.debug("**** mFormPath = "+mFormPath); header.addStringValue(publishStatusStr, "yes"); } else { String publishErrorStr = - crl.getCrlPublishErrorStr(); + crl.getCrlPublishErrorStr(); header.addStringValue(publishStatusStr, "no"); String error = - revReq.getExtDataInString(publishErrorStr); + revReq.getExtDataInString(publishErrorStr); if (error != null) header.addStringValue( - publishErrorStr, error); + publishErrorStr, error); } } } @@ -717,7 +712,7 @@ CMS.debug("**** mFormPath = "+mFormPath); if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); Integer[] ldapPublishStatus = - revReq.getExtDataInIntegerArray("ldapPublishStatus"); + revReq.getExtDataInIntegerArray("ldapPublishStatus"); int certsToUpdate = 0; int certsUpdated = 0; @@ -734,11 +729,11 @@ CMS.debug("**** mFormPath = "+mFormPath); // add crl publishing status. String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { header.addStringValue("crlPublishError", - publError); + publError); } } else { header.addStringValue("dirEnabled", "no"); @@ -752,16 +747,16 @@ CMS.debug("**** mFormPath = "+mFormPath); for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "pending", - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "pending", + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } @@ -771,7 +766,8 @@ CMS.debug("**** mFormPath = "+mFormPath); if (errors != null && errors.size() > 0) { for (int ii = 0; ii < errors.size(); ii++) { - errorStr.append(errors.elementAt(ii));; + errorStr.append(errors.elementAt(ii)); + ; } } header.addStringValue("error", errorStr.toString()); @@ -780,16 +776,16 @@ CMS.debug("**** mFormPath = "+mFormPath); for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - stat.toString(), - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + stat.toString(), + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -798,17 +794,17 @@ CMS.debug("**** mFormPath = "+mFormPath); // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -818,12 +814,12 @@ CMS.debug("**** mFormPath = "+mFormPath); // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -832,11 +828,10 @@ CMS.debug("**** mFormPath = "+mFormPath); // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) - { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, ILogger.FAILURE, auditRequesterID, @@ -857,12 +852,12 @@ CMS.debug("**** mFormPath = "+mFormPath); // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -871,18 +866,17 @@ CMS.debug("**** mFormPath = "+mFormPath); // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) - { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -891,18 +885,18 @@ CMS.debug("**** mFormPath = "+mFormPath); throw e; } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString())); if (auditRequest) { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -911,18 +905,17 @@ CMS.debug("**** mFormPath = "+mFormPath); // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) - { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -934,12 +927,12 @@ CMS.debug("**** mFormPath = "+mFormPath); // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -948,18 +941,17 @@ CMS.debug("**** mFormPath = "+mFormPath); // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) - { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -973,11 +965,11 @@ CMS.debug("**** mFormPath = "+mFormPath); /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -1003,11 +995,11 @@ CMS.debug("**** mFormPath = "+mFormPath); /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -1026,7 +1018,7 @@ CMS.debug("**** mFormPath = "+mFormPath); // convert it to hexadecimal serialNumber = "0x" + Integer.toHexString( - Integer.valueOf(serialNumber).intValue()); + Integer.valueOf(serialNumber).intValue()); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -1036,11 +1028,11 @@ CMS.debug("**** mFormPath = "+mFormPath); /** * Signed Audit Log Request Type - * - * This method is called to obtain the "Request Type" for - * a signed audit log message. + * + * This method is called to obtain the "Request Type" for a signed audit log + * message. * <P> - * + * * @param reason an integer denoting the revocation reason * @return string containing REVOKE or ON_HOLD */ @@ -1062,4 +1054,3 @@ CMS.debug("**** mFormPath = "+mFormPath); return requestType; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java index 181e6e9c..f467652c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateException; @@ -66,11 +65,11 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Takes the certificate info (serial number) and optional challenge phrase, creates a - * revocation request and submits it to the authority subsystem for processing - * + * Takes the certificate info (serial number) and optional challenge phrase, + * creates a revocation request and submits it to the authority subsystem for + * processing + * * @version $Revision$, $Date$ */ public class ChallengeRevocationServlet1 extends CMSServlet { @@ -89,7 +88,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet { private IPublisherProcessor mPublisherProcessor = null; private String mRequestID = null; - // http params + // http params public static final String SERIAL_NO = TOKEN_CERT_SERIAL; public static final String REASON_CODE = "reasonCode"; public static final String CHALLENGE_PHRASE = "challengePhrase"; @@ -102,10 +101,10 @@ public class ChallengeRevocationServlet1 extends CMSServlet { } /** - * Initialize the servlet. This servlet uses the file - * revocationResult.template for the response - * - * @param sc servlet configuration, read from the web.xml file + * Initialize the servlet. This servlet uses the file + * revocationResult.template for the response + * + * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -125,17 +124,17 @@ public class ChallengeRevocationServlet1 extends CMSServlet { mQueue = mAuthority.getRequestQueue(); } - /** - * Process the HTTP request. + /** + * Process the HTTP request. * <ul> * <li>http.param REASON_CODE the revocation reason - * <li>http.param b64eCertificate the base-64 encoded certificate to revoke + * <li>http.param b64eCertificate the base-64 encoded certificate to revoke * </ul> - * + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); @@ -159,27 +158,27 @@ public class ChallengeRevocationServlet1 extends CMSServlet { // for audit log IAuthToken authToken = authenticate(cmsReq); String authMgr = AuditFormat.NOAUTH; - + BigInteger[] serialNoArray = null; if (authToken != null) { serialNoArray = authToken.getInBigIntegerArray(SERIAL_NO); } // set revocation reason, default to unspecified if not set. - int reasonCode = - httpParams.getValueAsInt(REASON_CODE, 0); - // header.addIntegerValue("reason", reasonCode); + int reasonCode = + httpParams.getValueAsInt(REASON_CODE, 0); + // header.addIntegerValue("reason", reasonCode); RevocationReason reason = RevocationReason.fromInt(reasonCode); String comments = req.getParameter(IRequest.REQUESTOR_COMMENTS); Date invalidityDate = null; String revokeAll = null; - int totalRecordCount = (serialNoArray != null)? serialNoArray.length:0; - int verifiedRecordCount = (serialNoArray != null)? serialNoArray.length:0; + int totalRecordCount = (serialNoArray != null) ? serialNoArray.length : 0; + int verifiedRecordCount = (serialNoArray != null) ? serialNoArray.length : 0; X509CertImpl[] certs = null; - //for audit log. + // for audit log. String initiative = null; if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { @@ -198,11 +197,11 @@ public class ChallengeRevocationServlet1 extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "revoke"); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -222,7 +221,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet { IRequest getCertsChallengeReq = null; getCertsChallengeReq = mQueue.newRequest( - GETCERTS_FOR_CHALLENGE_REQUEST); + GETCERTS_FOR_CHALLENGE_REQUEST); getCertsChallengeReq.setExtData(SERIALNO_ARRAY, serialNoArray); mQueue.processRequest(getCertsChallengeReq); RequestStatus status = getCertsChallengeReq.getRequestStatus(); @@ -232,7 +231,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet { header.addStringValue("request", getCertsChallengeReq.getRequestId().toString()); mRequestID = getCertsChallengeReq.getRequestId().toString(); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD")); } } @@ -243,20 +242,20 @@ public class ChallengeRevocationServlet1 extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - serialNoArray[i], 16); + serialNoArray[i], 16); rarg.addStringValue("subject", - certs[i].getSubjectDN().toString()); + certs[i].getSubjectDN().toString()); rarg.addLongValue("validNotBefore", - certs[i].getNotBefore().getTime() / 1000); + certs[i].getNotBefore().getTime() / 1000); rarg.addLongValue("validNotAfter", - certs[i].getNotAfter().getTime() / 1000); - //argSet.addRepeatRecord(rarg); + certs[i].getNotAfter().getTime() / 1000); + // argSet.addRepeatRecord(rarg); } revokeAll = "(|(certRecordId=" + serialNoArray[0].toString() + "))"; process(argSet, header, reasonCode, invalidityDate, initiative, req, resp, - verifiedRecordCount, revokeAll, totalRecordCount, - comments, locale[0]); + verifiedRecordCount, revokeAll, totalRecordCount, + comments, locale[0]); } else { header.addIntegerValue("totalRecordCount", 0); header.addIntegerValue("verifiedRecordCount", 0); @@ -265,10 +264,10 @@ public class ChallengeRevocationServlet1 extends CMSServlet { try { ServletOutputStream out = resp.getOutputStream(); - if( serialNoArray == null ) { - CMS.debug( "ChallengeRevcationServlet1::process() - " + - " serialNoArray is null!" ); - EBaseException ee = new EBaseException( "No matched certificate is found" ); + if (serialNoArray == null) { + CMS.debug("ChallengeRevcationServlet1::process() - " + + " serialNoArray is null!"); + EBaseException ee = new EBaseException("No matched certificate is found"); cmsReq.setError(ee); return; @@ -282,31 +281,31 @@ public class ChallengeRevocationServlet1 extends CMSServlet { } else { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } private void process(CMSTemplateParams argSet, IArgBlock header, - int reason, Date invalidityDate, - String initiative, - HttpServletRequest req, - HttpServletResponse resp, - int verifiedRecordCount, - String revokeAll, - int totalRecordCount, - String comments, - Locale locale) - throws EBaseException { + int reason, Date invalidityDate, + String initiative, + HttpServletRequest req, + HttpServletResponse resp, + int verifiedRecordCount, + String revokeAll, + int totalRecordCount, + String comments, + Locale locale) + throws EBaseException { try { int count = 0; Vector<X509CertImpl> oldCertsV = new Vector<X509CertImpl>(); @@ -344,18 +343,18 @@ public class ChallengeRevocationServlet1 extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); + cert.getSerialNumber(), 16); if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { rarg.addStringValue("error", "Certificate " + - cert.getSerialNumber().toString() + - " is already revoked."); + cert.getSerialNumber().toString() + + " is already revoked."); } else { oldCertsV.addElement(cert); RevokedCertImpl revCertImpl = - new RevokedCertImpl(cert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(cert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -367,14 +366,12 @@ public class ChallengeRevocationServlet1 extends CMSServlet { } else if (mAuthority instanceof IRegistrationAuthority) { String reqIdStr = null; - if (mRequestID != null && mRequestID.length() > 0) + if (mRequestID != null && mRequestID.length() > 0) reqIdStr = mRequestID; Vector<String> serialNumbers = new Vector<String>(); if (revokeAll != null && revokeAll.length() > 0) { - for (int i = revokeAll.indexOf('='); - i < revokeAll.length() && i > -1; - i = revokeAll.indexOf('=', i)) { + for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll.indexOf('=', i)) { if (i > -1) { i++; while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') { @@ -383,8 +380,8 @@ public class ChallengeRevocationServlet1 extends CMSServlet { String legalDigits = "0123456789"; int j = i; - while (j < revokeAll.length() && - legalDigits.indexOf(revokeAll.charAt(j)) != -1) { + while (j < revokeAll.length() && + legalDigits.indexOf(revokeAll.charAt(j)) != -1) { j++; } if (j > i) { @@ -411,12 +408,12 @@ public class ChallengeRevocationServlet1 extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - certs[i].getSerialNumber(), 16); + certs[i].getSerialNumber(), 16); oldCertsV.addElement(certs[i]); RevokedCertImpl revCertImpl = - new RevokedCertImpl(certs[i].getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(certs[i].getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -433,12 +430,12 @@ public class ChallengeRevocationServlet1 extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); + cert.getSerialNumber(), 16); oldCertsV.addElement(cert); RevokedCertImpl revCertImpl = - new RevokedCertImpl(cert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(cert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -459,7 +456,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet { } IRequest revReq = - mQueue.newRequest(IRequest.REVOCATION_REQUEST); + mQueue.newRequest(IRequest.REVOCATION_REQUEST); revReq.setExtData(IRequest.CERT_INFO, revCertImpls); revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST); @@ -479,29 +476,29 @@ public class ChallengeRevocationServlet1 extends CMSServlet { if (result.equals(IRequest.RES_ERROR)) { String[] svcErrors = - revReq.getExtDataInStringArray(IRequest.SVCERRORS); + revReq.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - //cmsReq.setErrorDescription(err); + // cmsReq.setErrorDescription(err); for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed with error: " + - err, - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed with error: " + + err, + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -514,23 +511,23 @@ public class ChallengeRevocationServlet1 extends CMSServlet { for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed", - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed", + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } header.addStringValue("revoked", "yes"); Integer updateCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { header.addStringValue("updateCRL", "yes"); @@ -539,15 +536,15 @@ public class ChallengeRevocationServlet1 extends CMSServlet { } else { header.addStringValue("updateCRLSuccess", "no"); String crlError = - revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); + revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); if (crlError != null) header.addStringValue("updateCRLError", - crlError); + crlError); } // let known crl publishing status too. Integer publishCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (publishCRLResult.equals(IRequest.RES_SUCCESS)) { @@ -555,22 +552,22 @@ public class ChallengeRevocationServlet1 extends CMSServlet { } else { header.addStringValue("publishCRLSuccess", "no"); String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) header.addStringValue("publishCRLError", - publError); + publError); } } } if (mAuthority instanceof ICertificateAuthority) { // let known update and publish status of all crls. Enumeration<ICRLIssuingPoint> otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) @@ -580,25 +577,25 @@ public class ChallengeRevocationServlet1 extends CMSServlet { if (updateResult != null) { if (updateResult.equals(IRequest.RES_SUCCESS)) { - CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", + CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", updateStatusStr)); header.addStringValue(updateStatusStr, "yes"); } else { String updateErrorStr = crl.getCrlUpdateErrorStr(); - CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", + CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", updateStatusStr)); header.addStringValue(updateStatusStr, "no"); String error = - revReq.getExtDataInString(updateErrorStr); + revReq.getExtDataInString(updateErrorStr); if (error != null) header.addStringValue(updateErrorStr, - error); + error); } String publishStatusStr = crl.getCrlPublishStatusStr(); Integer publishResult = - revReq.getExtDataInInteger(publishStatusStr); + revReq.getExtDataInInteger(publishStatusStr); if (publishResult == null) continue; @@ -606,15 +603,15 @@ public class ChallengeRevocationServlet1 extends CMSServlet { header.addStringValue(publishStatusStr, "yes"); } else { String publishErrorStr = - crl.getCrlPublishErrorStr(); + crl.getCrlPublishErrorStr(); header.addStringValue(publishStatusStr, "no"); String error = - revReq.getExtDataInString(publishErrorStr); + revReq.getExtDataInString(publishErrorStr); if (error != null) header.addStringValue( - publishErrorStr, error); + publishErrorStr, error); } } } @@ -623,7 +620,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet { if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); Integer[] ldapPublishStatus = - revReq.getExtDataInIntegerArray("ldapPublishStatus"); + revReq.getExtDataInIntegerArray("ldapPublishStatus"); int certsToUpdate = 0; int certsUpdated = 0; @@ -640,11 +637,11 @@ public class ChallengeRevocationServlet1 extends CMSServlet { // add crl publishing status. String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { header.addStringValue("crlPublishError", - publError); + publError); } } else { header.addStringValue("dirEnabled", "no"); @@ -658,16 +655,16 @@ public class ChallengeRevocationServlet1 extends CMSServlet { for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "pending", - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "pending", + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } @@ -686,16 +683,16 @@ public class ChallengeRevocationServlet1 extends CMSServlet { for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - stat.toString(), - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + stat.toString(), + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -706,7 +703,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet { throw e; } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); } catch (Exception e) { e.printStackTrace(); @@ -715,4 +712,3 @@ public class ChallengeRevocationServlet1 extends CMSServlet { return; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java b/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java index b3693a53..fb531759 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Locale; @@ -39,12 +38,11 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Redirect a request to the Master. This servlet is used in - * a clone when a requested service (such as CRL) is not available. - * It redirects the user to the master. - * + * Redirect a request to the Master. This servlet is used in a clone when a + * requested service (such as CRL) is not available. It redirects the user to + * the master. + * * @version $Revision$, $Date$ */ public class CloneRedirect extends CMSServlet { @@ -71,7 +69,8 @@ public class CloneRedirect extends CMSServlet { /** * Initialize the servlet. - * @param sc servlet configuration, read from the web.xml file + * + * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -93,8 +92,8 @@ public class CloneRedirect extends CMSServlet { if (mAuthority instanceof ICertificateAuthority) mCA = (ICertificateAuthority) mAuthority; - - // override success to do output with our own template. + + // override success to do output with our own template. mTemplates.remove(CMSRequest.SUCCESS); } @@ -117,28 +116,28 @@ public class CloneRedirect extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } - CMS.debug("CloneRedirect: " + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl)); + CMS.debug("CloneRedirect: " + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl)); header.addStringValue("masterURL", mNewUrl); try { ServletOutputStream out = resp.getOutputStream(); String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java index 0ccf7f18..03c909cc 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Date; import java.util.Locale; @@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * 'Face-to-face' certificate enrollment. - * + * * @version $Revision$, $Date$ */ public class DirAuthServlet extends CMSServlet { @@ -64,8 +62,9 @@ public class DirAuthServlet extends CMSServlet { super(); } - /** + /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -81,15 +80,14 @@ public class DirAuthServlet extends CMSServlet { mTemplates.remove(CMSRequest.SUCCESS); } - - /** + /** * Process the HTTP request. This servlet reads configuration information - * from the hashDirEnrollment configuration substore - * + * from the hashDirEnrollment configuration substore + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -112,8 +110,8 @@ public class DirAuthServlet extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); cmsReq.setError(new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); cmsReq.setStatus(CMSRequest.ERROR); @@ -166,7 +164,7 @@ public class DirAuthServlet extends CMSServlet { printError(cmsReq, "2"); cmsReq.setStatus(CMSRequest.SUCCESS); return; - } + } mgr.setLastLogin(reqHost, currTime); @@ -176,11 +174,11 @@ public class DirAuthServlet extends CMSServlet { mgr.addAuthToken(pageID, authToken); - header.addStringValue("pageID", pageID); + header.addStringValue("pageID", pageID); header.addStringValue("uid", uid); header.addStringValue("fingerprint", mgr.hashFingerprint(reqHost, pageID, uid)); header.addStringValue("hostname", reqHost); - + try { ServletOutputStream out = httpResp.getOutputStream(); @@ -188,8 +186,8 @@ public class DirAuthServlet extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); cmsReq.setStatus(CMSRequest.ERROR); @@ -199,7 +197,7 @@ public class DirAuthServlet extends CMSServlet { } private void printError(CMSRequest cmsReq, String errorCode) - throws EBaseException { + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -219,7 +217,7 @@ public class DirAuthServlet extends CMSServlet { form = getTemplate(formPath, httpReq, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString())); cmsReq.setError(new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); cmsReq.setStatus(CMSRequest.ERROR); @@ -234,7 +232,7 @@ public class DirAuthServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); cmsReq.setStatus(CMSRequest.ERROR); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java index 9f353312..a5cdc98e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Locale; @@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * For Face-to-face enrollment, disable EE enrollment feature - * + * * @version $Revision$, $Date$ * @see com.netscape.cms.servlet.cert.EnableEnrollResult */ @@ -83,7 +81,7 @@ public class DisableEnrollResult extends CMSServlet { * Services the request */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -125,10 +123,10 @@ public class DisableEnrollResult extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -162,10 +160,10 @@ public class DisableEnrollResult extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java index ea62b9cb..2a32b594 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; @@ -67,13 +66,12 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Display detailed information about a certificate - * - * The template 'displayBySerial.template' is used to - * render the response for this servlet. - * + * + * The template 'displayBySerial.template' is used to render the response for + * this servlet. + * * @version $Revision$, $Date$ */ public class DisplayBySerial extends CMSServlet { @@ -99,6 +97,7 @@ public class DisplayBySerial extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -109,16 +108,16 @@ public class DisplayBySerial extends CMSServlet { try { mCACerts = ((ICertAuthority) mAuthority).getCACertChain().getChain(); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE")); } // coming from ee mForm1Path = "/" + mAuthority.getId() + "/" + TPL_FILE1; - - if (mOutputTemplatePath != null) + + if (mOutputTemplatePath != null) mForm1Path = mOutputTemplatePath; - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); } @@ -126,8 +125,8 @@ public class DisplayBySerial extends CMSServlet { /** * Serves HTTP request. The format of this request is as follows: * <ul> - * <li>http.param serialNumber Decimal serial number of certificate to display - * (or hex if serialNumber preceded by 0x) + * <li>http.param serialNumber Decimal serial number of certificate to + * display (or hex if serialNumber preceded by 0x) * </ul> */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -151,7 +150,7 @@ public class DisplayBySerial extends CMSServlet { mAuthzResourceName, "read"); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -170,8 +169,8 @@ public class DisplayBySerial extends CMSServlet { error = new ECMSGWException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mForm1Path, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mForm1Path, e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } catch (EDBRecordNotFoundException e) { @@ -185,15 +184,15 @@ public class DisplayBySerial extends CMSServlet { try { if (serialNumber.compareTo(MINUS_ONE) > 0) { - process(argSet, header, serialNumber, - req, resp, locale[0]); + process(argSet, header, serialNumber, + req, resp, locale[0]); } else { error = new ECMSGWException( CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER")); } } catch (EBaseException e) { error = e; - } + } try { ServletOutputStream out = resp.getOutputStream(); @@ -201,19 +200,19 @@ public class DisplayBySerial extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } @@ -223,53 +222,53 @@ public class DisplayBySerial extends CMSServlet { * Display information about a particular certificate */ private void process(CMSTemplateParams argSet, IArgBlock header, - BigInteger seq, HttpServletRequest req, - HttpServletResponse resp, - Locale locale) - throws EBaseException { + BigInteger seq, HttpServletRequest req, + HttpServletResponse resp, + Locale locale) + throws EBaseException { String certType[] = new String[1]; try { ICertRecord rec = getCertRecord(seq, certType); - + if (certType[0].equalsIgnoreCase("x509")) { processX509(argSet, header, seq, req, resp, locale); return; } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString())); throw e; } - + return; } - + private void processX509(CMSTemplateParams argSet, IArgBlock header, - BigInteger seq, HttpServletRequest req, - HttpServletResponse resp, - Locale locale) - throws EBaseException { + BigInteger seq, HttpServletRequest req, + HttpServletResponse resp, + Locale locale) + throws EBaseException { try { ICertRecord rec = (ICertRecord) mCertDB.readCertificateRecord(seq); - if (rec == null) { - CMS.debug("DisplayBySerial: failed to read record"); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); + if (rec == null) { + CMS.debug("DisplayBySerial: failed to read record"); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } X509CertImpl cert = rec.getCertificate(); - if (cert == null) { - CMS.debug("DisplayBySerial: no certificate in record"); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); + if (cert == null) { + CMS.debug("DisplayBySerial: no certificate in record"); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } try { X509CertInfo info = (X509CertInfo) cert.get(X509CertImpl.NAME + "." + X509CertImpl.INFO); - if (info == null) { - CMS.debug("DisplayBySerial: no info found"); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); + if (info == null) { + CMS.debug("DisplayBySerial: no info found"); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } CertificateExtensions extensions = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS); @@ -287,11 +286,11 @@ public class DisplayBySerial extends CMSServlet { } if (ext instanceof KeyUsageExtension) { KeyUsageExtension usage = - (KeyUsageExtension) ext; + (KeyUsageExtension) ext; try { if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue() || - ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue()) + ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue()) emailCert = true; } catch (ArrayIndexOutOfBoundsException e) { // bug356108: @@ -321,8 +320,8 @@ public class DisplayBySerial extends CMSServlet { header.addBooleanValue("noCertImport", noCertImport); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", e.toString())); } IRevocationInfo revocationInfo = rec.getRevocationInfo(); @@ -347,20 +346,16 @@ public class DisplayBySerial extends CMSServlet { ICertPrettyPrint certDetails = CMS.getCertPrettyPrint(cert); - header.addStringValue("certPrettyPrint", - certDetails.toString(locale)); + header.addStringValue("certPrettyPrint", + certDetails.toString(locale)); /* - String scheme = req.getScheme(); - if (scheme.equals("http") && connectionIsSSL(req)) - scheme = "https"; - String requestURI = req.getRequestURI(); - int i = requestURI.indexOf('?'); - String newRequestURI = - (i > -1)? requestURI.substring(0, i): requestURI; - header.addStringValue("serviceURL", scheme +"://"+ - req.getServerName() + ":"+ - req.getServerPort() + newRequestURI); + * String scheme = req.getScheme(); if (scheme.equals("http") && + * connectionIsSSL(req)) scheme = "https"; String requestURI = + * req.getRequestURI(); int i = requestURI.indexOf('?'); String + * newRequestURI = (i > -1)? requestURI.substring(0, i): requestURI; + * header.addStringValue("serviceURL", scheme +"://"+ + * req.getServerName() + ":"+ req.getServerPort() + newRequestURI); */ header.addStringValue("authorityid", mAuthority.getId()); @@ -369,8 +364,8 @@ public class DisplayBySerial extends CMSServlet { try { certFingerprints = CMS.getFingerPrints(cert); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_DIGESTING_CERT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_DIGESTING_CERT", e.toString())); } if (certFingerprints.length() > 0) header.addStringValue("certFingerprint", certFingerprints); @@ -382,12 +377,12 @@ public class DisplayBySerial extends CMSServlet { header.addStringValue("serialNumber", seq.toString(16)); /* - String userAgent = req.getHeader("user-agent"); - String agent = - (userAgent != null)? UserInfo.getUserAgent(userAgent): ""; + * String userAgent = req.getHeader("user-agent"); String agent = + * (userAgent != null)? UserInfo.getUserAgent(userAgent): ""; */ // Now formulate a PKCS#7 blob - X509CertImpl[] certsInChain = new X509CertImpl[1];; + X509CertImpl[] certsInChain = new X509CertImpl[1]; + ; if (mCACerts != null) { for (int i = 0; i < mCACerts.length; i++) { if (cert.equals(mCACerts[i])) { @@ -398,10 +393,10 @@ public class DisplayBySerial extends CMSServlet { certsInChain = new X509CertImpl[mCACerts.length + 1]; } } - + // Set the EE cert certsInChain[0] = cert; - + // Set the Ca certificate chain if (mCACerts != null) { for (int i = 0; i < mCACerts.length; i++) { @@ -414,43 +409,43 @@ public class DisplayBySerial extends CMSServlet { String p7Str; try { - PKCS7 p7 = new PKCS7(new AlgorithmId[0], + PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(new byte[0]), certsInChain, new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); - p7.encodeSignedData(bos,false); + p7.encodeSignedData(bos, false); byte[] p7Bytes = bos.toByteArray(); - p7Str = com.netscape.osutil.OSUtil.BtoA(p7Bytes); + p7Str = com.netscape.osutil.OSUtil.BtoA(p7Bytes); header.addStringValue("pkcs7ChainBase64", p7Str); } catch (Exception e) { - //p7Str = "PKCS#7 B64 Encoding error - " + e.toString() - //+ "; Please contact your administrator"; - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString())); + // p7Str = "PKCS#7 B64 Encoding error - " + e.toString() + // + "; Please contact your administrator"; + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7")); } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("MSGW_ERR_DISP_BY_SERIAL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("MSGW_ERR_DISP_BY_SERIAL", e.toString())); throw e; } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_ENCODE_CERT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_ENCODE_CERT", e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } return; } - + private ICertRecord getCertRecord(BigInteger seq, String certtype[]) - throws EBaseException { + throws EBaseException { ICertRecord rec = null; - + try { rec = (ICertRecord) mCertDB.readCertificateRecord(seq); X509CertImpl x509cert = rec.getCertificate(); @@ -460,16 +455,16 @@ public class DisplayBySerial extends CMSServlet { return rec; } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString())); throw e; } - + return rec; } private BigInteger getSerialNumber(HttpServletRequest req) - throws NumberFormatException { + throws NumberFormatException { String serialNumString = req.getParameter("serialNumber"); if (serialNumString != null) { @@ -477,11 +472,10 @@ public class DisplayBySerial extends CMSServlet { if (serialNumString.startsWith("0x") || serialNumString.startsWith("0X")) { return new BigInteger(serialNumString.substring(2), 16); } else { - return new BigInteger(serialNumString); + return new BigInteger(serialNumString); } - } else { + } else { throw new NumberFormatException(); - } + } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java index 3a5f3f06..cb0e1cf9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CRLException; @@ -50,10 +49,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Decode the CRL and display it to the requester. - * + * * @version $Revision$, $Date$ */ public class DisplayCRL extends CMSServlet { @@ -64,8 +62,8 @@ public class DisplayCRL extends CMSServlet { private static final long serialVersionUID = 1152016798229054027L; private final static String INFO = "DisplayCRL"; private final static String TPL_FILE = "displayCRL.template"; - //private final static String E_TPL_FILE = "error.template"; - //private final static String OUT_ERROR = "errorDetails"; + // private final static String E_TPL_FILE = "error.template"; + // private final static String OUT_ERROR = "errorDetails"; private String mFormPath = null; private ICertificateAuthority mCA = null; @@ -78,9 +76,10 @@ public class DisplayCRL extends CMSServlet { } /** - * Initialize the servlet. This servlet uses the 'displayCRL.template' file to - * to render the response to the client. - * @param sc servlet configuration, read from the web.xml file + * Initialize the servlet. This servlet uses the 'displayCRL.template' file + * to to render the response to the client. + * + * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -96,15 +95,16 @@ public class DisplayCRL extends CMSServlet { } /** - * Process the HTTP request + * Process the HTTP request * <ul> - * <li>http.param crlIssuingPoint number - * <li>http.param crlDisplayType entireCRL or crlHeader or base64Encoded or deltaCRL - * <li>http.param pageStart which page to start displaying from - * <li>http.param pageSize number of entries to show per page + * <li>http.param crlIssuingPoint number + * <li>http.param crlDisplayType entireCRL or crlHeader or base64Encoded or + * deltaCRL + * <li>http.param pageStart which page to start displaying from + * <li>http.param pageSize number of entries to show per page * </ul> + * * @param cmsReq the Request to service. - */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); @@ -132,8 +132,8 @@ public class DisplayCRL extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1", mFormPath, e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } @@ -148,22 +148,22 @@ public class DisplayCRL extends CMSServlet { String crlIssuingPointId = req.getParameter("crlIssuingPoint"); process(argSet, header, req, resp, crlIssuingPointId, - locale[0]); + locale[0]); try { ServletOutputStream out = resp.getOutputStream(); String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } @@ -192,24 +192,25 @@ public class DisplayCRL extends CMSServlet { masterHost = CMS.getConfigStore().getString("master.ca.agent.host", ""); masterPort = CMS.getConfigStore().getString("master.ca.agent.port", ""); if (masterHost != null && masterHost.length() > 0 && - masterPort != null && masterPort.length() > 0) { + masterPort != null && masterPort.length() > 0) { clonedCA = true; ipNames = crlRepository.getIssuingPointsNames(); } } catch (EBaseException e) { } - + if (clonedCA) { if (crlIssuingPointId != null) { if (ipNames != null && ipNames.size() > 0) { int i; for (i = 0; i < ipNames.size(); i++) { - String ipName = (String)ipNames.elementAt(i); + String ipName = (String) ipNames.elementAt(i); if (crlIssuingPointId.equals(ipName)) { break; } } - if (i >= ipNames.size()) crlIssuingPointId = null; + if (i >= ipNames.size()) + crlIssuingPointId = null; } else { crlIssuingPointId = null; } @@ -226,13 +227,14 @@ public class DisplayCRL extends CMSServlet { isCRLCacheEnabled = ip.isCRLCacheEnabled(); break; } - if (!ips.hasMoreElements()) crlIssuingPointId = null; + if (!ips.hasMoreElements()) + crlIssuingPointId = null; } } } if (crlIssuingPointId == null) { header.addStringValue("error", - "Request to unspecified or non-existing CRL issuing point: "+ipId); + "Request to unspecified or non-existing CRL issuing point: " + ipId); return; } @@ -240,22 +242,23 @@ public class DisplayCRL extends CMSServlet { String crlDisplayType = req.getParameter("crlDisplayType"); - if (crlDisplayType == null) crlDisplayType = "cachedCRL"; + if (crlDisplayType == null) + crlDisplayType = "cachedCRL"; header.addStringValue("crlDisplayType", crlDisplayType); try { - crlRecord = + crlRecord = (ICRLIssuingPointRecord) mCA.getCRLRepository().readCRLIssuingPointRecord(crlIssuingPointId); } catch (EBaseException e) { header.addStringValue("error", e.toString(locale)); return; } if (crlRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); - header.addStringValue("error", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); - return; + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); + header.addStringValue("error", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); + return; } header.addStringValue("crlIssuingPoint", crlIssuingPointId); @@ -283,10 +286,10 @@ public class DisplayCRL extends CMSServlet { byte[] crlbytes = crlRecord.getCRL(); if (crlbytes == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); - header.addStringValue("error", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); + header.addStringValue("error", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); return; } @@ -299,8 +302,8 @@ public class DisplayCRL extends CMSServlet { } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_CRL", e.toString())); - header.addStringValue("error", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); + header.addStringValue("error", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); } } @@ -320,24 +323,25 @@ public class DisplayCRL extends CMSServlet { long lPageStart = new Long(pageStart).longValue(); long lPageSize = new Long(pageSize).longValue(); - if (lPageStart < 1) lPageStart = 1; + if (lPageStart < 1) + lPageStart = 1; // if (lPageStart + lPageSize - lCRLSize > 1) - // lPageStart = lCRLSize - lPageSize + 1; + // lPageStart = lCRLSize - lPageSize + 1; header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale, - lCRLSize, lPageStart, lPageSize)); + "crlPrettyPrint", crlDetails.toString(locale, + lCRLSize, lPageStart, lPageSize)); header.addLongValue("pageStart", lPageStart); header.addLongValue("pageSize", lPageSize); } else { header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale)); + "crlPrettyPrint", crlDetails.toString(locale)); } } else if (crlDisplayType.equals("crlHeader")) { ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl); header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale, lCRLSize, 0, 0)); + "crlPrettyPrint", crlDetails.toString(locale, lCRLSize, 0, 0)); } else if (crlDisplayType.equals("base64Encoded")) { try { byte[] ba = crl.getEncoded(); @@ -377,14 +381,14 @@ public class DisplayCRL extends CMSServlet { } catch (CRLException e) { } } else if (crlDisplayType.equals("deltaCRL")) { - if ((clonedCA && crlRecord.getDeltaCRLSize() != null && - crlRecord.getDeltaCRLSize().longValue() > -1) || - (crlIP != null && crlIP.isDeltaCRLEnabled())) { + if ((clonedCA && crlRecord.getDeltaCRLSize() != null && + crlRecord.getDeltaCRLSize().longValue() > -1) || + (crlIP != null && crlIP.isDeltaCRLEnabled())) { byte[] deltaCRLBytes = crlRecord.getDeltaCRL(); if (deltaCRLBytes == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL", crlIssuingPointId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL", crlIssuingPointId)); header.addStringValue("error", "Delta CRL is not available"); } else { X509CRLImpl deltaCRL = null; @@ -393,23 +397,23 @@ public class DisplayCRL extends CMSServlet { deltaCRL = new X509CRLImpl(deltaCRLBytes); } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_DELTA_CRL", e.toString())); - header.addStringValue("error", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); + header.addStringValue("error", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); } if (deltaCRL != null) { BigInteger crlNumber = crlRecord.getCRLNumber(); BigInteger deltaNumber = crlRecord.getDeltaCRLNumber(); if ((clonedCA && crlNumber != null && deltaNumber != null && - deltaNumber.compareTo(crlNumber) >= 0) || - (crlIP != null && crlIP.isThisCurrentDeltaCRL(deltaCRL))) { + deltaNumber.compareTo(crlNumber) >= 0) || + (crlIP != null && crlIP.isThisCurrentDeltaCRL(deltaCRL))) { header.addIntegerValue("deltaCRLSize", - deltaCRL.getNumberOfRevokedCertificates()); + deltaCRL.getNumberOfRevokedCertificates()); ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(deltaCRL); header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale, 0, 0, 0)); + "crlPrettyPrint", crlDetails.toString(locale, 0, 0, 0)); try { byte[] ba = deltaCRL.getEncoded(); @@ -455,8 +459,8 @@ public class DisplayCRL extends CMSServlet { } } else { header.addStringValue("error", "Delta CRL is not enabled for " + - crlIssuingPointId + - " issuing point"); + crlIssuingPointId + + " issuing point"); } } @@ -464,10 +468,10 @@ public class DisplayCRL extends CMSServlet { header.addStringValue("error", CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId)); header.addStringValue("crlPrettyPrint", CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId)); } else { - header.addStringValue("error", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); - header.addStringValue("crlPrettyPrint", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); + header.addStringValue("error", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); + header.addStringValue("crlPrettyPrint", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); } return; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java index 6efda2bb..8d2be7a4 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Date; import java.util.Locale; @@ -45,11 +44,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Servlet to report the status, ie, the agent-initiated user - * enrollment is enabled or disabled. - * + * Servlet to report the status, ie, the agent-initiated user enrollment is + * enabled or disabled. + * * @version $Revision$, $Date$ */ public class DisplayHashUserEnroll extends CMSServlet { @@ -90,7 +88,7 @@ public class DisplayHashUserEnroll extends CMSServlet { * Services the request */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -117,7 +115,7 @@ public class DisplayHashUserEnroll extends CMSServlet { if (!(mAuthority instanceof IRegistrationAuthority)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -152,7 +150,7 @@ public class DisplayHashUserEnroll extends CMSServlet { printError(cmsReq, "2"); cmsReq.setStatus(CMSRequest.SUCCESS); return; - } + } mgr.setLastLogin(reqHost, currTime); @@ -162,10 +160,10 @@ public class DisplayHashUserEnroll extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -177,10 +175,10 @@ public class DisplayHashUserEnroll extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -188,7 +186,7 @@ public class DisplayHashUserEnroll extends CMSServlet { } private void printError(CMSRequest cmsReq, String errorCode) - throws EBaseException { + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -208,9 +206,9 @@ public class DisplayHashUserEnroll extends CMSServlet { form = getTemplate(formPath, httpReq, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -223,10 +221,10 @@ public class DisplayHashUserEnroll extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java index 3c562d65..e95d6dbe 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -71,10 +70,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Revoke a Certificate - * + * * @version $Revision$, $Date$ */ public class DoRevoke extends CMSServlet { @@ -98,20 +96,19 @@ public class DoRevoke extends CMSServlet { private final static String REVOKE = "revoke"; private final static String ON_HOLD = "on-hold"; private final static int ON_HOLD_REASON = 6; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; public DoRevoke() { super(); } /** - * initialize the servlet. This servlet uses the template - * file "revocationResult.template" to render the result + * initialize the servlet. This servlet uses the template file + * "revocationResult.template" to render the result + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -145,16 +142,20 @@ public class DoRevoke extends CMSServlet { } /** - * Serves HTTP request. The http parameters used by this request are as follows: + * Serves HTTP request. The http parameters used by this request are as + * follows: + * * <pre> * serialNumber Serial number of certificate to revoke (in HEX) * revocationReason Revocation reason (Described below) * totalRecordCount [number] * verifiedRecordCount [number] * invalidityDate [number of seconds in Jan 1,1970] - * + * * </pre> + * * revocationReason can be one of these values: + * * <pre> * 0 = Unspecified (default) * 1 = Key compromised @@ -204,7 +205,7 @@ public class DoRevoke extends CMSServlet { if (req.getParameter("verifiedRecordCount") != null) { verifiedRecordCount = Integer.parseInt( req.getParameter( - "verifiedRecordCount")); + "verifiedRecordCount")); } if (req.getParameter("invalidityDate") != null) { long l = Long.parseLong(req.getParameter( @@ -228,8 +229,8 @@ public class DoRevoke extends CMSServlet { try { user = (IUser) mUL.locateUser(new Certificates(certChain)); } catch (Exception e) { - CMS.debug("DoRevoke: Failed to map certificate '"+ - cert2.getSubjectDN().getName()+"' to user."); + CMS.debug("DoRevoke: Failed to map certificate '" + + cert2.getSubjectDN().getName() + "' to user."); } if (mUG.isMemberOf(user, "Subsystem Group")) { skipNonceVerification = true; @@ -249,8 +250,8 @@ public class DoRevoke extends CMSServlet { } else { CMS.debug("DoRevoke: Missing nonce"); } - CMS.debug("DoRevoke: nonceVerified="+nonceVerified); - CMS.debug("DoRevoke: skipNonceVerification="+skipNonceVerification); + CMS.debug("DoRevoke: nonceVerified=" + nonceVerified); + CMS.debug("DoRevoke: skipNonceVerification=" + skipNonceVerification); if ((!nonceVerified) && (!skipNonceVerification)) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; @@ -261,7 +262,7 @@ public class DoRevoke extends CMSServlet { String eeSubjectDN = null; String eeSerialNumber = null; - //for audit log. + // for audit log. String initiative = null; String authMgr = AuditFormat.NOAUTH; @@ -275,25 +276,24 @@ public class DoRevoke extends CMSServlet { mAuthzResourceName, "revoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - - + if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { if (authToken != null) { String serialNumber = req.getParameter("serialNumber"); X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req); - if (serialNumber != null) { + if (serialNumber != null) { eeSerialNumber = serialNumber; } @@ -306,12 +306,12 @@ public class DoRevoke extends CMSServlet { } else { // request is fromUser. initiative = AuditFormat.FROMUSER; - + String serialNumber = req.getParameter("serialNumber"); X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req); if (serialNumber == null || sslCert == null || - !(serialNumber.equals(sslCert.getSerialNumber().toString(16)))) { + !(serialNumber.equals(sslCert.getSerialNumber().toString(16)))) { authorized = false; } else { eeSubjectDN = sslCert.getSubjectDN().toString(); @@ -322,29 +322,24 @@ public class DoRevoke extends CMSServlet { if (authorized) { process(argSet, header, reason, invalidityDate, initiative, - req, resp, verifiedRecordCount, revokeAll, - totalRecordCount, eeSerialNumber, eeSubjectDN, - comments, locale[0]); + req, resp, verifiedRecordCount, revokeAll, + totalRecordCount, eeSerialNumber, eeSubjectDN, + comments, locale[0]); } } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } /* - catch (Exception e) { - noError = false; - header.addStringValue(OUT_ERROR, - MessageFormatter.getLocalizedString( - errorlocale[0], - BaseResources.class.getName(), - BaseResources.INTERNAL_ERROR_1, - e.toString())); - } + * catch (Exception e) { noError = false; + * header.addStringValue(OUT_ERROR, MessageFormatter.getLocalizedString( + * errorlocale[0], BaseResources.class.getName(), + * BaseResources.INTERNAL_ERROR_1, e.toString())); } */ try { @@ -353,11 +348,11 @@ public class DoRevoke extends CMSServlet { if (error == null && authorized) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else if (!authorized) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); @@ -366,8 +361,8 @@ public class DoRevoke extends CMSServlet { cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } @@ -375,58 +370,59 @@ public class DoRevoke extends CMSServlet { /** * Process cert status change request * <P> - * - * (Certificate Request - either an "agent" cert status change request, - * or an "EE" cert status change request) + * + * (Certificate Request - either an "agent" cert status change request, or + * an "EE" cert status change request) * <P> - * - * (Certificate Request Processed - either an "agent" cert status change - * request, or an "EE" cert status change request) + * + * (Certificate Request Processed - either an "agent" cert status change + * request, or an "EE" cert status change request) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when - * a cert status change request (e. g. - "revocation") is made (before + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used + * when a cert status change request (e. g. - "revocation") is made (before * approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED - * used when a certificate status is changed (revoked, expired, on-hold, - * off-hold) + * <li>signed.audit + * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a + * certificate status is changed (revoked, expired, on-hold, off-hold) * </ul> + * * @param argSet CMS template parameters * @param header argument block - * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, - * 2 - CA key compromised; should not be used, 3 - Affiliation changed, - * 4 - Certificate superceded, 5 - Cessation of operation, or - * 6 - Certificate is on hold) + * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, 2 + * - CA key compromised; should not be used, 3 - Affiliation + * changed, 4 - Certificate superceded, 5 - Cessation of + * operation, or 6 - Certificate is on hold) * @param invalidityDate certificate validity date * @param initiative string containing the audit format * @param req HTTP servlet request * @param resp HTTP servlet response * @param verifiedRecordCount number of verified records - * @param revokeAll string containing information on all of the - * certificates to be revoked + * @param revokeAll string containing information on all of the certificates + * to be revoked * @param totalRecordCount total number of records (verified and unverified) - * @param eeSerialNumber string containing the end-entity certificate - * serial number + * @param eeSerialNumber string containing the end-entity certificate serial + * number * @param eeSubjectDN string containing the end-entity certificate subject - * distinguished name (DN) + * distinguished name (DN) * @param comments string containing certificate comments * @param locale the system locale * @exception EBaseException an error has occurred */ private void process(CMSTemplateParams argSet, IArgBlock header, - int reason, Date invalidityDate, - String initiative, - HttpServletRequest req, - HttpServletResponse resp, - int verifiedRecordCount, - String revokeAll, - int totalRecordCount, - String eeSerialNumber, - String eeSubjectDN, - String comments, - Locale locale) - throws EBaseException { + int reason, Date invalidityDate, + String initiative, + HttpServletRequest req, + HttpServletResponse resp, + int verifiedRecordCount, + String revokeAll, + int totalRecordCount, + String eeSerialNumber, + String eeSubjectDN, + String comments, + Locale locale) + throws EBaseException { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -436,7 +432,7 @@ public class DoRevoke extends CMSServlet { String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE; String auditReasonNum = String.valueOf(reason); - CMS.debug("DoRevoke: eeSerialNumber: " + eeSerialNumber + " auditSerialNumber: " + auditSerialNumber); + CMS.debug("DoRevoke: eeSerialNumber: " + eeSerialNumber + " auditSerialNumber: " + auditSerialNumber); long startTime = CMS.getCurrentDate().getTime(); try { @@ -483,16 +479,16 @@ public class DoRevoke extends CMSServlet { CMS.debug("DoRevoke: skipped revocation request for system certificate " + xcert.getSerialNumber()); continue; } - + if (xcert != null) { rarg.addStringValue("serialNumber", - xcert.getSerialNumber().toString(16)); + xcert.getSerialNumber().toString(16)); if (eeSerialNumber != null && - (eeSerialNumber.equals(xcert.getSerialNumber().toString())) && - rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { + (eeSerialNumber.equals(xcert.getSerialNumber().toString())) && + rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CA_CERTIFICATE_ALREADY_REVOKED_1", xcert.getSerialNumber().toString(16))); + CMS.getLogMessage("CA_CERTIFICATE_ALREADY_REVOKED_1", xcert.getSerialNumber().toString(16))); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -508,19 +504,19 @@ public class DoRevoke extends CMSServlet { throw new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED")); } else if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { rarg.addStringValue("error", "Certificate 0x" + - xcert.getSerialNumber().toString(16) + - " is already revoked."); + xcert.getSerialNumber().toString(16) + + " is already revoked."); } else if (eeSubjectDN != null && - (!eeSubjectDN.equals(xcert.getSubjectDN().toString()))) { + (!eeSubjectDN.equals(xcert.getSubjectDN().toString()))) { rarg.addStringValue("error", "Certificate 0x" + - xcert.getSerialNumber().toString(16) + - " belongs to different subject."); + xcert.getSerialNumber().toString(16) + + " belongs to different subject."); } else { oldCertsV.addElement(xcert); RevokedCertImpl revCertImpl = - new RevokedCertImpl(xcert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(xcert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -535,9 +531,7 @@ public class DoRevoke extends CMSServlet { Vector<String> serialNumbers = new Vector<String>(); if (revokeAll != null && revokeAll.length() > 0) { - for (int i = revokeAll.indexOf('='); - i < revokeAll.length() && i > -1; - i = revokeAll.indexOf('=', i)) { + for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll.indexOf('=', i)) { if (i > -1) { i++; while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') { @@ -564,29 +558,28 @@ public class DoRevoke extends CMSServlet { for (int i = 0; i < certs.length; i++) { boolean addToList = false; - for (int j = 0; j < serialNumbers.size(); - j++) { - //xxxxx serial number in decimal? + for (int j = 0; j < serialNumbers.size(); j++) { + // xxxxx serial number in decimal? if (certs[i].getSerialNumber().toString().equals((String) serialNumbers.elementAt(j)) && - eeSubjectDN != null && eeSubjectDN.equals(certs[i].getSubjectDN().toString())) { + eeSubjectDN != null && eeSubjectDN.equals(certs[i].getSubjectDN().toString())) { addToList = true; break; } } if (eeSerialNumber != null && - eeSerialNumber.equals(certs[i].getSerialNumber().toString())) { + eeSerialNumber.equals(certs[i].getSerialNumber().toString())) { authorized = true; } if (addToList) { IArgBlock rarg = CMS.createArgBlock(); rarg.addStringValue("serialNumber", - certs[i].getSerialNumber().toString(16)); + certs[i].getSerialNumber().toString(16)); oldCertsV.addElement(certs[i]); RevokedCertImpl revCertImpl = - new RevokedCertImpl(certs[i].getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(certs[i].getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -596,7 +589,7 @@ public class DoRevoke extends CMSServlet { } if (!authorized) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQ_AUTH_REVOKED_CERT")); + CMS.getLogMessage("CMSGW_REQ_AUTH_REVOKED_CERT")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -615,19 +608,19 @@ public class DoRevoke extends CMSServlet { String b64eCert = req.getParameter("b64eCertificate"); if (b64eCert != null) { - // BASE64Decoder decoder = new BASE64Decoder(); - // byte[] certBytes = decoder.decodeBuffer(b64eCert); + // BASE64Decoder decoder = new BASE64Decoder(); + // byte[] certBytes = decoder.decodeBuffer(b64eCert); byte[] certBytes = CMS.AtoB(b64eCert); X509CertImpl cert = new X509CertImpl(certBytes); IArgBlock rarg = CMS.createArgBlock(); rarg.addStringValue("serialNumber", - cert.getSerialNumber().toString(16)); + cert.getSerialNumber().toString(16)); oldCertsV.addElement(cert); RevokedCertImpl revCertImpl = - new RevokedCertImpl(cert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(cert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -636,8 +629,8 @@ public class DoRevoke extends CMSServlet { } } } - if (count == 0) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); + if (count == 0) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -656,7 +649,7 @@ public class DoRevoke extends CMSServlet { header.addIntegerValue("totalRecordCount", count); X509CertImpl[] oldCerts = new X509CertImpl[count]; - //Certificate[] oldCerts = new Certificate[count]; + // Certificate[] oldCerts = new Certificate[count]; RevokedCertImpl[] revCertImpls = new RevokedCertImpl[count]; for (int i = 0; i < count; i++) { @@ -665,7 +658,7 @@ public class DoRevoke extends CMSServlet { } IRequest revReq = - mQueue.newRequest(IRequest.REVOCATION_REQUEST); + mQueue.newRequest(IRequest.REVOCATION_REQUEST); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -680,7 +673,7 @@ public class DoRevoke extends CMSServlet { revReq.setExtData(IRequest.CERT_INFO, revCertImpls); revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST); - if(initiative.equals(AuditFormat.FROMUSER)) + if (initiative.equals(AuditFormat.FROMUSER)) revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE); else revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT); @@ -708,37 +701,37 @@ public class DoRevoke extends CMSServlet { // that is meant for the Master CA. From Clone's point of view // the request is complete if ((stat == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { - // audit log the error + // audit log the error Integer result = revReq.getExtDataInInteger(IRequest.RESULT); if (result.equals(IRequest.RES_ERROR)) { String[] svcErrors = - revReq.getExtDataInStringArray(IRequest.SVCERRORS); + revReq.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - //cmsReq.setErrorDescription(err); + // cmsReq.setErrorDescription(err); for (int j = 0; j < count; j++) { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed with error: " + - err, - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed with error: " + + err, + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -751,10 +744,10 @@ public class DoRevoke extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -768,7 +761,7 @@ public class DoRevoke extends CMSServlet { audit(auditMessage); } - return; + return; } long endTime = CMS.getCurrentDate().getTime(); @@ -780,24 +773,24 @@ public class DoRevoke extends CMSServlet { X509CertImpl cert = (X509CertImpl) oldCerts[j]; mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed", - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime)} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed", + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime) } + ); } } } header.addStringValue("revoked", "yes"); - Integer updateCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = + revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { header.addStringValue("updateCRL", "yes"); @@ -806,15 +799,15 @@ public class DoRevoke extends CMSServlet { } else { header.addStringValue("updateCRLSuccess", "no"); String crlError = - revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); + revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); - if (crlError != null) - header.addStringValue("updateCRLError", - crlError); + if (crlError != null) + header.addStringValue("updateCRLError", + crlError); } // let known crl publishing status too. Integer publishCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (publishCRLResult.equals(IRequest.RES_SUCCESS)) { @@ -822,23 +815,23 @@ public class DoRevoke extends CMSServlet { } else { header.addStringValue("publishCRLSuccess", "no"); String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); - if (publError != null) - header.addStringValue("publishCRLError", - publError); + if (publError != null) + header.addStringValue("publishCRLError", + publError); } } } if (mAuthority instanceof ICertificateAuthority) { - // let known update and publish status of all crls. - Enumeration<ICRLIssuingPoint> otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + // let known update and publish status of all crls. + Enumeration<ICRLIssuingPoint> otherCRLs = + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) @@ -857,31 +850,31 @@ public class DoRevoke extends CMSServlet { updateStatusStr)); header.addStringValue(updateStatusStr, "no"); String error = - revReq.getExtDataInString(updateErrorStr); + revReq.getExtDataInString(updateErrorStr); - if (error != null) + if (error != null) header.addStringValue(updateErrorStr, - error); + error); } String publishStatusStr = crl.getCrlPublishStatusStr(); Integer publishResult = - revReq.getExtDataInInteger(publishStatusStr); + revReq.getExtDataInInteger(publishStatusStr); - if (publishResult == null) + if (publishResult == null) continue; if (publishResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue(publishStatusStr, "yes"); } else { - String publishErrorStr = - crl.getCrlPublishErrorStr(); + String publishErrorStr = + crl.getCrlPublishErrorStr(); header.addStringValue(publishStatusStr, "no"); String error = - revReq.getExtDataInString(publishErrorStr); + revReq.getExtDataInString(publishErrorStr); - if (error != null) + if (error != null) header.addStringValue( - publishErrorStr, error); + publishErrorStr, error); } } } @@ -889,8 +882,8 @@ public class DoRevoke extends CMSServlet { if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = - revReq.getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = + revReq.getExtDataInIntegerArray("ldapPublishStatus"); int certsToUpdate = 0; int certsUpdated = 0; @@ -905,13 +898,13 @@ public class DoRevoke extends CMSServlet { header.addIntegerValue("certsUpdated", certsUpdated); header.addIntegerValue("certsToUpdate", certsToUpdate); - // add crl publishing status. + // add crl publishing status. String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { header.addStringValue("crlPublishError", - publError); + publError); } } else { header.addStringValue("dirEnabled", "no"); @@ -946,16 +939,16 @@ public class DoRevoke extends CMSServlet { X509CertImpl cert = (X509CertImpl) oldCerts[j]; mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - stat.toString(), - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + stat.toString(), + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -965,9 +958,8 @@ public class DoRevoke extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)) - ) { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -1001,10 +993,10 @@ public class DoRevoke extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -1042,10 +1034,10 @@ public class DoRevoke extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -1062,8 +1054,8 @@ public class DoRevoke extends CMSServlet { throw e; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString())); if (auditRequest) { // store a "CERT_STATUS_CHANGE_REQUEST" failure @@ -1084,10 +1076,10 @@ public class DoRevoke extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -1110,11 +1102,11 @@ public class DoRevoke extends CMSServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -1140,11 +1132,11 @@ public class DoRevoke extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -1163,30 +1155,30 @@ public class DoRevoke extends CMSServlet { // find out if the value is hex or decimal int value = -1; - - //try int - try { - value = Integer.parseInt(serialNumber,10); + + // try int + try { + value = Integer.parseInt(serialNumber, 10); } catch (NumberFormatException e) { } - - //try hex - if( value == -1) { + + // try hex + if (value == -1) { try { - value = Integer.parseInt(serialNumber,16); + value = Integer.parseInt(serialNumber, 16); } catch (NumberFormatException e) { } } // give up if it isn't hex or dec - if ( value == -1) { + if (value == -1) { throw new NumberFormatException(); } // convert it to hexadecimal serialNumber = "0x" + Integer.toHexString( - value); + value); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -1196,11 +1188,11 @@ public class DoRevoke extends CMSServlet { /** * Signed Audit Log Request Type - * - * This method is called to obtain the "Request Type" for - * a signed audit log message. + * + * This method is called to obtain the "Request Type" for a signed audit log + * message. * <P> - * + * * @param reason an integer denoting the revocation reason * @return string containing REVOKE or ON_HOLD */ @@ -1222,4 +1214,3 @@ public class DoRevoke extends CMSServlet { return requestType; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java index 12093661..e7b83b0c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.io.OutputStream; import java.util.Date; @@ -63,10 +62,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Revoke a Certificate - * + * * @version $Revision$, $Date$ */ public class DoRevokeTPS extends CMSServlet { @@ -89,20 +87,19 @@ public class DoRevokeTPS extends CMSServlet { private final static String REVOKE = "revoke"; private final static String ON_HOLD = "on-hold"; private final static int ON_HOLD_REASON = 6; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; public DoRevokeTPS() { super(); } /** - * initialize the servlet. This servlet uses the template - * file "revocationResult.template" to render the result + * initialize the servlet. This servlet uses the template file + * "revocationResult.template" to render the result + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -131,16 +128,20 @@ public class DoRevokeTPS extends CMSServlet { } /** - * Serves HTTP request. The http parameters used by this request are as follows: + * Serves HTTP request. The http parameters used by this request are as + * follows: + * * <pre> * serialNumber Serial number of certificate to revoke (in HEX) * revocationReason Revocation reason (Described below) * totalRecordCount [number] * verifiedRecordCount [number] * invalidityDate [number of seconds in Jan 1,1970] - * + * * </pre> + * * revocationReason can be one of these values: + * * <pre> * 0 = Unspecified (default) * 1 = Key compromised @@ -174,7 +175,7 @@ public class DoRevokeTPS extends CMSServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } catch (Exception e) { - CMS.debug("DoRevokeTPS getTemplate failed"); + CMS.debug("DoRevokeTPS getTemplate failed"); throw new EBaseException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } @@ -203,7 +204,7 @@ public class DoRevokeTPS extends CMSServlet { revokeAll = req.getParameter("revokeAll"); String comments = req.getParameter(IRequest.REQUESTOR_COMMENTS); - //for audit log. + // for audit log. String initiative = null; String authMgr = AuditFormat.NOAUTH; @@ -215,17 +216,17 @@ public class DoRevokeTPS extends CMSServlet { mAuthzResourceName, "revoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - + if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { if (authToken != null) { authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); @@ -242,11 +243,11 @@ public class DoRevokeTPS extends CMSServlet { if (authorized) { process(argSet, header, reason, invalidityDate, initiative, req, - resp, revokeAll, totalRecordCount, comments, locale[0]); + resp, revokeAll, totalRecordCount, comments, locale[0]); } } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; @@ -260,10 +261,10 @@ public class DoRevokeTPS extends CMSServlet { errorString = "error=unauthorized"; } else if (error != null) { o_status = "status=3"; - errorString = "error="+error.toString(); + errorString = "error=" + error.toString(); } - String pp = o_status+"\n"+errorString; + String pp = o_status + "\n" + errorString; byte[] b = pp.getBytes(); resp.setContentType("text/html"); resp.setContentLength(b.length); @@ -271,8 +272,8 @@ public class DoRevokeTPS extends CMSServlet { os.write(b); os.flush(); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } @@ -280,50 +281,51 @@ public class DoRevokeTPS extends CMSServlet { /** * Process cert status change request * <P> - * - * (Certificate Request - either an "agent" cert status change request, - * or an "EE" cert status change request) + * + * (Certificate Request - either an "agent" cert status change request, or + * an "EE" cert status change request) * <P> - * - * (Certificate Request Processed - either an "agent" cert status change - * request, or an "EE" cert status change request) + * + * (Certificate Request Processed - either an "agent" cert status change + * request, or an "EE" cert status change request) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when - * a cert status change request (e. g. - "revocation") is made (before + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used + * when a cert status change request (e. g. - "revocation") is made (before * approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED - * used when a certificate status is changed (revoked, expired, on-hold, - * off-hold) + * <li>signed.audit + * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a + * certificate status is changed (revoked, expired, on-hold, off-hold) * </ul> + * * @param argSet CMS template parameters * @param header argument block - * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, - * 2 - CA key compromised; should not be used, 3 - Affiliation changed, - * 4 - Certificate superceded, 5 - Cessation of operation, or - * 6 - Certificate is on hold) + * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, 2 + * - CA key compromised; should not be used, 3 - Affiliation + * changed, 4 - Certificate superceded, 5 - Cessation of + * operation, or 6 - Certificate is on hold) * @param invalidityDate certificate validity date * @param initiative string containing the audit format * @param req HTTP servlet request * @param resp HTTP servlet response - * @param revokeAll string containing information on all of the - * certificates to be revoked + * @param revokeAll string containing information on all of the certificates + * to be revoked * @param totalRecordCount total number of records (verified and unverified) * @param comments string containing certificate comments * @param locale the system locale * @exception EBaseException an error has occurred */ private void process(CMSTemplateParams argSet, IArgBlock header, - int reason, Date invalidityDate, - String initiative, - HttpServletRequest req, - HttpServletResponse resp, - String revokeAll, - int totalRecordCount, - String comments, - Locale locale) - throws EBaseException { + int reason, Date invalidityDate, + String initiative, + HttpServletRequest req, + HttpServletResponse resp, + String revokeAll, + int totalRecordCount, + String comments, + Locale locale) + throws EBaseException { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -333,21 +335,20 @@ public class DoRevokeTPS extends CMSServlet { String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE; String auditReasonNum = String.valueOf(reason); - if (revokeAll != null) { - CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll); + CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll); - String serial = ""; + String serial = ""; String[] tokens; tokens = revokeAll.split("="); if (tokens.length == 2) { serial = tokens[1]; - //remove the trailing paren + // remove the trailing paren if (serial.endsWith(")")) { - serial = serial.substring(0,serial.length() -1); + serial = serial.substring(0, serial.length() - 1); } - auditSerialNumber = serial; + auditSerialNumber = serial; } } @@ -393,7 +394,7 @@ public class DoRevokeTPS extends CMSServlet { } X509CertImpl xcert = rec.getCertificate(); IArgBlock rarg = CMS.createArgBlock(); - + // we do not want to revoke the CA certificate accidentially if (xcert != null && isSystemCertificate(xcert.getSerialNumber())) { CMS.debug("DoRevokeTPS: skipped revocation request for system certificate " + xcert.getSerialNumber()); @@ -403,20 +404,20 @@ public class DoRevokeTPS extends CMSServlet { if (xcert != null) { rarg.addStringValue("serialNumber", - xcert.getSerialNumber().toString(16)); + xcert.getSerialNumber().toString(16)); if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { alreadyRevokedCertFound = true; - CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16) + " has been revoked."); + CMS.debug("Certificate 0x" + xcert.getSerialNumber().toString(16) + " has been revoked."); } else { oldCertsV.addElement(xcert); RevokedCertImpl revCertImpl = - new RevokedCertImpl(xcert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(xcert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); - CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16)+" is going to be revoked."); + CMS.debug("Certificate 0x" + xcert.getSerialNumber().toString(16) + " is going to be revoked."); count++; } } else { @@ -424,27 +425,27 @@ public class DoRevokeTPS extends CMSServlet { } } - if (count == 0) { + if (count == 0) { // Situation where no certs were reoked here, but some certs // requested happened to be already revoked. Don't return error. if (alreadyRevokedCertFound == true && badCertsRequested == false) { - CMS.debug("Only have previously revoked certs in the list."); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditSerialNumber, - auditRequestType); + CMS.debug("Only have previously revoked certs in the list."); + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditSerialNumber, + auditRequestType); - audit(auditMessage); - return; + audit(auditMessage); + return; } - + errorString = "error=No certificates are revoked."; o_status = "status=2"; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -469,7 +470,7 @@ public class DoRevokeTPS extends CMSServlet { } IRequest revReq = - mQueue.newRequest(IRequest.REVOCATION_REQUEST); + mQueue.newRequest(IRequest.REVOCATION_REQUEST); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -484,7 +485,7 @@ public class DoRevokeTPS extends CMSServlet { revReq.setExtData(IRequest.CERT_INFO, revCertImpls); revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST); - if(initiative.equals(AuditFormat.FROMUSER)) { + if (initiative.equals(AuditFormat.FROMUSER)) { revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE); } else { revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT); @@ -513,37 +514,37 @@ public class DoRevokeTPS extends CMSServlet { // that is meant for the Master CA. From Clone's point of view // the request is complete if ((stat == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { - // audit log the error + // audit log the error Integer result = revReq.getExtDataInInteger(IRequest.RESULT); if (result.equals(IRequest.RES_ERROR)) { String[] svcErrors = - revReq.getExtDataInStringArray(IRequest.SVCERRORS); + revReq.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - //cmsReq.setErrorDescription(err); + // cmsReq.setErrorDescription(err); for (int j = 0; j < count; j++) { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed with error: " + - err, - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed with error: " + + err, + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -556,10 +557,10 @@ public class DoRevokeTPS extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -573,7 +574,7 @@ public class DoRevokeTPS extends CMSServlet { audit(auditMessage); } - return; + return; } long endTime = CMS.getCurrentDate().getTime(); @@ -585,24 +586,24 @@ public class DoRevokeTPS extends CMSServlet { X509CertImpl cert = (X509CertImpl) oldCerts[j]; mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed", - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime)} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed", + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime) } + ); } } } header.addStringValue("revoked", "yes"); - Integer updateCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = + revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { if (!updateCRLResult.equals(IRequest.RES_SUCCESS)) { @@ -615,29 +616,29 @@ public class DoRevokeTPS extends CMSServlet { } // let known crl publishing status too. Integer publishCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (!publishCRLResult.equals(IRequest.RES_SUCCESS)) { String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); o_status = "status=3"; if (publError != null) { - errorString = "error="+publError; + errorString = "error=" + publError; } } } } if (mAuthority instanceof ICertificateAuthority) { - // let known update and publish status of all crls. - Enumeration<ICRLIssuingPoint> otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + // let known update and publish status of all crls. + Enumeration<ICRLIssuingPoint> otherCRLs = + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) @@ -652,25 +653,25 @@ public class DoRevokeTPS extends CMSServlet { CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", updateStatusStr)); String error = - revReq.getExtDataInString(updateErrorStr); + revReq.getExtDataInString(updateErrorStr); o_status = "status=3"; - if (error != null) { - errorString = "error="+error; + if (error != null) { + errorString = "error=" + error; } } String publishStatusStr = crl.getCrlPublishStatusStr(); Integer publishResult = - revReq.getExtDataInInteger(publishStatusStr); + revReq.getExtDataInInteger(publishStatusStr); - if (publishResult == null) + if (publishResult == null) continue; if (!publishResult.equals(IRequest.RES_SUCCESS)) { - String publishErrorStr = - crl.getCrlPublishErrorStr(); + String publishErrorStr = + crl.getCrlPublishErrorStr(); String error = - revReq.getExtDataInString(publishErrorStr); + revReq.getExtDataInString(publishErrorStr); o_status = "status=3"; if (error != null) { @@ -683,8 +684,8 @@ public class DoRevokeTPS extends CMSServlet { if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = - revReq.getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = + revReq.getExtDataInIntegerArray("ldapPublishStatus"); int certsToUpdate = 0; int certsUpdated = 0; @@ -697,12 +698,12 @@ public class DoRevokeTPS extends CMSServlet { } } - // add crl publishing status. + // add crl publishing status. String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { - errorString = "error="+publError; + errorString = "error=" + publError; o_status = "status=3"; } } else if (mPublisherProcessor == null && mPublisherProcessor.ldapEnabled()) { @@ -712,7 +713,7 @@ public class DoRevokeTPS extends CMSServlet { } else { if (stat == RequestStatus.PENDING || stat == RequestStatus.REJECTED) { o_status = "status=2"; - errorString = "error="+stat.toString(); + errorString = "error=" + stat.toString(); } else { o_status = "status=2"; errorString = "error=Undefined request status"; @@ -743,16 +744,16 @@ public class DoRevokeTPS extends CMSServlet { X509CertImpl cert = (X509CertImpl) oldCerts[j]; mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - stat.toString(), - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + stat.toString(), + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -762,9 +763,8 @@ public class DoRevokeTPS extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)) - ) { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -799,10 +799,10 @@ public class DoRevokeTPS extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -819,8 +819,8 @@ public class DoRevokeTPS extends CMSServlet { throw e; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString())); if (auditRequest) { // store a "CERT_STATUS_CHANGE_REQUEST" failure @@ -841,10 +841,10 @@ public class DoRevokeTPS extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -867,11 +867,11 @@ public class DoRevokeTPS extends CMSServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -897,11 +897,11 @@ public class DoRevokeTPS extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -920,7 +920,7 @@ public class DoRevokeTPS extends CMSServlet { // convert it to hexadecimal serialNumber = "0x" + Integer.toHexString( - Integer.valueOf(serialNumber).intValue()); + Integer.valueOf(serialNumber).intValue()); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -930,11 +930,11 @@ public class DoRevokeTPS extends CMSServlet { /** * Signed Audit Log Request Type - * - * This method is called to obtain the "Request Type" for - * a signed audit log message. + * + * This method is called to obtain the "Request Type" for a signed audit log + * message. * <P> - * + * * @param reason an integer denoting the revocation reason * @return string containing REVOKE or ON_HOLD */ @@ -956,4 +956,3 @@ public class DoRevokeTPS extends CMSServlet { return requestType; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java index e1791045..0b7c6f85 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.util.Enumeration; @@ -56,11 +55,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * 'Unrevoke' a certificate. (For certificates that are on-hold only, - * take them off-hold) - * + * 'Unrevoke' a certificate. (For certificates that are on-hold only, take them + * off-hold) + * * @version $Revision$, $Date$ */ public class DoUnrevoke extends CMSServlet { @@ -80,19 +78,18 @@ public class DoUnrevoke extends CMSServlet { private final static String OFF_HOLD = "off-hold"; private final static int OFF_HOLD_REASON = 6; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; - + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + public DoUnrevoke() { super(); } /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -112,14 +109,14 @@ public class DoUnrevoke extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> - * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The - * certificate must be revoked with a revovcation reason 'on hold' for this - * operation to succeed. The serial number may be expressed as a hex number by - * prefixing '0x' to the serialNumber string + * <li>http.param serialNumber Decimal serial number of certificate to + * unrevoke. The certificate must be revoked with a revovcation reason 'on + * hold' for this operation to succeed. The serial number may be expressed + * as a hex number by prefixing '0x' to the serialNumber string * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -136,10 +133,10 @@ public class DoUnrevoke extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -149,20 +146,20 @@ public class DoUnrevoke extends CMSServlet { try { serialNumber = getSerialNumbers(req); - //for audit log. + // for audit log. IAuthToken authToken = authenticate(cmsReq); String authMgr = AuditFormat.NOAUTH; - + if (authToken != null) { authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); - } else { - CMS.debug( "DoUnrevoke::process() - authToken is null!" ); + } else { + CMS.debug("DoUnrevoke::process() - authToken is null!"); return; } String agentID = authToken.getInString("userid"); String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID - + " authenticated by " + authMgr; + + " authenticated by " + authMgr; AuthzToken authzToken = null; @@ -171,10 +168,10 @@ public class DoUnrevoke extends CMSServlet { mAuthzResourceName, "unrevoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -186,7 +183,7 @@ public class DoUnrevoke extends CMSServlet { } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -197,44 +194,45 @@ public class DoUnrevoke extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - /** * Process X509 cert status change request * <P> - * - * (Certificate Request - an "agent" cert status change request to take - * a certificate off-hold) + * + * (Certificate Request - an "agent" cert status change request to take a + * certificate off-hold) * <P> - * - * (Certificate Request Processed - an "agent" cert status change request - * to take a certificate off-hold) + * + * (Certificate Request Processed - an "agent" cert status change request to + * take a certificate off-hold) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when - * a cert status change request (e. g. - "revocation") is made (before + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used + * when a cert status change request (e. g. - "revocation") is made (before * approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED - * used when a certificate status is changed (taken off-hold) + * <li>signed.audit + * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a + * certificate status is changed (taken off-hold) * </ul> + * * @param argSet CMS template parameters * @param header argument block * @param serialNumbers the serial number of the certificate @@ -245,11 +243,11 @@ public class DoUnrevoke extends CMSServlet { * @exception EBaseException an error has occurred */ private void process(CMSTemplateParams argSet, IArgBlock header, - BigInteger[] serialNumbers, - HttpServletRequest req, - HttpServletResponse resp, - Locale locale, String initiative) - throws EBaseException { + BigInteger[] serialNumbers, + HttpServletRequest req, + HttpServletResponse resp, + Locale locale, String initiative) + throws EBaseException { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -262,11 +260,13 @@ public class DoUnrevoke extends CMSServlet { try { StringBuffer snList = new StringBuffer(); - // certs are for old cloning and they should be removed as soon as possible + // certs are for old cloning and they should be removed as soon as + // possible X509CertImpl[] certs = new X509CertImpl[serialNumbers.length]; for (int i = 0; i < serialNumbers.length; i++) { - certs[i] = (X509CertImpl)getX509Certificate(serialNumbers[i]); - if (snList.length() > 0) snList.append(", "); + certs[i] = (X509CertImpl) getX509Certificate(serialNumbers[i]); + if (snList.length() > 0) + snList.append(", "); snList.append("0x"); snList.append(serialNumbers[i].toString(16)); } @@ -310,15 +310,15 @@ public class DoUnrevoke extends CMSServlet { header.addStringValue("unrevoked", "yes"); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "completed", - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "completed", + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } } else { header.addStringValue("unrevoked", "no"); @@ -328,59 +328,59 @@ public class DoUnrevoke extends CMSServlet { header.addStringValue("error", error); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "completed with error: " + - error, - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "completed with error: " + + error, + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } /****************************************************/ - - /* IMPORTANT: In the event that the following */ - - /* "throw error;" statement is */ - - /* uncommented, uncomment the following */ - - /* signed audit log message, also!!! */ - + + /* IMPORTANT: In the event that the following */ + + /* "throw error;" statement is */ + + /* uncommented, uncomment the following */ + + /* signed audit log message, also!!! */ + /****************************************************/ - // // store a message in the signed audit log file - // // if and only if "auditApprovalStatus" is - // // "complete", "revoked", or "canceled" - // if( ( auditApprovalStatus.equals( - // RequestStatus.COMPLETE_STRING ) ) || - // ( auditApprovalStatus.equals( - // RequestStatus.REJECTED_STRING ) ) || - // ( auditApprovalStatus.equals( - // RequestStatus.CANCELED_STRING ) ) ) { - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - // auditSubjectID, - // ILogger.FAILURE, - // auditRequesterID, - // auditSerialNumber, - // auditRequestType, - // auditReasonNum, - // auditApprovalStatus ); + // // store a message in the signed audit log file + // // if and only if "auditApprovalStatus" is + // // "complete", "revoked", or "canceled" + // if( ( auditApprovalStatus.equals( + // RequestStatus.COMPLETE_STRING ) ) || + // ( auditApprovalStatus.equals( + // RequestStatus.REJECTED_STRING ) ) || + // ( auditApprovalStatus.equals( + // RequestStatus.CANCELED_STRING ) ) ) { + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + // auditSubjectID, + // ILogger.FAILURE, + // auditRequesterID, + // auditSerialNumber, + // auditRequestType, + // auditReasonNum, + // auditApprovalStatus ); // - // audit( auditMessage ); - // } + // audit( auditMessage ); + // } - // throw error; + // throw error; } } - Integer updateCRLResult = - unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = + unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { header.addStringValue("updateCRL", "yes"); @@ -389,15 +389,15 @@ public class DoUnrevoke extends CMSServlet { } else { header.addStringValue("updateCRLSuccess", "no"); String crlError = - unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); + unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); - if (crlError != null) - header.addStringValue("updateCRLError", - crlError); + if (crlError != null) + header.addStringValue("updateCRLError", + crlError); } // let known crl publishing status too. - Integer publishCRLResult = - unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + Integer publishCRLResult = + unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (publishCRLResult.equals(IRequest.RES_SUCCESS)) { @@ -405,22 +405,22 @@ public class DoUnrevoke extends CMSServlet { } else { header.addStringValue("publishCRLSuccess", "no"); String publError = - unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); - if (publError != null) - header.addStringValue("publishCRLError", - publError); + if (publError != null) + header.addStringValue("publishCRLError", + publError); } } } - // let known update and publish status of all crls. - Enumeration otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + // let known update and publish status of all crls. + Enumeration otherCRLs = + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) @@ -431,48 +431,48 @@ public class DoUnrevoke extends CMSServlet { if (updateResult != null) { if (updateResult.equals(IRequest.RES_SUCCESS)) { CMS.debug("DoUnrevoke: adding header " + - updateStatusStr + " yes "); + updateStatusStr + " yes "); header.addStringValue(updateStatusStr, "yes"); } else { String updateErrorStr = crl.getCrlUpdateErrorStr(); CMS.debug("DoUnrevoke: adding header " + - updateStatusStr + " no "); + updateStatusStr + " no "); header.addStringValue(updateStatusStr, "no"); String error = - unrevReq.getExtDataInString(updateErrorStr); + unrevReq.getExtDataInString(updateErrorStr); - if (error != null) + if (error != null) header.addStringValue( - updateErrorStr, error); + updateErrorStr, error); } String publishStatusStr = crl.getCrlPublishStatusStr(); Integer publishResult = - unrevReq.getExtDataInInteger(publishStatusStr); + unrevReq.getExtDataInInteger(publishStatusStr); - if (publishResult == null) + if (publishResult == null) continue; if (publishResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue(publishStatusStr, "yes"); } else { - String publishErrorStr = - crl.getCrlPublishErrorStr(); + String publishErrorStr = + crl.getCrlPublishErrorStr(); header.addStringValue(publishStatusStr, "no"); String error = - unrevReq.getExtDataInString(publishErrorStr); + unrevReq.getExtDataInString(publishErrorStr); - if (error != null) + if (error != null) header.addStringValue( - publishErrorStr, error); + publishErrorStr, error); } } } if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = - unrevReq.getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = + unrevReq.getExtDataInIntegerArray("ldapPublishStatus"); if (ldapPublishStatus != null) { if (ldapPublishStatus[0] == IRequest.RES_SUCCESS) { @@ -490,30 +490,30 @@ public class DoUnrevoke extends CMSServlet { header.addStringValue("unrevoked", "pending"); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "pending", - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "pending", + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } } else { header.addStringValue("error", "Request Status.Error"); header.addStringValue("unrevoked", "no"); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - status.toString(), - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + status.toString(), + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } } @@ -521,9 +521,8 @@ public class DoUnrevoke extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)) - ) { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -557,10 +556,10 @@ public class DoUnrevoke extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -580,7 +579,7 @@ public class DoUnrevoke extends CMSServlet { } private BigInteger[] getSerialNumbers(HttpServletRequest req) - throws NumberFormatException { + throws NumberFormatException { String serialNumString = req.getParameter("serialNumber"); StringTokenizer snList = new StringTokenizer(serialNumString, " "); @@ -601,7 +600,7 @@ public class DoUnrevoke extends CMSServlet { biList.addElement(bi); } else { throw new NumberFormatException(); - } + } } if (biList.size() < 1) { throw new NumberFormatException(); @@ -617,11 +616,11 @@ public class DoUnrevoke extends CMSServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -647,11 +646,11 @@ public class DoUnrevoke extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -670,7 +669,7 @@ public class DoUnrevoke extends CMSServlet { // convert it to hexadecimal serialNumber = "0x" + Integer.toHexString( - Integer.valueOf(serialNumber).intValue()); + Integer.valueOf(serialNumber).intValue()); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -678,4 +677,3 @@ public class DoUnrevoke extends CMSServlet { return serialNumber; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java index 8f46ee9c..4472d0e5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.io.OutputStream; import java.math.BigInteger; @@ -55,11 +54,10 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * 'Unrevoke' a certificate. (For certificates that are on-hold only, - * take them off-hold) - * + * 'Unrevoke' a certificate. (For certificates that are on-hold only, take them + * off-hold) + * * @version $Revision$, $Date$ */ public class DoUnrevokeTPS extends CMSServlet { @@ -81,19 +79,18 @@ public class DoUnrevokeTPS extends CMSServlet { private final static String OFF_HOLD = "off-hold"; private final static int OFF_HOLD_REASON = 6; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; - + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + public DoUnrevokeTPS() { super(); } /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -112,14 +109,14 @@ public class DoUnrevokeTPS extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> - * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The - * certificate must be revoked with a revovcation reason 'on hold' for this - * operation to succeed. The serial number may be expressed as a hex number by - * prefixing '0x' to the serialNumber string + * <li>http.param serialNumber Decimal serial number of certificate to + * unrevoke. The certificate must be revoked with a revovcation reason 'on + * hold' for this operation to succeed. The serial number may be expressed + * as a hex number by prefixing '0x' to the serialNumber string * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -133,34 +130,31 @@ public class DoUnrevokeTPS extends CMSServlet { Locale[] locale = new Locale[1]; -/* - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } -*/ + /* + * try { form = getTemplate(mFormPath, req, locale); } catch + * (IOException e) { log(ILogger.LL_FAILURE, + * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new + * ECMSGWException( + * CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } + */ try { serialNumbers = getSerialNumbers(req); - //for audit log. + // for audit log. IAuthToken authToken = authenticate(cmsReq); String authMgr = AuditFormat.NOAUTH; - + if (authToken != null) { authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); - } else { - CMS.debug( "DoUnrevokeTPS::process() - authToken is null!" ); + } else { + CMS.debug("DoUnrevokeTPS::process() - authToken is null!"); return; - } + } String agentID = authToken.getInString("userid"); String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID - + " authenticated by " + authMgr; + + " authenticated by " + authMgr; AuthzToken authzToken = null; @@ -169,17 +163,17 @@ public class DoUnrevokeTPS extends CMSServlet { mAuthzResourceName, "unrevoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); o_status = "status=3"; errorString = "error=unauthorized"; - String pp = o_status+"\n"+errorString; + String pp = o_status + "\n" + errorString; byte[] b = pp.getBytes(); resp.setContentType("text/html"); resp.setContentLength(b.length); @@ -192,7 +186,7 @@ public class DoUnrevokeTPS extends CMSServlet { process(serialNumbers, req, resp, locale[0], initiative); } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } catch (IOException e) { @@ -206,10 +200,10 @@ public class DoUnrevokeTPS extends CMSServlet { errorString = "error="; } else { o_status = "status=3"; - errorString = "error="+error.toString(); + errorString = "error=" + error.toString(); } - String pp = o_status+"\n"+errorString; + String pp = o_status + "\n" + errorString; byte[] b = pp.getBytes(); resp.setContentType("text/html"); resp.setContentLength(b.length); @@ -217,33 +211,34 @@ public class DoUnrevokeTPS extends CMSServlet { os.write(b); os.flush(); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - /** * Process X509 cert status change request * <P> - * - * (Certificate Request - an "agent" cert status change request to take - * a certificate off-hold) + * + * (Certificate Request - an "agent" cert status change request to take a + * certificate off-hold) * <P> - * - * (Certificate Request Processed - an "agent" cert status change request - * to take a certificate off-hold) + * + * (Certificate Request Processed - an "agent" cert status change request to + * take a certificate off-hold) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when - * a cert status change request (e. g. - "revocation") is made (before + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used + * when a cert status change request (e. g. - "revocation") is made (before * approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED - * used when a certificate status is changed (taken off-hold) + * <li>signed.audit + * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a + * certificate status is changed (taken off-hold) * </ul> + * * @param serialNumbers the serial number of the certificate * @param req HTTP servlet request * @param resp HTTP servlet response @@ -252,10 +247,10 @@ public class DoUnrevokeTPS extends CMSServlet { * @exception EBaseException an error has occurred */ private void process(BigInteger[] serialNumbers, - HttpServletRequest req, - HttpServletResponse resp, - Locale locale, String initiative) - throws EBaseException { + HttpServletRequest req, + HttpServletResponse resp, + Locale locale, String initiative) + throws EBaseException { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -268,11 +263,13 @@ public class DoUnrevokeTPS extends CMSServlet { try { String snList = ""; - // certs are for old cloning and they should be removed as soon as possible + // certs are for old cloning and they should be removed as soon as + // possible X509CertImpl[] certs = new X509CertImpl[serialNumbers.length]; for (int i = 0; i < serialNumbers.length; i++) { - certs[i] = (X509CertImpl)getX509Certificate(serialNumbers[i]); - if (snList.length() > 0) snList += ", "; + certs[i] = (X509CertImpl) getX509Certificate(serialNumbers[i]); + if (snList.length() > 0) + snList += ", "; snList += "0x" + serialNumbers[i].toString(16); } @@ -313,76 +310,76 @@ public class DoUnrevokeTPS extends CMSServlet { if (result != null && result.equals(IRequest.RES_SUCCESS)) { if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "completed", - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "completed", + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } } else { String error = unrevReq.getExtDataInString(IRequest.ERROR); if (error != null) { o_status = "status=3"; - errorString = "error="+error; + errorString = "error=" + error; if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "completed with error: " + - error, - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "completed with error: " + + error, + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } } } - Integer updateCRLResult = - unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = + unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { if (!updateCRLResult.equals(IRequest.RES_SUCCESS)) { String crlError = - unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); + unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); if (crlError != null) { o_status = "status=3"; - errorString = "error="+crlError; + errorString = "error=" + crlError; } } // let known crl publishing status too. - Integer publishCRLResult = - unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + Integer publishCRLResult = + unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (!publishCRLResult.equals(IRequest.RES_SUCCESS)) { String publError = - unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { o_status = "status=3"; - errorString = "error="+publError; + errorString = "error=" + publError; } } } } - // let known update and publish status of all crls. - Enumeration otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + // let known update and publish status of all crls. + Enumeration otherCRLs = + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) @@ -394,37 +391,37 @@ public class DoUnrevokeTPS extends CMSServlet { if (!updateResult.equals(IRequest.RES_SUCCESS)) { String updateErrorStr = crl.getCrlUpdateErrorStr(); String error = - unrevReq.getExtDataInString(updateErrorStr); + unrevReq.getExtDataInString(updateErrorStr); if (error != null) { o_status = "status=3"; - errorString = "error="+error; + errorString = "error=" + error; } } String publishStatusStr = crl.getCrlPublishStatusStr(); Integer publishResult = - unrevReq.getExtDataInInteger(publishStatusStr); + unrevReq.getExtDataInInteger(publishStatusStr); - if (publishResult == null) + if (publishResult == null) continue; if (!publishResult.equals(IRequest.RES_SUCCESS)) { - String publishErrorStr = - crl.getCrlPublishErrorStr(); + String publishErrorStr = + crl.getCrlPublishErrorStr(); String error = - unrevReq.getExtDataInString(publishErrorStr); + unrevReq.getExtDataInString(publishErrorStr); if (error != null) { o_status = "status=3"; - errorString = "error="+error; + errorString = "error=" + error; } } } } if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { - Integer[] ldapPublishStatus = - unrevReq.getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = + unrevReq.getExtDataInIntegerArray("ldapPublishStatus"); if (ldapPublishStatus != null) { if (ldapPublishStatus[0] != IRequest.RES_SUCCESS) { @@ -432,25 +429,25 @@ public class DoUnrevokeTPS extends CMSServlet { errorString = "error=Problem in publishing to LDAP"; } } - } else if (mPublisherProcessor == null || (! mPublisherProcessor.ldapEnabled())) { + } else if (mPublisherProcessor == null || (!mPublisherProcessor.ldapEnabled())) { o_status = "status=3"; errorString = "error=LDAP Publisher not enabled"; } } else if (status == RequestStatus.PENDING) { o_status = "status=2"; - errorString = "error="+status.toString(); + errorString = "error=" + status.toString(); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "pending", - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "pending", + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } } else { o_status = "status=2"; @@ -458,15 +455,15 @@ public class DoUnrevokeTPS extends CMSServlet { if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - status.toString(), - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + status.toString(), + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } } @@ -474,9 +471,8 @@ public class DoUnrevokeTPS extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)) - ) { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -510,10 +506,10 @@ public class DoUnrevokeTPS extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -533,7 +529,7 @@ public class DoUnrevokeTPS extends CMSServlet { } private BigInteger[] getSerialNumbers(HttpServletRequest req) - throws NumberFormatException { + throws NumberFormatException { String serialNumString = req.getParameter("serialNumber"); StringTokenizer snList = new StringTokenizer(serialNumString, " "); @@ -554,7 +550,7 @@ public class DoUnrevokeTPS extends CMSServlet { biList.addElement(bi); } else { throw new NumberFormatException(); - } + } } if (biList.size() < 1) { throw new NumberFormatException(); @@ -570,11 +566,11 @@ public class DoUnrevokeTPS extends CMSServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -600,11 +596,11 @@ public class DoUnrevokeTPS extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -623,7 +619,7 @@ public class DoUnrevokeTPS extends CMSServlet { // convert it to hexadecimal serialNumber = "0x" + Integer.toHexString( - Integer.valueOf(serialNumber).intValue()); + Integer.valueOf(serialNumber).intValue()); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -631,4 +627,3 @@ public class DoUnrevokeTPS extends CMSServlet { return serialNumber; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java b/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java index b1d89426..2a143b66 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Locale; @@ -46,10 +45,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * For Face-to-face enrollment, enable EE enrollment feature - * + * * @version $Revision$, $Date$ * @see com.netscape.cms.servlet.cert.DisableEnrollResult */ @@ -88,7 +86,7 @@ public class EnableEnrollResult extends CMSServlet { * Services the request */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -119,7 +117,7 @@ public class EnableEnrollResult extends CMSServlet { if (!(mAuthority instanceof IRegistrationAuthority)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -130,10 +128,10 @@ public class EnableEnrollResult extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -162,7 +160,7 @@ public class EnableEnrollResult extends CMSServlet { String timeout = args.getValueAsString("timeout", "600"); mgr.createEntry(host, dn, Long.parseLong(timeout) * 1000, - random.nextLong() + "", 0); + random.nextLong() + "", 0); header.addStringValue("code", "0"); } @@ -173,10 +171,10 @@ public class EnableEnrollResult extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java index 44d0c509..ecad6d8a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateEncodingException; @@ -75,10 +74,9 @@ import com.netscape.cms.servlet.processors.KeyGenProcessor; import com.netscape.cms.servlet.processors.PKCS10Processor; import com.netscape.cms.servlet.processors.PKIProcessor; - /** * Submit a Certificate Enrollment request - * + * * @version $Revision$, $Date$ */ public class EnrollServlet extends CMSServlet { @@ -90,10 +88,9 @@ public class EnrollServlet extends CMSServlet { public final static String ADMIN_ENROLL_SERVLET_ID = "caadminEnroll"; // enrollment templates. - public static final String - ENROLL_SUCCESS_TEMPLATE = "EnrollSuccess.template"; + public static final String ENROLL_SUCCESS_TEMPLATE = "EnrollSuccess.template"; - // http params + // http params public static final String OLD_CERT_TYPE = "csrCertType"; public static final String CERT_TYPE = "certType"; // same as in ConfigConstant.java @@ -116,8 +113,7 @@ public class EnrollServlet extends CMSServlet { private boolean mAuthTokenOverride = true; private String mEnrollSuccessTemplate = null; - private ICMSTemplateFiller - mEnrollSuccessFiller = new ImportCertsTemplateFiller(); + private ICMSTemplateFiller mEnrollSuccessFiller = new ImportCertsTemplateFiller(); ICertificateAuthority mCa = null; ICertificateRepository mRepository = null; @@ -126,55 +122,55 @@ public class EnrollServlet extends CMSServlet { private String auditServiceID = ILogger.UNIDENTIFIED; private final static String ADMIN_CA_ENROLLMENT_SERVLET = - "caadminEnroll"; + "caadminEnroll"; private final static String AGENT_CA_BULK_ENROLLMENT_SERVLET = - "cabulkissuance"; + "cabulkissuance"; private final static String AGENT_RA_BULK_ENROLLMENT_SERVLET = - "rabulkissuance"; + "rabulkissuance"; private final static String EE_CA_CERT_BASED_ENROLLMENT_SERVLET = - "cacertbasedenrollment"; + "cacertbasedenrollment"; private final static String EE_CA_ENROLLMENT_SERVLET = - "caenrollment"; + "caenrollment"; private final static String EE_RA_CERT_BASED_ENROLLMENT_SERVLET = - "racertbasedenrollment"; + "racertbasedenrollment"; private final static String EE_RA_ENROLLMENT_SERVLET = - "raenrollment"; + "raenrollment"; private final static byte EOL[] = { Character.LINE_SEPARATOR }; - private final static String[] - SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { - - /* 0 */ "automated non-profile cert request rejection: " + private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { + + /* 0 */"automated non-profile cert request rejection: " + "unable to render OLD_CERT_TYPE response", - - /* 1 */ "automated non-profile cert request rejection: " + + /* 1 */"automated non-profile cert request rejection: " + "unable to complete handleEnrollAuditLog() method", - - /* 2 */ "automated non-profile cert request rejection: " + + /* 2 */"automated non-profile cert request rejection: " + "unable to render success template", - - /* 3 */ "automated non-profile cert request rejection: " + + /* 3 */"automated non-profile cert request rejection: " + "indeterminate reason for inability to process " + "cert request due to an EBaseException" }; - private final static String - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST = - "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; - + private final static String LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST = + "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + private static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----"; private static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----"; - + public EnrollServlet() { super(); } /** - * initialize the servlet.<p> - * the following parameters are read from the servlet config: - * <ul><li>CMSServlet.PROP_ID - ID for signed audit log messages - * <li>CMSServlet.PROP_SUCCESS_TEMPLATE - success template file + * initialize the servlet. + * <p> + * the following parameters are read from the servlet config: + * <ul> + * <li>CMSServlet.PROP_ID - ID for signed audit log messages + * <li>CMSServlet.PROP_SUCCESS_TEMPLATE - success template file + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -185,8 +181,8 @@ public class EnrollServlet extends CMSServlet { try { IConfigStore configStore = CMS.getConfigStore(); - String PKI_Subsystem = configStore.getString( "subsystem.0.id", - null ); + String PKI_Subsystem = configStore.getString("subsystem.0.id", + null); // CMS 6.1 began utilizing the "Certificate Profiles" framework // instead of the legacy "Certificate Policies" framework. @@ -197,51 +193,51 @@ public class EnrollServlet extends CMSServlet { // framework would be deprecated and disabled by default // (see Bugzilla Bug #472597). // - // NOTE: The "Certificate Policies" framework ONLY applied to - // to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems. + // NOTE: The "Certificate Policies" framework ONLY applied to + // to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems. // - // Further, the "EnrollServlet.java" servlet is ONLY - // used by the CA for the following: + // Further, the "EnrollServlet.java" servlet is ONLY + // used by the CA for the following: // - // SERVLET-NAME URL-PATTERN - // ==================================================== - // caadminEnroll ca/admin/ca/adminEnroll.html - // cabulkissuance ca/agent/ca/bulkissuance.html - // cacertbasedenrollment ca/certbasedenrollment.html - // caenrollment ca/enrollment.html + // SERVLET-NAME URL-PATTERN + // ==================================================== + // caadminEnroll ca/admin/ca/adminEnroll.html + // cabulkissuance ca/agent/ca/bulkissuance.html + // cacertbasedenrollment ca/certbasedenrollment.html + // caenrollment ca/enrollment.html // - // The "EnrollServlet.java" servlet is NOT used by - // the KRA. + // The "EnrollServlet.java" servlet is NOT used by + // the KRA. // - if( PKI_Subsystem.trim().equalsIgnoreCase( "ca" ) ) { + if (PKI_Subsystem.trim().equalsIgnoreCase("ca")) { String policyStatus = PKI_Subsystem.trim().toLowerCase() + "." + "Policy" + "." + IPolicyProcessor.PROP_ENABLE; - if( configStore.getBoolean( policyStatus, true ) == true ) { - // NOTE: If "<subsystem>.Policy.enable=<boolean>" - // is missing, then the referenced instance - // existed prior to this name=value pair - // existing in its 'CS.cfg' file, and thus - // we err on the side that the user may - // still need to use the policy framework. - CMS.debug( "EnrollServlet::init Certificate " + if (configStore.getBoolean(policyStatus, true) == true) { + // NOTE: If "<subsystem>.Policy.enable=<boolean>" + // is missing, then the referenced instance + // existed prior to this name=value pair + // existing in its 'CS.cfg' file, and thus + // we err on the side that the user may + // still need to use the policy framework. + CMS.debug("EnrollServlet::init Certificate " + "Policy Framework (deprecated) " - + "is ENABLED" ); + + "is ENABLED"); } else { - // CS 8.1 Default: <subsystem>.Policy.enable=false - CMS.debug( "EnrollServlet::init Certificate " + // CS 8.1 Default: <subsystem>.Policy.enable=false + CMS.debug("EnrollServlet::init Certificate " + "Policy Framework (deprecated) " - + "is DISABLED" ); + + "is DISABLED"); return; } } - } catch( EBaseException e ) { - throw new ServletException( "EnrollServlet::init - " + } catch (EBaseException e) { + throw new ServletException("EnrollServlet::init - " + "EBaseException: " + "Unable to initialize " + "Certificate Policy Framework " - + "(deprecated)" ); + + "(deprecated)"); } // override success template to allow direct import of keygen certs. @@ -254,18 +250,18 @@ public class EnrollServlet extends CMSServlet { if (id != null) { if (!(auditServiceID.equals( ADMIN_CA_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - AGENT_CA_BULK_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - AGENT_RA_BULK_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - EE_CA_CERT_BASED_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - EE_CA_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - EE_RA_CERT_BASED_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - EE_RA_ENROLLMENT_SERVLET))) { + && !(auditServiceID.equals( + AGENT_CA_BULK_ENROLLMENT_SERVLET)) + && !(auditServiceID.equals( + AGENT_RA_BULK_ENROLLMENT_SERVLET)) + && !(auditServiceID.equals( + EE_CA_CERT_BASED_ENROLLMENT_SERVLET)) + && !(auditServiceID.equals( + EE_CA_ENROLLMENT_SERVLET)) + && !(auditServiceID.equals( + EE_RA_CERT_BASED_ENROLLMENT_SERVLET)) + && !(auditServiceID.equals( + EE_RA_ENROLLMENT_SERVLET))) { auditServiceID = ILogger.UNIDENTIFIED; } else { auditServiceID = id.trim(); @@ -282,7 +278,7 @@ public class EnrollServlet extends CMSServlet { if (fillername != null) { ICMSTemplateFiller filler = newFillerObject(fillername); - if (filler != null) + if (filler != null) mEnrollSuccessFiller = filler; } @@ -291,10 +287,10 @@ public class EnrollServlet extends CMSServlet { init_testbed_hack(mConfig); } catch (Exception e) { - // this should never happen. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", - e.toString(), mId)); + // this should never happen. + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", + e.toString(), mId)); } } catch (ServletException eAudit1) { // rethrow caught exception @@ -302,64 +298,61 @@ public class EnrollServlet extends CMSServlet { } } - - /** - * XXX (SHOULD CHANGE TO READ FROM Servletconfig) - * Getter method to see if Proof of Posession checking is enabled. - * this value is set in the CMS.cfg filem with the parameter - * "enrollment.enforcePop". It defaults to false - * @return true if user is required to Prove that they possess the - * private key corresponding to the public key in the certificate - * request they are submitting - */ + /** + * XXX (SHOULD CHANGE TO READ FROM Servletconfig) Getter method to see if + * Proof of Posession checking is enabled. this value is set in the CMS.cfg + * filem with the parameter "enrollment.enforcePop". It defaults to false + * + * @return true if user is required to Prove that they possess the private + * key corresponding to the public key in the certificate request + * they are submitting + */ public boolean getEnforcePop() { return enforcePop; } /** - * Process the HTTP request. - * <UL><LI>If the request is coming through the admin port, it is only - * allowed to continue if 'admin enrollment' is enabled in the CMS.cfg file - * <LI>If the CMS.cfg parameter useThreadNaming is true, the current thread is - * renamed with more information about the current request ID - * <LI>The request is preprocessed, then processed further in one - * of the cert request processor classes: KeyGenProcessor, PKCS10Processor, - * CMCProcessor, CRMFProcessor - * </UL> - * + * Process the HTTP request. + * <UL> + * <LI>If the request is coming through the admin port, it is only allowed + * to continue if 'admin enrollment' is enabled in the CMS.cfg file + * <LI>If the CMS.cfg parameter useThreadNaming is true, the current thread + * is renamed with more information about the current request ID + * <LI>The request is preprocessed, then processed further in one of the + * cert request processor classes: KeyGenProcessor, PKCS10Processor, + * CMCProcessor, CRMFProcessor + * </UL> + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { // SPECIAL CASE: // if it is adminEnroll servlet,check if it's enabled if (mId.equals(ADMIN_ENROLL_SERVLET_ID) && - !CMSGateway.getEnableAdminEnroll()) { - log(ILogger.LL_SECURITY, - CMS.getLogMessage("ADMIN_SRVLT_ENROLL_ACCESS_AFTER_SETUP")); + !CMSGateway.getEnableAdminEnroll()) { + log(ILogger.LL_SECURITY, + CMS.getLogMessage("ADMIN_SRVLT_ENROLL_ACCESS_AFTER_SETUP")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REDIRECTING_ADMINENROLL_ERROR", "Attempt to access adminEnroll after already setup.")); + CMS.getUserMessage("CMS_GW_REDIRECTING_ADMINENROLL_ERROR", "Attempt to access adminEnroll after already setup.")); } - processX509(cmsReq); + processX509(cmsReq); } private boolean getCertAuthEnrollStatus(IArgBlock httpParams) { /* - * === certAuth based enroll === - * "certAuthEnroll" is on. - * "certauthEnrollType can be one of the three: - * single - it's for single cert enrollment - * dual - it's for dual certs enrollment - * encryption - getting the encryption cert only via - * authentication of the signing cert - * (crmf or keyGenInfo) + * === certAuth based enroll === "certAuthEnroll" is on. + * "certauthEnrollType can be one of the three: single - it's for single + * cert enrollment dual - it's for dual certs enrollment encryption - + * getting the encryption cert only via authentication of the signing + * cert (crmf or keyGenInfo) */ boolean certAuthEnroll = false; String certAuthEnrollOn = - httpParams.getValueAsString("certauthEnroll", null); + httpParams.getValueAsString("certauthEnroll", null); if ((certAuthEnrollOn != null) && (certAuthEnrollOn.equals("on"))) { certAuthEnroll = true; @@ -371,7 +364,7 @@ public class EnrollServlet extends CMSServlet { } private String getCertAuthEnrollType(IArgBlock httpParams, boolean certAuthEnroll) - throws EBaseException { + throws EBaseException { String certauthEnrollType = null; @@ -387,53 +380,53 @@ public class EnrollServlet extends CMSServlet { CMS.debug("EnrollServlet: certauthEnrollType is single"); } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType)); + CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE")); } } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("MSGW_MISSING_CERTAUTH_ENROLL_TYPE")); + CMS.getLogMessage("MSGW_MISSING_CERTAUTH_ENROLL_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE")); + CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE")); } } - + return certauthEnrollType; - + } private boolean checkClientCertSigningOnly(X509Certificate sslClientCert) - throws EBaseException { + throws EBaseException { if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == false) || - ((CMS.isSigningCert((X509CertImpl) sslClientCert) == + ((CMS.isSigningCert((X509CertImpl) sslClientCert) == true) && (CMS.isEncryptionCert((X509CertImpl) sslClientCert) == true))) { // either it's not a signing cert, or it's a dual cert log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); + CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); } return true; } - + private X509CertInfo[] handleCertAuthDual(X509CertInfo certInfo, IAuthToken authToken, X509Certificate sslClientCert, - ICertificateAuthority mCa, String certBasedOldSubjectDN, - BigInteger certBasedOldSerialNum) - throws EBaseException { - + ICertificateAuthority mCa, String certBasedOldSubjectDN, + BigInteger certBasedOldSerialNum) + throws EBaseException { + CMS.debug("EnrollServlet: In handleCertAuthDual!"); - + if (mCa == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NOT_A_CA")); + CMS.getLogMessage("CMSGW_NOT_A_CA")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_A_CA")); + CMS.getUserMessage("CMS_GW_NOT_A_CA")); } // first, make sure the client cert is indeed a @@ -456,20 +449,20 @@ public class EnrollServlet extends CMSServlet { certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_IO", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_IO", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } String filter = - "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))"; + "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))"; ICertRecordList list = - (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, null, 10); + (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, null, 10); int size = list.getSize(); Enumeration<ICertRecord> en = list.getCertRecords(0, size - 1); boolean gotEncCert = false; @@ -482,8 +475,8 @@ public class EnrollServlet extends CMSServlet { // pairing encryption cert not found } else { X509CertInfo encCertInfo = CMS.getDefaultX509CertInfo(); - X509CertInfo[] cInfoArray = new X509CertInfo[] {certInfo, - encCertInfo}; + X509CertInfo[] cInfoArray = new X509CertInfo[] { certInfo, + encCertInfo }; int i = 1; boolean encCertFound = false; @@ -494,7 +487,7 @@ public class EnrollServlet extends CMSServlet { // if not encryption cert only, try next one if ((CMS.isEncryptionCert(cert) == false) || - ((CMS.isEncryptionCert(cert) == true) && + ((CMS.isEncryptionCert(cert) == true) && (CMS.isSigningCert(cert) == true))) { CMS.debug("EnrollServlet: Not encryption only cert, will try next one."); @@ -508,27 +501,27 @@ public class EnrollServlet extends CMSServlet { try { encCertInfo = (X509CertInfo) cert.get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + X509CertImpl.NAME + "." + X509CertImpl.INFO); } catch (CertificateParsingException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); + CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTINFO")); + CMS.getUserMessage("CMS_GW_MISSING_CERTINFO")); } try { encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } CMS.debug("EnrollServlet: About to fillCertInfoFromAuthToken!"); @@ -545,14 +538,14 @@ public class EnrollServlet extends CMSServlet { CMS.debug("EnrollServlet: returning cInfoArray of length " + cInfoArray.length); return cInfoArray; - } + } } private boolean handleEnrollAuditLog(IRequest req, CMSRequest cmsReq, String authMgr, IAuthToken authToken, - X509CertInfo certInfo, long startTime) - throws EBaseException { - //for audit log + X509CertInfo certInfo, long startTime) + throws EBaseException { + // for audit log String initiative = null; String agentID = null; @@ -563,7 +556,7 @@ public class EnrollServlet extends CMSServlet { } else { agentID = authToken.getInString("userid"); initiative = AuditFormat.FROMAGENT + " agentID: " + agentID; - } + } // if service not complete return standard templates. RequestStatus status = req.getRequestStatus(); @@ -584,54 +577,54 @@ public class EnrollServlet extends CMSServlet { wholeMsg.append(msgs.nextElement()); } mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT), - " violation: " + - wholeMsg.toString()} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT), + " violation: " + + wholeMsg.toString() } + ); } else { // no policy violation, from agent mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT), ""} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT), "" } + ); } } else { // other imcomplete status long endTime = CMS.getCurrentDate().getTime(); mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT) + " time: " + (endTime - startTime), ""} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT) + " time: " + (endTime - startTime), "" } + ); } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", - e.toString())); + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + e.toString())); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", - e.toString())); + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + e.toString())); } return false; } @@ -643,40 +636,40 @@ public class EnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(req.getExtDataInString(IRequest.ERROR)); String[] svcErrors = - req.getExtDataInStringArray(IRequest.SVCERRORS); + req.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - //System.out.println( - //"revocation servlet: setting error description "+ - //err.toString()); + // System.out.println( + // "revocation servlet: setting error description "+ + // err.toString()); cmsReq.setErrorDescription(err); // audit log the error try { mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed with error: " + - err, - certInfo.get(X509CertInfo.SUBJECT), "" + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed with error: " + + err, + certInfo.get(X509CertInfo.SUBJECT), "" } - ); + ); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", - e.toString())); + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + e.toString())); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", - e.toString())); + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + e.toString())); } } @@ -693,29 +686,30 @@ public class EnrollServlet extends CMSServlet { /** * Process X509 certificate enrollment request * <P> - * + * * (Certificate Request - either an "admin" cert request for an admin - * certificate, an "agent" cert request for "bulk enrollment", or - * an "EE" standard cert request) + * certificate, an "agent" cert request for "bulk enrollment", or an "EE" + * standard cert request) * <P> - * + * * (Certificate Request Processed - either an automated "admin" non-profile - * based CA admin cert acceptance, an automated "admin" non-profile based - * CA admin cert rejection, an automated "EE" non-profile based cert - * acceptance, or an automated "EE" non-profile based cert rejection) + * based CA admin cert acceptance, an automated "admin" non-profile based CA + * admin cert rejection, an automated "EE" non-profile based cert + * acceptance, or an automated "EE" non-profile based cert rejection) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a - * non-profile cert request is made (before approval process) + * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when + * a non-profile cert request is made (before approval process) * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> + * * @param cmsReq a certificate enrollment request * @exception EBaseException an error has occurred */ - protected void processX509(CMSRequest cmsReq) - throws EBaseException { + protected void processX509(CMSRequest cmsReq) + throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = ILogger.UNIDENTIFIED; @@ -733,7 +727,7 @@ public class EnrollServlet extends CMSServlet { IConfigStore configStore = CMS.getConfigStore(); - /* XXX shouldn't we read this from ServletConfig at init time? */ + /* XXX shouldn't we read this from ServletConfig at init time? */ enforcePop = configStore.getBoolean("enrollment.enforcePop", false); CMS.debug("EnrollServlet: enforcePop " + enforcePop); @@ -743,7 +737,7 @@ public class EnrollServlet extends CMSServlet { startTime = CMS.getCurrentDate().getTime(); httpParams = cmsReq.getHttpParams(); httpReq = cmsReq.getHttpReq(); - if (mAuthMgr != null) { + if (mAuthMgr != null) { authToken = authenticate(cmsReq); } @@ -752,10 +746,10 @@ public class EnrollServlet extends CMSServlet { mAuthzResourceName, "submit"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -763,8 +757,8 @@ public class EnrollServlet extends CMSServlet { // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -791,27 +785,24 @@ public class EnrollServlet extends CMSServlet { } try { - if (CMS.getConfigStore().getBoolean("useThreadNaming", false)) { - String currentName = Thread.currentThread().getName(); + if (CMS.getConfigStore().getBoolean("useThreadNaming", false)) { + String currentName = Thread.currentThread().getName(); Thread.currentThread().setName(currentName - + "-request-" - + req.getRequestId().toString() - + "-" - + (new Date()).getTime()); + + "-request-" + + req.getRequestId().toString() + + "-" + + (new Date()).getTime()); } } catch (Exception e) { } /* - * === certAuth based enroll === - * "certAuthEnroll" is on. - * "certauthEnrollType can be one of the three: - * single - it's for single cert enrollment - * dual - it's for dual certs enrollment - * encryption - getting the encryption cert only via - * authentication of the signing cert - * (crmf or keyGenInfo) + * === certAuth based enroll === "certAuthEnroll" is on. + * "certauthEnrollType can be one of the three: single - it's for + * single cert enrollment dual - it's for dual certs enrollment + * encryption - getting the encryption cert only via authentication + * of the signing cert (crmf or keyGenInfo) */ boolean certAuthEnroll = false; String certauthEnrollType = null; @@ -826,8 +817,8 @@ public class EnrollServlet extends CMSServlet { } catch (ECMSGWException e) { // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -844,7 +835,7 @@ public class EnrollServlet extends CMSServlet { CMS.debug("EnrollServlet: In EnrollServlet.processX509!"); CMS.debug("EnrollServlet: certAuthEnroll " + certAuthEnroll); CMS.debug("EnrollServlet: certauthEnrollType " + certauthEnrollType); - + String challengePassword = httpParams.getValueAsString( "challengePassword", ""); @@ -859,18 +850,18 @@ public class EnrollServlet extends CMSServlet { BigInteger certBasedOldSerialNum = null; // check if request was authenticated, if so set authtoken & - // certInfo. also if authenticated, take certInfo from authToken. + // certInfo. also if authenticated, take certInfo from authToken. certInfo = null; if (certAuthEnroll == true) { sslClientCert = getSSLClientCertificate(httpReq); if (sslClientCert == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT")); + CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT")); // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -882,7 +873,7 @@ public class EnrollServlet extends CMSServlet { audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT")); + CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT")); } certBasedOldSubjectDN = (String) @@ -896,23 +887,23 @@ public class EnrollServlet extends CMSServlet { // if the cert subject name is NOT MISSING, retrieve the // actual "auditCertificateSubjectName" and "normalize" it if (certBasedOldSubjectDN != null) { - // NOTE: This is ok even if the cert subject name - // is "" (empty)! + // NOTE: This is ok even if the cert subject name + // is "" (empty)! auditCertificateSubjectName = certBasedOldSubjectDN.trim(); } try { certInfo = (X509CertInfo) ((X509CertImpl) sslClientCert).get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + X509CertImpl.NAME + "." + X509CertImpl.INFO); } catch (CertificateParsingException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTINFO")); + CMS.getLogMessage("CMSGW_MISSING_CERTINFO")); // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -924,14 +915,14 @@ public class EnrollServlet extends CMSServlet { audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); + CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); } } else { CMS.debug("EnrollServlet: No CertAuthEnroll."); certInfo = CMS.getDefaultX509CertInfo(); } - X509CertInfo[] certInfoArray = new X509CertInfo[] {certInfo}; + X509CertInfo[] certInfoArray = new X509CertInfo[] { certInfo }; X509CertInfo authCertInfo = null; String authMgr = AuditFormat.NOAUTH; @@ -940,15 +931,15 @@ public class EnrollServlet extends CMSServlet { if (authToken != null) { authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); - // don't store agent token in request. - // agent currently used for bulk issuance. + // don't store agent token in request. + // agent currently used for bulk issuance. // if (!authMgr.equals(AuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { - log(ILogger.LL_INFO, - "Enrollment request was authenticated by " + - authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); + log(ILogger.LL_INFO, + "Enrollment request was authenticated by " + + authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); PKIProcessor.fillCertInfoFromAuthToken(certInfo, - authToken); + authToken); // save authtoken attrs to request directly // (for policy use) saveAuthToken(authToken, req); @@ -960,17 +951,17 @@ public class EnrollServlet extends CMSServlet { if (certAuthEnroll == true) { // log(ILogger.LL_DEBUG, - // "just gotten subjectDN and serialNumber " + - // "from ssl client cert"); + // "just gotten subjectDN and serialNumber " + + // "from ssl client cert"); if (authToken == null) { // authToken is null, can't match to anyone; bail! - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_PROCESS_ENROLL_NO_AUTH")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_PROCESS_ENROLL_NO_AUTH")); // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -1028,7 +1019,7 @@ public class EnrollServlet extends CMSServlet { } } - //pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null); + // pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null); } else { try { @@ -1039,24 +1030,23 @@ public class EnrollServlet extends CMSServlet { ex.printStackTrace(); } } - + String cmc = null; String asciiBASE64Blob = httpParams.getValueAsString(CMC_REQUEST, null); - - if(asciiBASE64Blob!=null) - { - int startIndex = asciiBASE64Blob.indexOf(HEADER); - int endIndex = asciiBASE64Blob.indexOf(TRAILER); - if (startIndex!= -1 && endIndex!=-1) { - startIndex = startIndex + HEADER.length(); - cmc=asciiBASE64Blob.substring(startIndex, endIndex); - }else - cmc = asciiBASE64Blob; - CMS.debug("EnrollServlet: cmc " + cmc); + + if (asciiBASE64Blob != null) { + int startIndex = asciiBASE64Blob.indexOf(HEADER); + int endIndex = asciiBASE64Blob.indexOf(TRAILER); + if (startIndex != -1 && endIndex != -1) { + startIndex = startIndex + HEADER.length(); + cmc = asciiBASE64Blob.substring(startIndex, endIndex); + } else + cmc = asciiBASE64Blob; + CMS.debug("EnrollServlet: cmc " + cmc); } - + String crmf = httpParams.getValueAsString(CRMF_REQUEST, null); - + CMS.debug("EnrollServlet: crmf " + crmf); if (certAuthEnroll == true) { @@ -1066,7 +1056,7 @@ public class EnrollServlet extends CMSServlet { // for dual certs if (certauthEnrollType.equals(CERT_AUTH_DUAL)) { - CMS.debug("EnrollServlet: Attempting CERT_AUTH_DUAL"); + CMS.debug("EnrollServlet: Attempting CERT_AUTH_DUAL"); boolean gotEncCert = false; X509CertInfo[] cInfoArray = null; @@ -1078,8 +1068,8 @@ public class EnrollServlet extends CMSServlet { } catch (ECMSGWException e) { // store a message in the signed audit log file // (either an "admin" cert request for an admin - // certificate, an "agent" cert request for - // "bulk enrollment", or an "EE" standard cert request) + // certificate, an "agent" cert request for + // "bulk enrollment", or an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -1103,13 +1093,13 @@ public class EnrollServlet extends CMSServlet { if (gotEncCert == false) { // encryption cert not found, bail log(ILogger.LL_FAILURE, - CMS.getLogMessage( - "CMSGW_ENCRYPTION_CERT_NOT_FOUND")); + CMS.getLogMessage( + "CMSGW_ENCRYPTION_CERT_NOT_FOUND")); // store a message in the signed audit log file // (either an "admin" cert request for an admin - // certificate, an "agent" cert request for - // "bulk enrollment", or an "EE" standard cert request) + // certificate, an "agent" cert request for + // "bulk enrollment", or an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -1121,7 +1111,7 @@ public class EnrollServlet extends CMSServlet { audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND")); + CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND")); } } else if (certauthEnrollType.equals(CERT_AUTH_ENCRYPTION)) { @@ -1135,8 +1125,8 @@ public class EnrollServlet extends CMSServlet { } catch (ECMSGWException e) { // store a message in the signed audit log file // (either an "admin" cert request for an admin - // certificate, an "agent" cert request for - // "bulk enrollment", or an "EE" standard cert request) + // certificate, an "agent" cert request for + // "bulk enrollment", or an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -1158,12 +1148,12 @@ public class EnrollServlet extends CMSServlet { this); keyGenProc.fillCertInfo(null, certInfo, - authToken, httpParams); + authToken, httpParams); req.setExtData(CLIENT_ISSUER, - sslClientCert.getIssuerDN().toString()); + sslClientCert.getIssuerDN().toString()); CMS.debug("EnrollServlet: sslClientCert issuerDN = " + - sslClientCert.getIssuerDN().toString()); + sslClientCert.getIssuerDN().toString()); } else if (crmf != null && crmf != "") { CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, this, enforcePop); @@ -1173,18 +1163,18 @@ public class EnrollServlet extends CMSServlet { req); req.setExtData(CLIENT_ISSUER, - sslClientCert.getIssuerDN().toString()); + sslClientCert.getIssuerDN().toString()); CMS.debug("EnrollServlet: sslClientCert issuerDN = " + - sslClientCert.getIssuerDN().toString()); + sslClientCert.getIssuerDN().toString()); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); // store a message in the signed audit log file // (either an "admin" cert request for an admin - // certificate, an "agent" cert request for - // "bulk enrollment", or an "EE" standard cert request) + // certificate, an "agent" cert request for + // "bulk enrollment", or an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -1196,7 +1186,7 @@ public class EnrollServlet extends CMSServlet { audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); + CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); } } else if (certauthEnrollType.equals(CERT_AUTH_SINGLE)) { @@ -1208,13 +1198,13 @@ public class EnrollServlet extends CMSServlet { this); keyGenProc.fillCertInfo(null, certInfo, - authToken, httpParams); + authToken, httpParams); } else if (pkcs10 != null) { PKCS10Processor pkcs10Proc = new PKCS10Processor(cmsReq, this); pkcs10Proc.fillCertInfo(pkcs10, certInfo, - authToken, httpParams); + authToken, httpParams); } else if (cmc != null && cmc != "") { CMCProcessor cmcProc = new CMCProcessor(cmsReq, this, enforcePop); @@ -1230,14 +1220,14 @@ public class EnrollServlet extends CMSServlet { httpParams, req); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); // store a message in the signed audit log file // (either an "admin" cert request for an admin - // certificate, an "agent" cert request for - // "bulk enrollment", or an "EE" standard cert request) + // certificate, an "agent" cert request for + // "bulk enrollment", or an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -1249,10 +1239,10 @@ public class EnrollServlet extends CMSServlet { audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); + CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); } req.setExtData(CLIENT_ISSUER, - sslClientCert.getIssuerDN().toString()); + sslClientCert.getIssuerDN().toString()); } } else if (keyGenInfo != null) { @@ -1279,14 +1269,14 @@ public class EnrollServlet extends CMSServlet { certInfoArray = crmfProc.fillCertInfoArray(crmf, authToken, httpParams, req); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -1300,28 +1290,26 @@ public class EnrollServlet extends CMSServlet { throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); } - // if ca, fill in default signing alg here - + try { - ICertificateAuthority caSub = - (ICertificateAuthority) CMS.getSubsystem("ca"); - if (certInfoArray != null && caSub != null) { - for (int ix = 0; ix < certInfoArray.length; ix++) { - X509CertInfo ci = (X509CertInfo)certInfoArray[ix]; - String defaultSig = caSub.getDefaultAlgorithm(); - AlgorithmId algid = AlgorithmId.get(defaultSig); - ci.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId(algid)); + ICertificateAuthority caSub = + (ICertificateAuthority) CMS.getSubsystem("ca"); + if (certInfoArray != null && caSub != null) { + for (int ix = 0; ix < certInfoArray.length; ix++) { + X509CertInfo ci = (X509CertInfo) certInfoArray[ix]; + String defaultSig = caSub.getDefaultAlgorithm(); + AlgorithmId algid = AlgorithmId.get(defaultSig); + ci.set(X509CertInfo.ALGORITHM_ID, + new CertificateAlgorithmId(algid)); + } } - } } catch (Exception e) { - CMS.debug("Failed to set signing alg to certinfo " + e.toString()); + CMS.debug("Failed to set signing alg to certinfo " + e.toString()); } req.setExtData(IRequest.CERT_INFO, certInfoArray); - if (challengePassword != null && !challengePassword.equals("")) { String pwd = hashPassword(challengePassword); @@ -1330,8 +1318,8 @@ public class EnrollServlet extends CMSServlet { // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -1345,8 +1333,8 @@ public class EnrollServlet extends CMSServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -1365,9 +1353,9 @@ public class EnrollServlet extends CMSServlet { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - // send request to request queue. + // send request to request queue. mRequestQueue.processRequest(req); - // process result. + // process result. // render OLD_CERT_TYPE's response differently, we // do not want any javascript in HTML, and need to @@ -1379,11 +1367,11 @@ public class EnrollServlet extends CMSServlet { issuedCerts = cmsReq.getIRequest().getExtDataInCertArray( - IRequest.ISSUED_CERTS); + IRequest.ISSUED_CERTS); for (int i = 0; i < issuedCerts.length; i++) { // (automated "agent" cert request processed - // - "accepted") + // - "accepted") auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, auditSubjectID, @@ -1449,27 +1437,27 @@ public class EnrollServlet extends CMSServlet { // audit log the success. long endTime = CMS.getCurrentDate().getTime(); - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] - { req.getRequestId(), - initiative, - mAuthMgr, - "completed", - issuedCerts[0].getSubjectDN(), - "cert issued serial number: 0x" + - issuedCerts[0].getSerialNumber().toString(16) + - " time: " + - (endTime - startTime) } - ); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] + { req.getRequestId(), + initiative, + mAuthMgr, + "completed", + issuedCerts[0].getSubjectDN(), + "cert issued serial number: 0x" + + issuedCerts[0].getSerialNumber().toString(16) + + " time: " + + (endTime - startTime) } + ); // handle initial admin enrollment if in adminEnroll mode. checkAdminEnroll(cmsReq, issuedCerts); // return cert as mime type binary if requested. if (checkImportCertToNav(cmsReq.getHttpResp(), - httpParams, issuedCerts[0])) { + httpParams, issuedCerts[0])) { cmsReq.setStatus(CMSRequest.SUCCESS); for (int i = 0; i < issuedCerts.length; i++) { @@ -1490,10 +1478,10 @@ public class EnrollServlet extends CMSServlet { // use success template. try { - cmsReq.setResult(issuedCerts); - renderTemplate(cmsReq, mEnrollSuccessTemplate, - mEnrollSuccessFiller); - cmsReq.setStatus(CMSRequest.SUCCESS); + cmsReq.setResult(issuedCerts); + renderTemplate(cmsReq, mEnrollSuccessTemplate, + mEnrollSuccessFiller); + cmsReq.setStatus(CMSRequest.SUCCESS); for (int i = 0; i < issuedCerts.length; i++) { // (automated "agent" cert request processed - "accepted") @@ -1508,10 +1496,10 @@ public class EnrollServlet extends CMSServlet { audit(auditMessage); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_TEMP_REND_ERR", - mEnrollSuccessFiller.toString(), - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_TEMP_REND_ERR", + mEnrollSuccessFiller.toString(), + e.toString())); // (automated "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( @@ -1525,7 +1513,7 @@ public class EnrollServlet extends CMSServlet { audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR")); + CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR")); } } catch (EBaseException eAudit1) { // store a message in the signed audit log file @@ -1547,11 +1535,11 @@ public class EnrollServlet extends CMSServlet { } /** - * check if this is first enroll from admin enroll. - * If so disable admin enroll from here on. + * check if this is first enroll from admin enroll. If so disable admin + * enroll from here on. */ protected void checkAdminEnroll(CMSRequest cmsReq, X509CertImpl[] issuedCerts) - throws EBaseException { + throws EBaseException { // this is special case, get the admin certificate if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) { addAdminAgent(cmsReq, issuedCerts); @@ -1559,8 +1547,8 @@ public class EnrollServlet extends CMSServlet { } } - protected void addAdminAgent(CMSRequest cmsReq, X509CertImpl[] issuedCerts) - throws EBaseException { + protected void addAdminAgent(CMSRequest cmsReq, X509CertImpl[] issuedCerts) + throws EBaseException { String userid = cmsReq.getHttpParams().getValueAsString("uid"); IUGSubsystem ug = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); @@ -1571,13 +1559,13 @@ public class EnrollServlet extends CMSServlet { ug.addUserCert(adminuser); } catch (netscape.ldap.LDAPException e) { CMS.debug( - "EnrollServlet: Cannot add admin's certificate to its entry in the " + - "user group database. Error " + e); + "EnrollServlet: Cannot add admin's certificate to its entry in the " + + "user group database. Error " + e); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ADDING_ADMIN_CERT_ERROR", e.toString())); + CMS.getUserMessage("CMS_GW_ADDING_ADMIN_CERT_ERROR", e.toString())); } - IGroup agentGroup = - ug.getGroupFromName(CA_AGENT_GROUP); + IGroup agentGroup = + ug.getGroupFromName(CA_AGENT_GROUP); if (agentGroup != null) { // add user to the group if necessary @@ -1585,15 +1573,15 @@ public class EnrollServlet extends CMSServlet { agentGroup.addMemberName(userid); ug.modifyGroup(agentGroup); mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, - new Object[] {userid, userid, CA_AGENT_GROUP} - ); + AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, + new Object[] { userid, userid, CA_AGENT_GROUP } + ); } } else { String msg = "Cannot add admin to the " + - CA_AGENT_GROUP + - " group: Group does not exist."; + CA_AGENT_GROUP + + " group: Group does not exist."; CMS.debug("EnrollServlet: " + msg); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_ADMIN_ERROR")); @@ -1620,7 +1608,11 @@ public class EnrollServlet extends CMSServlet { out.println("<H1>"); out.println("SUCCESS"); out.println("</H1>"); - out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX - localize the message + out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX + // - + // localize + // the + // message out.println("<P>"); out.println("Request Creation Time: "); out.println(cmsReq.getIRequest().getCreationTime().toString()); @@ -1635,24 +1627,28 @@ public class EnrollServlet extends CMSServlet { out.println("<P>"); out.println("<PRE>"); X509CertImpl certs[] = - cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS); + cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS); out.println(CMS.getEncodedCert(certs[0])); out.println("</PRE>"); out.println("<P>"); out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + - cmsReq.getIRequest().getCreationTime().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_ID=" + - cmsReq.getIRequest().getRequestId().toString() + ">"); + cmsReq.getIRequest().getCreationTime().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_ID=" + + cmsReq.getIRequest().getRequestId().toString() + ">"); out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" + - CMS.getEncodedCert(certs[0]) + ">"); + CMS.getEncodedCert(certs[0]) + ">"); } else if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.PENDING)) { out.println("<H1>"); out.println("PENDING"); out.println("</H1>"); - out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX - localize the message + out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX + // - + // localize + // the + // message out.println("<P>"); out.println("Request Creation Time: "); out.println(cmsReq.getIRequest().getCreationTime().toString()); @@ -1664,17 +1660,21 @@ public class EnrollServlet extends CMSServlet { out.println(cmsReq.getIRequest().getRequestId().toString()); out.println("<P>"); out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + - cmsReq.getIRequest().getCreationTime().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_ID=" + - cmsReq.getIRequest().getRequestId().toString() + ">"); + cmsReq.getIRequest().getCreationTime().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_ID=" + + cmsReq.getIRequest().getRequestId().toString() + ">"); } else { out.println("<H1>"); out.println("ERROR"); out.println("</H1>"); out.println("<!INFO>"); - out.println("Please consult your local administrator for assistance."); // XXX - localize the message + out.println("Please consult your local administrator for assistance."); // XXX + // - + // localize + // the + // message out.println("<!/INFO>"); out.println("<P>"); out.println("Request Status: "); @@ -1683,47 +1683,43 @@ public class EnrollServlet extends CMSServlet { out.println("Error: "); out.println(cmsReq.getError()); // XXX - need to parse in Locale out.println("<P>"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT ERROR=" + - cmsReq.getError() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT ERROR=" + + cmsReq.getError() + ">"); } /** - // include all the input data - ArgBlock args = cmsReq.getHttpParams(); - Enumeration ele = args.getElements(); - while (ele.hasMoreElements()) { - String eleT = (String)ele.nextElement(); - out.println("<!HTTP_INPUT " + eleT + "=" + - args.get(eleT) + ">"); - } + * // include all the input data ArgBlock args = cmsReq.getHttpParams(); + * Enumeration ele = args.getElements(); while (ele.hasMoreElements()) { + * String eleT = (String)ele.nextElement(); out.println("<!HTTP_INPUT " + * + eleT + "=" + args.get(eleT) + ">"); } **/ out.println("</HTML>"); } - // XXX ALERT !! - // Remove the following and calls to them when we bundle a cartman - // later than alpha1. - // These are here to cover up problem in cartman where the - // key usage extension always ends up being digital signature only + // XXX ALERT !! + // Remove the following and calls to them when we bundle a cartman + // later than alpha1. + // These are here to cover up problem in cartman where the + // key usage extension always ends up being digital signature only // and for rsa-ex ends up having no bits set. private boolean mIsTestBed = false; - private void init_testbed_hack(IConfigStore config) - throws EBaseException { + private void init_testbed_hack(IConfigStore config) + throws EBaseException { mIsTestBed = config.getBoolean("isTestBed", true); } /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param x509cert an X509CertImpl * @return cert string containing the certificate */ @@ -1776,4 +1772,3 @@ public class EnrollServlet extends CMSServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java index a723cb52..0d11600c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; @@ -58,7 +57,6 @@ import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.crypto.CryptoUtil; - /** * Retrieve certificate by serial number. * @@ -83,10 +81,11 @@ public class GetBySerial extends CMSServlet { super(); } - /** + /** * Initialize the servlet. This servlet uses the template file - * "ImportCert.template" to import the cert to the users browser, - * if that is what the user requested + * "ImportCert.template" to import the cert to the users browser, if that is + * what the user requested + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -102,7 +101,7 @@ public class GetBySerial extends CMSServlet { } mImportTemplateFiller = new ImportCertsTemplateFiller(); - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); @@ -115,11 +114,11 @@ public class GetBySerial extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> - * <li>http.param serialNumber serial number of certificate in HEX + * <li>http.param serialNumber serial number of certificate in HEX * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -139,10 +138,10 @@ public class GetBySerial extends CMSServlet { mAuthzResourceName, "import"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -160,18 +159,18 @@ public class GetBySerial extends CMSServlet { serialNo = null; } if (serial == null || serialNo == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_SERIAL_NUMBER"))); + CMS.getUserMessage("CMS_GW_INVALID_SERIAL_NUMBER"))); cmsReq.setStatus(CMSRequest.ERROR); return; } ICertRecord certRecord = (ICertRecord) getCertRecord(serialNo); if (certRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16))); cmsReq.setError(new ECMSGWException( CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16)))); cmsReq.setStatus(CMSRequest.ERROR); @@ -181,37 +180,37 @@ public class GetBySerial extends CMSServlet { // if RA, needs requestOwner to match // first, find the user's group if (authToken != null) { - String group = authToken.getInString("group"); - - if ((group != null) && (group != "")) { - CMS.debug("GetBySerial process: auth group="+group); - if (group.equals("Registration Manager Agents")) { - boolean groupMatched = false; - // find the cert record's orig. requestor's group - MetaInfo metai = certRecord.getMetaInfo(); - if (metai != null) { - String reqId = (String) metai.get(ICertRecord.META_REQUEST_ID); - RequestId rid = new RequestId(reqId); - IRequest creq = mReqQ.findRequest(rid); - if (creq != null) { - String reqOwner = creq.getRequestOwner(); - if (reqOwner != null) { - CMS.debug("GetBySerial process: req owner="+reqOwner); - if (reqOwner.equals(group)) - groupMatched = true; - } + String group = authToken.getInString("group"); + + if ((group != null) && (group != "")) { + CMS.debug("GetBySerial process: auth group=" + group); + if (group.equals("Registration Manager Agents")) { + boolean groupMatched = false; + // find the cert record's orig. requestor's group + MetaInfo metai = certRecord.getMetaInfo(); + if (metai != null) { + String reqId = (String) metai.get(ICertRecord.META_REQUEST_ID); + RequestId rid = new RequestId(reqId); + IRequest creq = mReqQ.findRequest(rid); + if (creq != null) { + String reqOwner = creq.getRequestOwner(); + if (reqOwner != null) { + CMS.debug("GetBySerial process: req owner=" + reqOwner); + if (reqOwner.equals(group)) + groupMatched = true; + } + } + } + if (groupMatched == false) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16))); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16)))); + cmsReq.setStatus(CMSRequest.ERROR); + return; + } } - } - if (groupMatched == false) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16))); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16)))); - cmsReq.setStatus(CMSRequest.ERROR); - return; - } } - } } X509CertImpl cert = certRecord.getCertificate(); @@ -224,7 +223,7 @@ public class GetBySerial extends CMSServlet { IArgBlock ctx = CMS.createArgBlock(); Locale[] locale = new Locale[1]; CMSTemplateParams argSet = new CMSTemplateParams(header, ctx); - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); CertificateChain cachain = ca.getCACertChain(); X509Certificate[] cacerts = cachain.getChain(); X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; @@ -236,7 +235,7 @@ public class GetBySerial extends CMSServlet { userChain[0] = cert; PKCS7 p7 = new PKCS7(new AlgorithmId[0], - new ContentInfo(new byte[0]), userChain, new SignerInfo[0]); + new ContentInfo(new byte[0]), userChain, new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); try { @@ -246,7 +245,7 @@ public class GetBySerial extends CMSServlet { byte[] p7Bytes = bos.toByteArray(); String p7Str = CMS.BtoA(p7Bytes); - + header.addStringValue("pkcs7", CryptoUtil.normalizeCertStr(p7Str)); try { CMSTemplate form = getTemplate(mIETemplate, req, locale); @@ -256,16 +255,16 @@ public class GetBySerial extends CMSServlet { form.renderOutput(out, argSet); return; } catch (Exception ee) { - CMS.debug("GetBySerial process: Exception="+ee.toString()); + CMS.debug("GetBySerial process: Exception=" + ee.toString()); } - } //browser is IE - + } // browser is IE + MetaInfo metai = certRecord.getMetaInfo(); String crmfReqId = null; if (metai != null) { crmfReqId = (String) metai.get(ICertRecord.META_CRMF_REQID); - if (crmfReqId != null) + if (crmfReqId != null) cmsReq.setResult(IRequest.CRMF_REQID, crmfReqId); } @@ -283,7 +282,7 @@ public class GetBySerial extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); // XXX follow request in cert record to set certtype, which will - // import cert only if it's client. For now assume "client" if + // import cert only if it's client. For now assume "client" if // someone clicked to import this cert. cmsReq.getHttpParams().set("certType", "client"); @@ -294,8 +293,7 @@ public class GetBySerial extends CMSServlet { throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - + return; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java index b765a2cb..c0029d9c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java @@ -15,10 +15,9 @@ // (C) 2007 Red Hat, Inc. // All rights reserved. // --- END COPYRIGHT BLOCK --- - package com.netscape.cms.servlet.cert; +package com.netscape.cms.servlet.cert; - - import java.io.ByteArrayOutputStream; +import java.io.ByteArrayOutputStream; import java.io.IOException; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; @@ -49,236 +48,237 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - - /** - * Retrieve the Certificates comprising the CA Chain for this CA. - * - * @version $Revision$, $Date$ - */ - public class GetCAChain extends CMSServlet { - /** +/** + * Retrieve the Certificates comprising the CA Chain for this CA. + * + * @version $Revision$, $Date$ + */ +public class GetCAChain extends CMSServlet { + /** * */ - private static final long serialVersionUID = -8189048155415074581L; - private final static String TPL_FILE = "displayCaCert.template"; - private String mFormPath = null; - - public GetCAChain() { - super(); - } - - /** - * initialize the servlet. - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - - // override success to display own output. - mTemplates.remove(CMSRequest.SUCCESS); - // coming from ee - mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components - * </ul> - * @param cmsReq the object holding the request and response information - */ - protected void process(CMSRequest cmsReq) - throws EBaseException { - HttpServletRequest httpReq = cmsReq.getHttpReq(); - HttpServletResponse httpResp = cmsReq.getHttpResp(); - - IAuthToken authToken = authenticate(cmsReq); - - // Construct an ArgBlock - IArgBlock args = cmsReq.getHttpParams(); - - // Get the operation code - String op = null; - - op = args.getValueAsString("op", null); - if (op == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED")); - } - - cmsReq.setStatus(CMSRequest.SUCCESS); - - AuthzToken authzToken = null; - - if (op.startsWith("download")) { - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "download"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - downloadChain(op, args, httpReq, httpResp, cmsReq); - } else if (op.startsWith("display")) { - try { - authzToken = mAuthz.authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - displayChain(op, args, httpReq, httpResp, cmsReq); - } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_OPTIONS_CA_CHAIN")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED")); - } - // cmsReq.setResult(null); - return; - } - - private void downloadChain(String op, - IArgBlock args, - HttpServletRequest httpReq, - HttpServletResponse httpResp, - CMSRequest cmsReq) - throws EBaseException { - - /* check browser info ? */ - - /* check if pkcs7 will work for both nav and ie */ - - byte[] bytes = null; - - /* - * Some IE actions - IE doesn't want PKCS7 for "download" CA Cert. - * This means that we can only hand out the root CA, and not - * the whole chain. - */ - - if (clientIsMSIE(httpReq) && (op.equals("download") || op.equals("downloadBIN"))) { - X509Certificate[] caCerts = - ((ICertAuthority) mAuthority).getCACertChain().getChain(); - - try { - bytes = caCerts[0].getEncoded(); - } catch (CertificateEncodingException e) { - cmsReq.setStatus(CMSRequest.ERROR); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_GETTING_CACERT_ENCODED", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_GETTING_CA_CERT_ERROR")); - } - } else { - CertificateChain certChain = - ((ICertAuthority) mAuthority).getCACertChain(); - - if (certChain == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_EMPTY")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CA_CHAIN_EMPTY")); - } - - try { - ByteArrayOutputStream encoded = new ByteArrayOutputStream(); - - certChain.encode(encoded, false); - bytes = encoded.toByteArray(); - } catch (IOException e) { - cmsReq.setStatus(CMSRequest.ERROR); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); - } - } - - String mimeType = null; - - if (op.equals("downloadBIN")) { - mimeType = "application/octet-stream"; - } else { - try { - mimeType = args.getValueAsString("mimeType"); - } catch (EBaseException e) { - mimeType = "application/octet-stream"; - } - } - - try { - if (op.equals("downloadBIN")) { - // file suffixes changed to comply with RFC 5280 - // requirements for AIA extensions - if (clientIsMSIE(httpReq)) { - httpResp.setHeader("Content-disposition", - "attachment; filename=ca.cer"); - } else { - httpResp.setHeader("Content-disposition", - "attachment; filename=ca.p7c"); - } - } - httpResp.setContentType(mimeType); - httpResp.getOutputStream().write(bytes); - httpResp.setContentLength(bytes.length); - httpResp.getOutputStream().flush(); - } catch (IOException e) { - cmsReq.setStatus(CMSRequest.ERROR); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR")); - } - } - - private void displayChain(String op, - IArgBlock args, - HttpServletRequest httpReq, - HttpServletResponse httpResp, - CMSRequest cmsReq) - throws EBaseException { - String outputString = null; - - CertificateChain certChain = - ((ICertAuthority) mAuthority).getCACertChain(); - - if (certChain == null) { - cmsReq.setStatus(CMSRequest.ERROR); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE")); - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; + private static final long serialVersionUID = -8189048155415074581L; + private final static String TPL_FILE = "displayCaCert.template"; + private String mFormPath = null; + + public GetCAChain() { + super(); + } + + /** + * initialize the servlet. + * + * @param sc servlet configuration, read from the web.xml file + */ + public void init(ServletConfig sc) throws ServletException { + super.init(sc); + + // override success to display own output. + mTemplates.remove(CMSRequest.SUCCESS); + // coming from ee + mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; + } + + /** + * Process the HTTP request. + * <ul> + * <li>http.param op 'downloadBIN' - return the binary certificate chain + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components + * </ul> + * + * @param cmsReq the object holding the request and response information + */ + protected void process(CMSRequest cmsReq) + throws EBaseException { + HttpServletRequest httpReq = cmsReq.getHttpReq(); + HttpServletResponse httpResp = cmsReq.getHttpResp(); + + IAuthToken authToken = authenticate(cmsReq); + + // Construct an ArgBlock + IArgBlock args = cmsReq.getHttpParams(); + + // Get the operation code + String op = null; + + op = args.getValueAsString("op", null); + if (op == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED")); + } + + cmsReq.setStatus(CMSRequest.SUCCESS); + + AuthzToken authzToken = null; + + if (op.startsWith("download")) { + try { + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "download"); + } catch (EAuthzAccessDenied e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } catch (Exception e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } + + if (authzToken == null) { + cmsReq.setStatus(CMSRequest.UNAUTHORIZED); + return; + } + + downloadChain(op, args, httpReq, httpResp, cmsReq); + } else if (op.startsWith("display")) { + try { + authzToken = mAuthz.authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); + } catch (EAuthzAccessDenied e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } catch (Exception e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } + + if (authzToken == null) { + cmsReq.setStatus(CMSRequest.UNAUTHORIZED); + return; + } + + displayChain(op, args, httpReq, httpResp, cmsReq); + } else { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_OPTIONS_CA_CHAIN")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED")); + } + // cmsReq.setResult(null); + return; + } + + private void downloadChain(String op, + IArgBlock args, + HttpServletRequest httpReq, + HttpServletResponse httpResp, + CMSRequest cmsReq) + throws EBaseException { + + /* check browser info ? */ + + /* check if pkcs7 will work for both nav and ie */ + + byte[] bytes = null; + + /* + * Some IE actions - IE doesn't want PKCS7 for "download" CA Cert. This + * means that we can only hand out the root CA, and not the whole chain. + */ + + if (clientIsMSIE(httpReq) && (op.equals("download") || op.equals("downloadBIN"))) { + X509Certificate[] caCerts = + ((ICertAuthority) mAuthority).getCACertChain().getChain(); + + try { + bytes = caCerts[0].getEncoded(); + } catch (CertificateEncodingException e) { + cmsReq.setStatus(CMSRequest.ERROR); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_GETTING_CACERT_ENCODED", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_GETTING_CA_CERT_ERROR")); + } + } else { + CertificateChain certChain = + ((ICertAuthority) mAuthority).getCACertChain(); + + if (certChain == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_EMPTY")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_CA_CHAIN_EMPTY")); + } + + try { + ByteArrayOutputStream encoded = new ByteArrayOutputStream(); + + certChain.encode(encoded, false); + bytes = encoded.toByteArray(); + } catch (IOException e) { + cmsReq.setStatus(CMSRequest.ERROR); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); + } + } + + String mimeType = null; + + if (op.equals("downloadBIN")) { + mimeType = "application/octet-stream"; + } else { + try { + mimeType = args.getValueAsString("mimeType"); + } catch (EBaseException e) { + mimeType = "application/octet-stream"; + } + } + + try { + if (op.equals("downloadBIN")) { + // file suffixes changed to comply with RFC 5280 + // requirements for AIA extensions + if (clientIsMSIE(httpReq)) { + httpResp.setHeader("Content-disposition", + "attachment; filename=ca.cer"); + } else { + httpResp.setHeader("Content-disposition", + "attachment; filename=ca.p7c"); + } + } + httpResp.setContentType(mimeType); + httpResp.getOutputStream().write(bytes); + httpResp.setContentLength(bytes.length); + httpResp.getOutputStream().flush(); + } catch (IOException e) { + cmsReq.setStatus(CMSRequest.ERROR); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR")); + } + } + + private void displayChain(String op, + IArgBlock args, + HttpServletRequest httpReq, + HttpServletResponse httpResp, + CMSRequest cmsReq) + throws EBaseException { + String outputString = null; + + CertificateChain certChain = + ((ICertAuthority) mAuthority).getCACertChain(); + + if (certChain == null) { + cmsReq.setStatus(CMSRequest.ERROR); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE")); + } + + CMSTemplate form = null; + Locale[] locale = new Locale[1]; + + if (mOutputTemplatePath != null) + mFormPath = mOutputTemplatePath; try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -306,7 +306,7 @@ import com.netscape.cms.servlet.common.ECMSGWException; byte[] bytes = null; try { - subjectdn = + subjectdn = certChain.getFirstCertificate().getSubjectDN().toString(); ByteArrayOutputStream encoded = new ByteArrayOutputStream(); @@ -315,14 +315,14 @@ import com.netscape.cms.servlet.common.ECMSGWException; } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); + CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); } String chainBase64 = getBase64(bytes); header.addStringValue("subjectdn", subjectdn); header.addStringValue("chainBase64", chainBase64); - } else { + } else { try { X509Certificate[] certs = certChain.getChain(); @@ -339,13 +339,13 @@ import com.netscape.cms.servlet.common.ECMSGWException; String subjectdn = certs[i].getSubjectDN().toString(); String finger = null; try { - finger = CMS.getFingerPrints(certs[i]); + finger = CMS.getFingerPrints(certs[i]); } catch (Exception e) { throw new IOException("Internal Error"); } - ICertPrettyPrint certDetails = - CMS.getCertPrettyPrint((X509CertImpl) certs[i]); + ICertPrettyPrint certDetails = + CMS.getCertPrettyPrint((X509CertImpl) certs[i]); IArgBlock rarg = CMS.createArgBlock(); @@ -353,14 +353,14 @@ import com.netscape.cms.servlet.common.ECMSGWException; rarg.addStringValue("subjectdn", subjectdn); rarg.addStringValue("base64", getBase64(bytes)); rarg.addStringValue("certDetails", - certDetails.toString(locale[0])); + certDetails.toString(locale[0])); argSet.addRepeatRecord(rarg); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR")); } } @@ -371,10 +371,10 @@ import com.netscape.cms.servlet.common.ECMSGWException; form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java index 2bbec482..68d38aab 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CRLException; @@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Retrieve CRL for a Certificate Authority - * + * * @version $Revision$, $Date$ */ public class GetCRL extends CMSServlet { @@ -68,6 +66,7 @@ public class GetCRL extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -79,15 +78,14 @@ public class GetCRL extends CMSServlet { mFormPath = mOutputTemplatePath; } - /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information - * @see DisplayCRL#process + * @see DisplayCRL#process */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -100,10 +98,10 @@ public class GetCRL extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -117,7 +115,7 @@ public class GetCRL extends CMSServlet { if (!(mAuthority instanceof ICertificateAuthority)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -125,14 +123,14 @@ public class GetCRL extends CMSServlet { CMSTemplate form = null; Locale[] locale = new Locale[1]; -CMS.debug("**** mFormPath before getTemplate = "+mFormPath); + CMS.debug("**** mFormPath before getTemplate = " + mFormPath); try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -150,14 +148,14 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); if (op == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED"))); + CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } if (crlId == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_CRL_SELECTED"))); + CMS.getUserMessage("CMS_GW_NO_CRL_SELECTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -165,23 +163,24 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); ICRLIssuingPointRecord crlRecord = null; ICertificateAuthority ca = (ICertificateAuthority) mAuthority; ICRLIssuingPoint crlIP = null; - if (ca != null) crlIP = ca.getCRLIssuingPoint(crlId); + if (ca != null) + crlIP = ca.getCRLIssuingPoint(crlId); try { crlRecord = (ICRLIssuingPointRecord) ca.getCRLRepository().readCRLIssuingPointRecord(crlId); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", crlId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", crlId)); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRL_NOT_FOUND"))); + CMS.getUserMessage("CMS_GW_CRL_NOT_FOUND"))); cmsReq.setStatus(CMSRequest.ERROR); return; } if (crlRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); + CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -201,12 +200,12 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); } if ((op.equals("checkCRLcache") || - (op.equals("displayCRL") && crlDisplayType != null && crlDisplayType.equals("cachedCRL"))) && - (crlIP == null || (!crlIP.isCRLCacheEnabled()) || crlIP.isCRLCacheEmpty())) { + (op.equals("displayCRL") && crlDisplayType != null && crlDisplayType.equals("cachedCRL"))) && + (crlIP == null || (!crlIP.isCRLCacheEnabled()) || crlIP.isCRLCacheEmpty())) { cmsReq.setError( - CMS.getUserMessage( - ((crlIP != null && crlIP.isCRLCacheEnabled() && crlIP.isCRLCacheEmpty())? - "CMS_GW_CRL_CACHE_IS_EMPTY":"CMS_GW_CRL_CACHE_IS_NOT_ENABLED"), crlId)); + CMS.getUserMessage( + ((crlIP != null && crlIP.isCRLCacheEnabled() && crlIP.isCRLCacheEmpty()) ? + "CMS_GW_CRL_CACHE_IS_EMPTY" : "CMS_GW_CRL_CACHE_IS_NOT_ENABLED"), crlId)); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -214,26 +213,26 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); byte[] crlbytes = null; if (op.equals("importDeltaCRL") || op.equals("getDeltaCRL") || - (op.equals("displayCRL") && crlDisplayType != null && - crlDisplayType.equals("deltaCRL"))) { + (op.equals("displayCRL") && crlDisplayType != null && + crlDisplayType.equals("deltaCRL"))) { crlbytes = crlRecord.getDeltaCRL(); } else if (op.equals("importCRL") || op.equals("getCRL") || op.equals("checkCRL") || (op.equals("displayCRL") && - crlDisplayType != null && + crlDisplayType != null && (crlDisplayType.equals("entireCRL") || - crlDisplayType.equals("crlHeader") || + crlDisplayType.equals("crlHeader") || crlDisplayType.equals("base64Encoded")))) { crlbytes = crlRecord.getCRL(); - } + } if (crlbytes == null && (!op.equals("checkCRLcache")) && - (!(op.equals("displayCRL") && crlDisplayType != null && - crlDisplayType.equals("cachedCRL")))) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); + (!(op.equals("displayCRL") && crlDisplayType != null && + crlDisplayType.equals("cachedCRL")))) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); + CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -242,15 +241,15 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); X509CRLImpl crl = null; if (op.equals("checkCRL") || op.equals("importCRL") || - op.equals("importDeltaCRL") || - (op.equals("displayCRL") && crlDisplayType != null && - (crlDisplayType.equals("entireCRL") || - crlDisplayType.equals("crlHeader") || - crlDisplayType.equals("base64Encoded") || - crlDisplayType.equals("deltaCRL")))) { + op.equals("importDeltaCRL") || + (op.equals("displayCRL") && crlDisplayType != null && + (crlDisplayType.equals("entireCRL") || + crlDisplayType.equals("crlHeader") || + crlDisplayType.equals("base64Encoded") || + crlDisplayType.equals("deltaCRL")))) { try { if (op.equals("displayCRL") && crlDisplayType != null && - crlDisplayType.equals("crlHeader")) { + crlDisplayType.equals("crlHeader")) { crl = new X509CRLImpl(crlbytes, false); } else { crl = new X509CRLImpl(crlbytes); @@ -258,25 +257,25 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAILED_DECODE_CRL_1", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DECODE_CRL_FAILED"))); + CMS.getUserMessage("CMS_GW_DECODE_CRL_FAILED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } if ((op.equals("importDeltaCRL") || (op.equals("displayCRL") && - crlDisplayType != null && crlDisplayType.equals("deltaCRL"))) && - ((!(crlIP != null && crlIP.isThisCurrentDeltaCRL(crl))) && - (crlRecord.getCRLNumber() == null || - crlRecord.getDeltaCRLNumber() == null || - crlRecord.getDeltaCRLNumber().compareTo(crlRecord.getCRLNumber()) < 0 || - crlRecord.getDeltaCRLSize() == null || + crlDisplayType != null && crlDisplayType.equals("deltaCRL"))) && + ((!(crlIP != null && crlIP.isThisCurrentDeltaCRL(crl))) && + (crlRecord.getCRLNumber() == null || + crlRecord.getDeltaCRLNumber() == null || + crlRecord.getDeltaCRLNumber().compareTo(crlRecord.getCRLNumber()) < 0 || + crlRecord.getDeltaCRLSize() == null || crlRecord.getDeltaCRLSize().longValue() == -1))) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL_1")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); + CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } - } + } String mimeType = "application/x-pkcs7-crl"; @@ -300,13 +299,13 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); if (op.equals("checkCRL")) { header.addBooleanValue("isOnCRL", - crl.isRevoked(new BigInteger(certSerialNumber))); + crl.isRevoked(new BigInteger(certSerialNumber))); } if (op.equals("displayCRL")) { if (crlDisplayType.equals("entireCRL") || crlDisplayType.equals("cachedCRL")) { - ICRLPrettyPrint crlDetails = (crlDisplayType.equals("entireCRL"))? - CMS.getCRLPrettyPrint(crl): + ICRLPrettyPrint crlDetails = (crlDisplayType.equals("entireCRL")) ? + CMS.getCRLPrettyPrint(crl) : CMS.getCRLCachePrettyPrint(crlIP); String pageStart = args.getValueAsString("pageStart", null); String pageSize = args.getValueAsString("pageSize", null); @@ -315,22 +314,23 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); long lPageStart = new Long(pageStart).longValue(); long lPageSize = new Long(pageSize).longValue(); - if (lPageStart < 1) lPageStart = 1; + if (lPageStart < 1) + lPageStart = 1; header.addStringValue("crlPrettyPrint", crlDetails.toString(locale[0], - lCRLSize, lPageStart, lPageSize)); + lCRLSize, lPageStart, lPageSize)); header.addLongValue("pageStart", lPageStart); header.addLongValue("pageSize", lPageSize); } else { header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale[0])); + "crlPrettyPrint", crlDetails.toString(locale[0])); } } else if (crlDisplayType.equals("crlHeader")) { ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl); header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale[0], lCRLSize, 0, 0)); + "crlPrettyPrint", crlDetails.toString(locale[0], lCRLSize, 0, 0)); } else if (crlDisplayType.equals("base64Encoded")) { try { byte[] ba = crl.getEncoded(); @@ -365,12 +365,12 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); } } else if (crlDisplayType.equals("deltaCRL")) { header.addIntegerValue("deltaCRLSize", - crl.getNumberOfRevokedCertificates()); + crl.getNumberOfRevokedCertificates()); ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl); header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale[0], 0, 0, 0)); + "crlPrettyPrint", crlDetails.toString(locale[0], 0, 0, 0)); try { byte[] ba = crl.getEncoded(); @@ -413,10 +413,10 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } return; @@ -428,21 +428,21 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); } else if (op.equals("getCRL")) { mimeType = "application/octet-stream"; httpResp.setHeader("Content-disposition", - "attachment; filename=" + crlId + ".crl"); + "attachment; filename=" + crlId + ".crl"); } else if (op.equals("getDeltaCRL")) { mimeType = "application/octet-stream"; httpResp.setHeader("Content-disposition", - "attachment; filename=delta-" + crlId + ".crl"); + "attachment; filename=delta-" + crlId + ".crl"); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_OPTIONS_SELECTED")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED")); + CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED")); } try { - // if (clientIsMSIE(httpReq) && op.equals("getCRL")) - // httpResp.setHeader("Content-disposition", - // "attachment; filename=getCRL.crl"); + // if (clientIsMSIE(httpReq) && op.equals("getCRL")) + // httpResp.setHeader("Content-disposition", + // "attachment; filename=getCRL.crl"); httpResp.setContentType(mimeType); httpResp.setContentLength(bytes.length); httpResp.getOutputStream().write(bytes); @@ -450,9 +450,9 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CRLINFO")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAYING_CRLINFO_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAYING_CRLINFO_ERROR")); } - // cmsReq.setResult(null); + // cmsReq.setResult(null); cmsReq.setStatus(CMSRequest.SUCCESS); return; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java index 5909bc4b..3ea9d02b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Locale; @@ -52,10 +51,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; - /** - * Gets a issued certificate from a request id. - * + * Gets a issued certificate from a request id. + * * @version $Revision$, $Date$ */ public class GetCertFromRequest extends CMSServlet { @@ -64,27 +62,26 @@ public class GetCertFromRequest extends CMSServlet { */ private static final long serialVersionUID = 5310646832256611066L; private final static String PROP_IMPORT = "importCert"; - protected static final String - GET_CERT_FROM_REQUEST_TEMPLATE = "ImportCert.template"; - protected static final String - DISPLAY_CERT_FROM_REQUEST_TEMPLATE = "displayCertFromRequest.template"; + protected static final String GET_CERT_FROM_REQUEST_TEMPLATE = "ImportCert.template"; + protected static final String DISPLAY_CERT_FROM_REQUEST_TEMPLATE = "displayCertFromRequest.template"; protected static final String REQUEST_ID = "requestId"; protected static final String CERT_TYPE = "certtype"; - protected String mCertFrReqSuccessTemplate = null; + protected String mCertFrReqSuccessTemplate = null; protected ICMSTemplateFiller mCertFrReqFiller = null; protected IRequestQueue mQueue = null; protected boolean mImportCert = true; - public GetCertFromRequest() { + public GetCertFromRequest() { super(); } /** * initialize the servlet. This servlet uses the template files - * "displayCertFromRequest.template" and "ImportCert.template" + * "displayCertFromRequest.template" and "ImportCert.template" + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -102,23 +99,23 @@ public class GetCertFromRequest extends CMSServlet { if (mImportCert) defTemplate = GET_CERT_FROM_REQUEST_TEMPLATE; - else + else defTemplate = DISPLAY_CERT_FROM_REQUEST_TEMPLATE; if (mAuthority instanceof IRegistrationAuthority) defTemplate = "/ra/" + defTemplate; - else + else defTemplate = "/ca/" + defTemplate; mCertFrReqSuccessTemplate = sc.getInitParameter( PROP_SUCCESS_TEMPLATE); if (mCertFrReqSuccessTemplate == null) mCertFrReqSuccessTemplate = defTemplate; String fillername = - sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); + sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); if (fillername != null) { ICMSTemplateFiller filler = newFillerObject(fillername); - if (filler != null) + if (filler != null) mCertFrReqFiller = filler; } else { mCertFrReqFiller = new CertFrRequestFiller(); @@ -126,22 +123,21 @@ public class GetCertFromRequest extends CMSServlet { } catch (Exception e) { // should never happen. log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), - mId)); + CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), + mId)); } } - /** - * Process the HTTP request. + * Process the HTTP request. * <ul> - * <li>http.param requestId The request ID to search on + * <li>http.param requestId The request ID to search on * </ul> - * + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); @@ -154,10 +150,10 @@ public class GetCertFromRequest extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -165,7 +161,7 @@ public class GetCertFromRequest extends CMSServlet { return; } - String requestId = httpParams.getValueAsString(REQUEST_ID, null); + String requestId = httpParams.getValueAsString(REQUEST_ID, null); if (requestId == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED")); @@ -185,51 +181,51 @@ public class GetCertFromRequest extends CMSServlet { if (r == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); + CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); } if (authToken != null) { - //if RA, group and requestOwner must match - String group = authToken.getInString("group"); - if ((group != null) && (group != "") && - group.equals("Registration Manager Agents")) { - boolean groupMatched = false; - String reqOwner = r.getRequestOwner(); - if (reqOwner != null) { - CMS.debug("GetCertFromRequest process: req owner="+reqOwner); - if (reqOwner.equals(group)) - groupMatched = true; - } - if (groupMatched == false) { - CMS.debug("RA group unmatched"); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); + // if RA, group and requestOwner must match + String group = authToken.getInString("group"); + if ((group != null) && (group != "") && + group.equals("Registration Manager Agents")) { + boolean groupMatched = false; + String reqOwner = r.getRequestOwner(); + if (reqOwner != null) { + CMS.debug("GetCertFromRequest process: req owner=" + reqOwner); + if (reqOwner.equals(group)) + groupMatched = true; + } + if (groupMatched == false) { + CMS.debug("RA group unmatched"); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId)); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); + } } - } } if (!((r.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) || (r.getRequestType().equals(IRequest.RENEWAL_REQUEST)))) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQUEST_NOT_ENROLLMENT_1", requestId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REQUEST_NOT_ENROLLMENT_1", requestId)); throw new ECMSGWException( CMS.getUserMessage("CMS_GW_REQUEST_NOT_ENROLLMENT", requestId)); } RequestStatus status = r.getRequestStatus(); if (!status.equals(RequestStatus.COMPLETE)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQUEST_NOT_COMPLETED_1", requestId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REQUEST_NOT_COMPLETED_1", requestId)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_NOT_COMPLETED", requestId)); + CMS.getUserMessage("CMS_GW_REQUEST_NOT_COMPLETED", requestId)); } Integer result = r.getExtDataInInteger(IRequest.RESULT); if (result != null && !result.equals(IRequest.RES_SUCCESS)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQUEST_HAD_ERROR_1", requestId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REQUEST_HAD_ERROR_1", requestId)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_HAD_ERROR", requestId)); + CMS.getUserMessage("CMS_GW_REQUEST_HAD_ERROR", requestId)); } Object o = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); @@ -242,19 +238,19 @@ public class GetCertFromRequest extends CMSServlet { o = certs; } if (o == null || !(o instanceof X509CertImpl[])) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId)); + CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId)); } if (o instanceof X509CertImpl[]) { X509CertImpl[] certs = (X509CertImpl[]) o; if (certs == null || certs.length == 0 || certs[0] == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId)); + CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId)); } // for importsCert to get the crmf_reqid. @@ -263,7 +259,7 @@ public class GetCertFromRequest extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); if (mImportCert && - checkImportCertToNav(cmsReq.getHttpResp(), httpParams, certs[0])) { + checkImportCertToNav(cmsReq.getHttpResp(), httpParams, certs[0])) { return; } try { @@ -271,26 +267,25 @@ public class GetCertFromRequest extends CMSServlet { renderTemplate(cmsReq, mCertFrReqSuccessTemplate, mCertFrReqFiller); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1", - mCertFrReqSuccessTemplate, e.toString())); + CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1", + mCertFrReqSuccessTemplate, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } return; } } - class CertFrRequestFiller extends ImportCertsTemplateFiller { public CertFrRequestFiller() { } public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) - throws Exception { - CMSTemplateParams tparams = - super.getTemplateParams(cmsReq, authority, locale, e); + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) + throws Exception { + CMSTemplateParams tparams = + super.getTemplateParams(cmsReq, authority, locale, e); String reqId = cmsReq.getHttpParams().getValueAsString( GetCertFromRequest.REQUEST_ID); @@ -329,11 +324,11 @@ class CertFrRequestFiller extends ImportCertsTemplateFiller { } if (ext instanceof KeyUsageExtension) { KeyUsageExtension usage = - (KeyUsageExtension) ext; + (KeyUsageExtension) ext; try { if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue() || - ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue()) + ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue()) emailCert = true; } catch (ArrayIndexOutOfBoundsException e0) { // bug356108: diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java index 8b5536ea..e589cc06 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Servlet to get the enrollment status, enable or disable. - * + * * @version $Revision$, $Date$ */ public class GetEnableStatus extends CMSServlet { @@ -64,7 +62,8 @@ public class GetEnableStatus extends CMSServlet { } /** - * initialize the servlet. + * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -80,15 +79,15 @@ public class GetEnableStatus extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param * </ul> - * + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -115,7 +114,7 @@ public class GetEnableStatus extends CMSServlet { if (!(mAuthority instanceof IRegistrationAuthority)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -126,11 +125,11 @@ public class GetEnableStatus extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", - mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", + mFormPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -164,10 +163,10 @@ public class GetEnableStatus extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java index 9d83d430..3548caa0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.util.Enumeration; @@ -49,10 +48,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Get detailed information about CA CRL processing - * + * * @version $Revision$, $Date$ */ public class GetInfo extends CMSServlet { @@ -76,6 +74,7 @@ public class GetInfo extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -90,11 +89,11 @@ public class GetInfo extends CMSServlet { } /** - * XXX Process the HTTP request. + * XXX Process the HTTP request. * <ul> * <li>http.param template filename of template to use to render the result * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -109,10 +108,10 @@ public class GetInfo extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -129,35 +128,30 @@ public class GetInfo extends CMSServlet { String template = req.getParameter("template"); String formFile = ""; -/* - for (int i = 0; ((template != null) && (i < template.length())); i++) { - char c = template.charAt(i); - if (!Character.isLetterOrDigit(c) && c != '_' && c != '-') { - template = null; - break; - } - } -*/ - + /* + * for (int i = 0; ((template != null) && (i < template.length())); i++) + * { char c = template.charAt(i); if (!Character.isLetterOrDigit(c) && c + * != '_' && c != '-') { template = null; break; } } + */ if (template != null) { formFile = template + ".template"; } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } CMSTemplate form = null; Locale[] locale = new Locale[1]; -CMS.debug("*** formFile = "+formFile); + CMS.debug("*** formFile = " + formFile); try { form = getTemplate(formFile, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formFile, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -172,29 +166,29 @@ CMS.debug("*** formFile = "+formFile); if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, - HttpServletResponse resp, - Locale locale) - throws EBaseException { + HttpServletRequest req, + HttpServletResponse resp, + Locale locale) + throws EBaseException { if (mCA != null) { String crlIssuingPoints = ""; String crlNumbers = ""; @@ -209,15 +203,15 @@ CMS.debug("*** formFile = "+formFile); String masterHost = CMS.getConfigStore().getString("master.ca.agent.host", ""); String masterPort = CMS.getConfigStore().getString("master.ca.agent.port", ""); - + if (masterHost != null && masterHost.length() > 0 && - masterPort != null && masterPort.length() > 0) { + masterPort != null && masterPort.length() > 0) { ICRLRepository crlRepository = mCA.getCRLRepository(); Vector ipNames = crlRepository.getIssuingPointsNames(); for (int i = 0; i < ipNames.size(); i++) { - String ipName = (String)ipNames.elementAt(i); + String ipName = (String) ipNames.elementAt(i); ICRLIssuingPointRecord crlRecord = null; try { crlRecord = crlRepository.readCRLIssuingPointRecord(ipName); @@ -236,8 +230,8 @@ CMS.debug("*** formFile = "+formFile); if (crlSizes.length() > 0) crlSizes += "+"; - crlSizes += ((crlRecord.getCRLSize() != null)? - crlRecord.getCRLSize().toString(): "-1"); + crlSizes += ((crlRecord.getCRLSize() != null) ? + crlRecord.getCRLSize().toString() : "-1"); if (deltaSizes.length() > 0) deltaSizes += "+"; @@ -307,7 +301,7 @@ CMS.debug("*** formFile = "+formFile); recentChanges += "Publishing CRL #" + ip.getCRLNumber(); } else if (ip.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_STARTED) { recentChanges += "Creating CRL #" + ip.getNextCRLNumber(); - } else { // ip.CRL_UPDATE_DONE + } else { // ip.CRL_UPDATE_DONE recentChanges += ip.getNumberOfRecentlyRevokedCerts() + ", " + ip.getNumberOfRecentlyUnrevokedCerts() + ", " + ip.getNumberOfRecentlyExpiredCerts(); @@ -326,7 +320,7 @@ CMS.debug("*** formFile = "+formFile); if (crlTesting.length() > 0) crlTesting += "+"; - crlTesting += ((ip.isCRLCacheTestingEnabled())?"1":"0"); + crlTesting += ((ip.isCRLCacheTestingEnabled()) ? "1" : "0"); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java index 5507cadf..58acbcfd 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -85,10 +84,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; - /** * performs face-to-face enrollment. - * + * * @version $Revision$, $Date$ */ public class HashEnrollServlet extends CMSServlet { @@ -100,10 +98,9 @@ public class HashEnrollServlet extends CMSServlet { public final static String ADMIN_ENROLL_SERVLET_ID = "adminEnroll"; // enrollment templates. - public static final String - ENROLL_SUCCESS_TEMPLATE = "/ra/HashEnrollSuccess.template"; + public static final String ENROLL_SUCCESS_TEMPLATE = "/ra/HashEnrollSuccess.template"; - // http params + // http params public static final String OLD_CERT_TYPE = "csrCertType"; public static final String CERT_TYPE = "certType"; // same as in ConfigConstant.java @@ -123,8 +120,7 @@ public class HashEnrollServlet extends CMSServlet { private boolean mAuthTokenOverride = true; private String mEnrollSuccessTemplate = null; - private ICMSTemplateFiller - mEnrollSuccessFiller = new ImportCertsTemplateFiller(); + private ICMSTemplateFiller mEnrollSuccessFiller = new ImportCertsTemplateFiller(); ICertificateAuthority mCa = null; ICertificateRepository mRepository = null; @@ -135,6 +131,7 @@ public class HashEnrollServlet extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -146,13 +143,13 @@ public class HashEnrollServlet extends CMSServlet { CMSServlet.PROP_SUCCESS_TEMPLATE); if (mEnrollSuccessTemplate == null) mEnrollSuccessTemplate = ENROLL_SUCCESS_TEMPLATE; - String fillername = - sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); + String fillername = + sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); if (fillername != null) { ICMSTemplateFiller filler = newFillerObject(fillername); - if (filler != null) + if (filler != null) mEnrollSuccessFiller = filler; } @@ -161,20 +158,19 @@ public class HashEnrollServlet extends CMSServlet { init_testbed_hack(mConfig); } catch (Exception e) { - // this should never happen. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId)); + // this should never happen. + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId)); } } - /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -193,7 +189,7 @@ public class HashEnrollServlet extends CMSServlet { IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("hashDirEnrollment.name"); IAuthSubsystem authSS = (IAuthSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager authMgr = authSS.get(val); HashAuthentication mgr = (HashAuthentication) authMgr; @@ -226,14 +222,15 @@ public class HashEnrollServlet extends CMSServlet { certType = httpParams.getValueAsString(OLD_CERT_TYPE, null); if (certType == null) { certType = httpParams.getValueAsString(CERT_TYPE, "client"); - } else {; - } + } else { + ; + } - processX509(cmsReq); + processX509(cmsReq); } - + private void printError(CMSRequest cmsReq, String errorCode) - throws EBaseException { + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -253,9 +250,9 @@ public class HashEnrollServlet extends CMSServlet { form = getTemplate(formPath, httpReq, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -267,16 +264,16 @@ public class HashEnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", - e.toString())); + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", + e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } } - protected void processX509(CMSRequest cmsReq) - throws EBaseException { + protected void processX509(CMSRequest cmsReq) + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); @@ -284,19 +281,16 @@ public class HashEnrollServlet extends CMSServlet { IRequest req = mRequestQueue.newRequest(IRequest.ENROLLMENT_REQUEST); /* - * === certAuth based enroll === - * "certAuthEnroll" is on. - * "certauthEnrollType can be one of the three: - * single - it's for single cert enrollment - * dual - it's for dual certs enrollment - * encryption - getting the encryption cert only via - * authentication of the signing cert - * (crmf or keyGenInfo) + * === certAuth based enroll === "certAuthEnroll" is on. + * "certauthEnrollType can be one of the three: single - it's for single + * cert enrollment dual - it's for dual certs enrollment encryption - + * getting the encryption cert only via authentication of the signing + * cert (crmf or keyGenInfo) */ boolean certAuthEnroll = false; String certAuthEnrollOn = - httpParams.getValueAsString("certauthEnroll", null); + httpParams.getValueAsString("certauthEnroll", null); X509CertInfo new_certInfo = null; if ((certAuthEnrollOn != null) && (certAuthEnrollOn.equals("on"))) { @@ -307,7 +301,7 @@ public class HashEnrollServlet extends CMSServlet { String certauthEnrollType = null; if (certAuthEnroll == true) { - certauthEnrollType = + certauthEnrollType = httpParams.getValueAsString("certauthEnrollType", null); if (certauthEnrollType != null) { if (certauthEnrollType.equals("dual")) { @@ -318,15 +312,15 @@ public class HashEnrollServlet extends CMSServlet { CMS.debug("HashEnrollServlet: certauthEnrollType is single"); } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType)); + CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE")); } } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTAUTH_ENROLL_TYPE")); + CMS.getLogMessage("CMSGW_MISSING_CERTAUTH_ENROLL_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE")); + CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE")); } } @@ -356,8 +350,8 @@ public class HashEnrollServlet extends CMSServlet { String certBasedOldSubjectDN = null; BigInteger certBasedOldSerialNum = null; - // check if request was authenticated, if so set authtoken & certInfo. - // also if authenticated, take certInfo from authToken. + // check if request was authenticated, if so set authtoken & certInfo. + // also if authenticated, take certInfo from authToken. X509CertInfo certInfo = null; if (certAuthEnroll == true) { @@ -365,7 +359,7 @@ public class HashEnrollServlet extends CMSServlet { if (sslClientCert == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT")); + CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT")); } certBasedOldSubjectDN = (String) sslClientCert.getSubjectDN().toString(); @@ -373,24 +367,24 @@ public class HashEnrollServlet extends CMSServlet { try { certInfo = (X509CertInfo) ((X509CertImpl) sslClientCert).get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + X509CertImpl.NAME + "." + X509CertImpl.INFO); } catch (CertificateParsingException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); + CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); throw new ECMSGWException( - CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); + CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); } } else { certInfo = CMS.getDefaultX509CertInfo(); } - X509CertInfo[] certInfoArray = new X509CertInfo[] {certInfo}; + X509CertInfo[] certInfoArray = new X509CertInfo[] { certInfo }; - //AuthToken authToken = access.getAuthToken(); + // AuthToken authToken = access.getAuthToken(); IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("hashDirEnrollment.name"); IAuthSubsystem authSS = (IAuthSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager authMgr1 = authSS.get(val); HashAuthentication mgr = (HashAuthentication) authMgr1; String pageID = httpParams.getValueAsString("pageID", null); @@ -405,24 +399,24 @@ public class HashEnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); return; } else { - authMgr = + authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); - // don't store agent token in request. - // agent currently used for bulk issuance. + // don't store agent token in request. + // agent currently used for bulk issuance. // if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { - log(ILogger.LL_INFO, - "Enrollment request was authenticated by " + - authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); + log(ILogger.LL_INFO, + "Enrollment request was authenticated by " + + authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); fillCertInfoFromAuthToken(certInfo, authToken); - // save authtoken attrs to request directly (for policy use) + // save authtoken attrs to request directly (for policy use) saveAuthToken(authToken, req); // req.set(IRequest.AUTH_TOKEN, authToken); // } } // fill certInfo from input types: keygen, cmc, pkcs10 or crmf - KeyGenInfo keyGenInfo = - httpParams.getValueAsKeyGenInfo(SUBJECT_KEYGEN_INFO, null); + KeyGenInfo keyGenInfo = + httpParams.getValueAsKeyGenInfo(SUBJECT_KEYGEN_INFO, null); String certType = null; @@ -441,8 +435,8 @@ public class HashEnrollServlet extends CMSServlet { req.setExtData(IRequest.HTTP_PARAMS, CERT_TYPE, certType); } - String crmf = - httpParams.getValueAsString(CRMF_REQUEST, null); + String crmf = + httpParams.getValueAsString(CRMF_REQUEST, null); if (certAuthEnroll == true) { @@ -452,24 +446,24 @@ public class HashEnrollServlet extends CMSServlet { if (certauthEnrollType.equals(CERT_AUTH_DUAL)) { if (mCa == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NOT_A_CA")); + CMS.getLogMessage("CMSGW_NOT_A_CA")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_A_CA")); + CMS.getUserMessage("CMS_GW_NOT_A_CA")); } // first, make sure the client cert is indeed a - // signing only cert + // signing only cert if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == false) || - ((CMS.isSigningCert((X509CertImpl) sslClientCert) == + ((CMS.isSigningCert((X509CertImpl) sslClientCert) == true) && (CMS.isEncryptionCert((X509CertImpl) sslClientCert) == true))) { // either it's not a signing cert, or it's a dual cert log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); + CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); } X509Key key = null; @@ -478,22 +472,22 @@ public class HashEnrollServlet extends CMSServlet { try { certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } String filter = - "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))"; - ICertRecordList list = - (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, - null, 10); + "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))"; + ICertRecordList list = + (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, + null, 10); int size = list.getSize(); Enumeration<ICertRecord> en = list.getCertRecords(0, size - 1); boolean gotEncCert = false; @@ -502,8 +496,8 @@ public class HashEnrollServlet extends CMSServlet { // pairing encryption cert not found } else { X509CertInfo encCertInfo = CMS.getDefaultX509CertInfo(); - X509CertInfo[] cInfoArray = new X509CertInfo[] {certInfo, - encCertInfo}; + X509CertInfo[] cInfoArray = new X509CertInfo[] { certInfo, + encCertInfo }; int i = 1; while (en.hasMoreElements()) { @@ -512,7 +506,7 @@ public class HashEnrollServlet extends CMSServlet { // if not encryption cert only, try next one if ((CMS.isEncryptionCert(cert) == false) || - ((CMS.isEncryptionCert(cert) == true) && + ((CMS.isEncryptionCert(cert) == true) && (CMS.isSigningCert(cert) == true))) { continue; } @@ -521,27 +515,27 @@ public class HashEnrollServlet extends CMSServlet { try { encCertInfo = (X509CertInfo) cert.get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + X509CertImpl.NAME + "." + X509CertImpl.INFO); } catch (CertificateParsingException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); + CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); throw new ECMSGWException( - CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); + CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); } try { encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } fillCertInfoFromAuthToken(encCertInfo, authToken); @@ -555,24 +549,24 @@ public class HashEnrollServlet extends CMSServlet { if (gotEncCert == false) { // encryption cert not found, bail log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND")); + CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND")); + CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND")); } } else if (certauthEnrollType.equals(CERT_AUTH_ENCRYPTION)) { // first, make sure the client cert is indeed a - // signing only cert + // signing only cert if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == false) || - ((CMS.isSigningCert((X509CertImpl) sslClientCert) == + ((CMS.isSigningCert((X509CertImpl) sslClientCert) == true) && (CMS.isEncryptionCert((X509CertImpl) sslClientCert) == true))) { // either it's not a signing cert, or it's a dual cert log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); + CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); } /* @@ -581,14 +575,14 @@ public class HashEnrollServlet extends CMSServlet { if (crmf != null && crmf != "") { certInfoArray = fillCRMF(crmf, authToken, httpParams, req); req.setExtData(CLIENT_ISSUER, - sslClientCert.getIssuerDN().toString()); + sslClientCert.getIssuerDN().toString()); CMS.debug( - "HashEnrollServlet: sslClientCert issuerDN = " + sslClientCert.getIssuerDN().toString()); + "HashEnrollServlet: sslClientCert issuerDN = " + sslClientCert.getIssuerDN().toString()); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), - "CMS_GW_MISSING_KEYGEN_INFO")); + "CMS_GW_MISSING_KEYGEN_INFO")); } } else if (certauthEnrollType.equals(CERT_AUTH_SINGLE)) { // have to be buried here to handle the issuer @@ -596,21 +590,21 @@ public class HashEnrollServlet extends CMSServlet { if (crmf != null && crmf != "") { certInfoArray = fillCRMF(crmf, authToken, httpParams, req); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), - "CMS_GW_MISSING_KEYGEN_INFO")); + "CMS_GW_MISSING_KEYGEN_INFO")); } req.setExtData(CLIENT_ISSUER, - sslClientCert.getIssuerDN().toString()); + sslClientCert.getIssuerDN().toString()); } } else if (crmf != null && crmf != "") { certInfoArray = fillCRMF(crmf, authToken, httpParams, req); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), - "CMS_GW_MISSING_KEYGEN_INFO")); + "CMS_GW_MISSING_KEYGEN_INFO")); } req.setExtData(IRequest.CERT_INFO, certInfoArray); @@ -621,9 +615,9 @@ public class HashEnrollServlet extends CMSServlet { req.setExtData(CHALLENGE_PASSWORD, pwd); } - // send request to request queue. + // send request to request queue. mRequestQueue.processRequest(req); - // process result. + // process result. // render OLD_CERT_TYPE's response differently, we // dont want any javascript in HTML, and need to @@ -638,24 +632,24 @@ public class HashEnrollServlet extends CMSServlet { return; } - //for audit log + // for audit log String initiative = null; String agentID = null; if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { - // request is from eegateway, so fromUser. + // request is from eegateway, so fromUser. initiative = AuditFormat.FROMUSER; } else { agentID = authToken.getInString("userid"); initiative = AuditFormat.FROMAGENT + " agentID: " + agentID; - } + } // if service not complete return standard templates. RequestStatus status = req.getRequestStatus(); if (status != RequestStatus.COMPLETE) { cmsReq.setIRequestStatus(); // set status acc. to IRequest status. - // audit log the status + // audit log the status try { if (status == RequestStatus.REJECTED) { Vector<String> messages = req.getExtDataInStringVector(IRequest.ERRORS); @@ -668,52 +662,52 @@ public class HashEnrollServlet extends CMSServlet { wholeMsg.append("\n"); wholeMsg.append(msgs.nextElement()); } - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT), - " violation: " + - wholeMsg.toString()}, - ILogger.L_MULTILINE - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT), + " violation: " + + wholeMsg.toString() }, + ILogger.L_MULTILINE + ); } else { // no policy violation, from agent mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT), "" } + ); + } + } else { // other imcomplete status + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.ENROLLMENTFORMAT, new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT), ""} - ); - } - } else { // other imcomplete status - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT), ""} - ); + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT), "" } + ); } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } return; } @@ -725,39 +719,39 @@ public class HashEnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(req.getExtDataInString(IRequest.ERROR)); String[] svcErrors = - req.getExtDataInStringArray(IRequest.SVCERRORS); + req.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - //System.out.println( - //"revocation servlet: setting error description "+ - //err.toString()); + // System.out.println( + // "revocation servlet: setting error description "+ + // err.toString()); cmsReq.setErrorDescription(err); // audit log the error try { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed with error: " + - err, - certInfo.get(X509CertInfo.SUBJECT), ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed with error: " + + err, + certInfo.get(X509CertInfo.SUBJECT), "" } + ); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", - e.toString())); + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + e.toString())); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", - e.toString())); + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + e.toString())); } } } @@ -768,143 +762,143 @@ public class HashEnrollServlet extends CMSServlet { // service success cmsReq.setStatus(CMSRequest.SUCCESS); X509CertImpl[] issuedCerts = - req.getExtDataInCertArray(IRequest.ISSUED_CERTS); + req.getExtDataInCertArray(IRequest.ISSUED_CERTS); // audit log the success. - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed", - issuedCerts[0].getSubjectDN(), - "cert issued serial number: 0x" + - issuedCerts[0].getSerialNumber().toString(16)} - ); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed", + issuedCerts[0].getSubjectDN(), + "cert issued serial number: 0x" + + issuedCerts[0].getSerialNumber().toString(16) } + ); // return cert as mime type binary if requested. if (checkImportCertToNav( - cmsReq.getHttpResp(), httpParams, issuedCerts[0])) { + cmsReq.getHttpResp(), httpParams, issuedCerts[0])) { cmsReq.setStatus(CMSRequest.SUCCESS); return; } - + // use success template. try { - cmsReq.setResult(issuedCerts); - renderTemplate(cmsReq, mEnrollSuccessTemplate, - mEnrollSuccessFiller); - cmsReq.setStatus(CMSRequest.SUCCESS); + cmsReq.setResult(issuedCerts); + renderTemplate(cmsReq, mEnrollSuccessTemplate, + mEnrollSuccessFiller); + cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_TEMP_REND_ERR", mEnrollSuccessFiller.toString(), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_TEMP_REND_ERR", mEnrollSuccessFiller.toString(), e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR")); + CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR")); } return; } /** - * fill subject name, validity, extensions from authoken if any, - * overriding what was in pkcs10. - * fill subject name, extensions from http input if not authenticated. - * requests not authenticated will need to be approved by an agent. + * fill subject name, validity, extensions from authoken if any, overriding + * what was in pkcs10. fill subject name, extensions from http input if not + * authenticated. requests not authenticated will need to be approved by an + * agent. */ protected void fillCertInfoFromAuthToken( - X509CertInfo certInfo, IAuthToken authToken) - throws EBaseException { + X509CertInfo certInfo, IAuthToken authToken) + throws EBaseException { // override subject, validity and extensions from auth token // CA determines algorithm, version and issuer. - // take key from keygen, cmc, pkcs10 or crmf. + // take key from keygen, cmc, pkcs10 or crmf. // subject name. try { String subjectname = - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT); + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT); if (subjectname != null) { CertificateSubjectName certSubject = (CertificateSubjectName) - new CertificateSubjectName(new X500Name(subjectname)); + new CertificateSubjectName(new X500Name(subjectname)); certInfo.set(X509CertInfo.SUBJECT, certSubject); - log(ILogger.LL_INFO, - "cert subject set to " + certSubject + " from authtoken"); + log(ILogger.LL_INFO, + "cert subject set to " + certSubject + " from authtoken"); } } catch (CertificateException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } // validity try { CertificateValidity validity = null; - Date notBefore = - authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); - Date notAfter = - authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); + Date notBefore = + authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); + Date notAfter = + authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); if (notBefore != null && notAfter != null) { validity = new CertificateValidity(notBefore, notAfter); certInfo.set(X509CertInfo.VALIDITY, validity); - log(ILogger.LL_INFO, - "cert validity set to " + validity + " from authtoken"); + log(ILogger.LL_INFO, + "cert validity set to " + validity + " from authtoken"); } } catch (CertificateException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } - + // extensions try { CertificateExtensions extensions = - authToken.getInCertExts(X509CertInfo.EXTENSIONS); + authToken.getInCertExts(X509CertInfo.EXTENSIONS); if (extensions != null) { certInfo.set(X509CertInfo.EXTENSIONS, extensions); log(ILogger.LL_INFO, "cert extensions set from authtoken"); } } catch (CertificateException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } } protected X509CertInfo[] fillCRMF( - String crmf, IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + String crmf, IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { try { byte[] crmfBlob = CMS.AtoB(crmf); ByteArrayInputStream crmfBlobIn = - new ByteArrayInputStream(crmfBlob); - + new ByteArrayInputStream(crmfBlob); + SEQUENCE crmfMsgs = (SEQUENCE) - new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn); + new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn); int nummsgs = crmfMsgs.size(); X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs]; @@ -914,17 +908,11 @@ public class HashEnrollServlet extends CMSServlet { CertReqMsg certReqMsg = (CertReqMsg) crmfMsgs.elementAt(i); /* - if (certReqMsg.hasPop()) { - try { - certReqMsg.verify(); - } catch (ChallengeResponseException ex) { - // create and save the challenge - // construct the cmmf message together - // in a sequence to challenge the requestor - } catch (Exception e) { - // failed, should only affect one request - } - } + * if (certReqMsg.hasPop()) { try { certReqMsg.verify(); } catch + * (ChallengeResponseException ex) { // create and save the + * challenge // construct the cmmf message together // in a + * sequence to challenge the requestor } catch (Exception e) { + * // failed, should only affect one request } } */ CertRequest certReq = certReqMsg.getCertReq(); INTEGER certReqId = certReq.getCertReqId(); @@ -951,92 +939,92 @@ public class HashEnrollServlet extends CMSServlet { if (certTemplate.getNotBefore() != null || certTemplate.getNotAfter() != null) { CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), certTemplate.getNotAfter()); - certInfo.set(X509CertInfo.VALIDITY, certValidity); + certInfo.set(X509CertInfo.VALIDITY, certValidity); } if (certTemplate.hasSubject()) { Name subjectdn = certTemplate.getSubject(); - ByteArrayOutputStream subjectEncStream = - new ByteArrayOutputStream(); + ByteArrayOutputStream subjectEncStream = + new ByteArrayOutputStream(); subjectdn.encode(subjectEncStream); byte[] subjectEnc = subjectEncStream.toByteArray(); X500Name subject = new X500Name(subjectEnc); - certInfo.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(subject)); - } else if (authToken == null || - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { - // No subject name - error! - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + certInfo.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(subject)); + } else if (authToken == null || + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { + // No subject name - error! + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); } - // get extensions + // get extensions CertificateExtensions extensions = null; try { extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); } catch (CertificateException e) { extensions = null; } catch (IOException e) { extensions = null; } if (certTemplate.hasExtensions()) { - // put each extension from CRMF into CertInfo. - // index by extension name, consistent with + // put each extension from CRMF into CertInfo. + // index by extension name, consistent with // CertificateExtensions.parseExtension() method. - if (extensions == null) + if (extensions == null) extensions = new CertificateExtensions(); int numexts = certTemplate.numExtensions(); for (int j = 0; j < numexts; j++) { - org.mozilla.jss.pkix.cert.Extension jssext = - certTemplate.extensionAt(j); + org.mozilla.jss.pkix.cert.Extension jssext = + certTemplate.extensionAt(j); boolean isCritical = jssext.getCritical(); - org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = - jssext.getExtnId(); + org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = + jssext.getExtnId(); long[] numbers = jssoid.getNumbers(); int[] oidNumbers = new int[numbers.length]; for (int k = numbers.length - 1; k >= 0; k--) { oidNumbers[k] = (int) numbers[k]; } - ObjectIdentifier oid = - new ObjectIdentifier(oidNumbers); - org.mozilla.jss.asn1.OCTET_STRING jssvalue = - jssext.getExtnValue(); - ByteArrayOutputStream jssvalueout = - new ByteArrayOutputStream(); + ObjectIdentifier oid = + new ObjectIdentifier(oidNumbers); + org.mozilla.jss.asn1.OCTET_STRING jssvalue = + jssext.getExtnValue(); + ByteArrayOutputStream jssvalueout = + new ByteArrayOutputStream(); jssvalue.encode(jssvalueout); byte[] extValue = jssvalueout.toByteArray(); - Extension ext = - new Extension(oid, isCritical, extValue); + Extension ext = + new Extension(oid, isCritical, extValue); extensions.parseExtension(ext); } - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } - // Added a new configuration parameter + // Added a new configuration parameter // eeGateway.Enrollment.authTokenOverride=[true|false] // By default, it is set to true. In most // of the case, administrator would want // to have the control of the subject name // formulation. // -- CRMFfillCert - if (authToken != null && - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { - // if authenticated override subect name, validity and + if (authToken != null && + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { + // if authenticated override subect name, validity and // extensions if any from authtoken. fillCertInfoFromAuthToken(certInfo, authToken); } @@ -1048,27 +1036,27 @@ public class HashEnrollServlet extends CMSServlet { return certInfoArray; } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (InvalidBERException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (InvalidKeyException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } } @@ -1092,7 +1080,11 @@ public class HashEnrollServlet extends CMSServlet { out.println("<H1>"); out.println("SUCCESS"); out.println("</H1>"); - out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX - localize the message + out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX + // - + // localize + // the + // message out.println("<P>"); out.println("Request Creation Time: "); out.println(cmsReq.getIRequest().getCreationTime().toString()); @@ -1107,24 +1099,28 @@ public class HashEnrollServlet extends CMSServlet { out.println("<P>"); out.println("<PRE>"); X509CertImpl certs[] = - cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS); + cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS); out.println(CMS.getEncodedCert(certs[0])); out.println("</PRE>"); out.println("<P>"); out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + - cmsReq.getIRequest().getCreationTime().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_ID=" + - cmsReq.getIRequest().getRequestId().toString() + ">"); + cmsReq.getIRequest().getCreationTime().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_ID=" + + cmsReq.getIRequest().getRequestId().toString() + ">"); out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" + - CMS.getEncodedCert(certs[0]) + ">"); + CMS.getEncodedCert(certs[0]) + ">"); } else if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.PENDING)) { out.println("<H1>"); out.println("PENDING"); out.println("</H1>"); - out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX - localize the message + out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX + // - + // localize + // the + // message out.println("<P>"); out.println("Request Creation Time: "); out.println(cmsReq.getIRequest().getCreationTime().toString()); @@ -1136,17 +1132,21 @@ public class HashEnrollServlet extends CMSServlet { out.println(cmsReq.getIRequest().getRequestId().toString()); out.println("<P>"); out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + - cmsReq.getIRequest().getCreationTime().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_ID=" + - cmsReq.getIRequest().getRequestId().toString() + ">"); + cmsReq.getIRequest().getCreationTime().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_ID=" + + cmsReq.getIRequest().getRequestId().toString() + ">"); } else { out.println("<H1>"); out.println("ERROR"); out.println("</H1>"); out.println("<!INFO>"); - out.println("Please consult your local administrator for assistance."); // XXX - localize the message + out.println("Please consult your local administrator for assistance."); // XXX + // - + // localize + // the + // message out.println("<!/INFO>"); out.println("<P>"); out.println("Request Status: "); @@ -1155,62 +1155,58 @@ public class HashEnrollServlet extends CMSServlet { out.println("Error: "); out.println(cmsReq.getError()); // XXX - need to parse in Locale out.println("<P>"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT ERROR=" + - cmsReq.getError() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT ERROR=" + + cmsReq.getError() + ">"); } /** - // include all the input data - IArgBlock args = cmsReq.getHttpParams(); - Enumeration ele = args.getElements(); - while (ele.hasMoreElements()) { - String eleT = (String)ele.nextElement(); - out.println("<!HTTP_INPUT " + eleT + "=" + - args.get(eleT) + ">"); - } + * // include all the input data IArgBlock args = + * cmsReq.getHttpParams(); Enumeration ele = args.getElements(); while + * (ele.hasMoreElements()) { String eleT = (String)ele.nextElement(); + * out.println("<!HTTP_INPUT " + eleT + "=" + args.get(eleT) + ">"); } **/ out.println("</HTML>"); } - // XXX ALERT !! - // Remove the following and calls to them when we bundle a cartman - // later than alpha1. - // These are here to cover up problem in cartman where the - // key usage extension always ends up being digital signature only + // XXX ALERT !! + // Remove the following and calls to them when we bundle a cartman + // later than alpha1. + // These are here to cover up problem in cartman where the + // key usage extension always ends up being digital signature only // and for rsa-ex ends up having no bits set. private boolean mIsTestBed = false; - private void init_testbed_hack(IConfigStore config) - throws EBaseException { + private void init_testbed_hack(IConfigStore config) + throws EBaseException { mIsTestBed = config.getBoolean("isTestBed", true); } private void do_testbed_hack( - int nummsgs, X509CertInfo[] certinfo, IArgBlock httpParams) - throws EBaseException { - if (!mIsTestBed) + int nummsgs, X509CertInfo[] certinfo, IArgBlock httpParams) + throws EBaseException { + if (!mIsTestBed) return; - // get around bug in cartman - bits are off by one byte. + // get around bug in cartman - bits are off by one byte. for (int i = 0; i < certinfo.length; i++) { try { X509CertInfo cert = certinfo[i]; CertificateExtensions exts = (CertificateExtensions) - cert.get(CertificateExtensions.NAME); + cert.get(CertificateExtensions.NAME); if (exts == null) { // should not happen. continue; } KeyUsageExtension ext = (KeyUsageExtension) - exts.get(KeyUsageExtension.class.getSimpleName()); + exts.get(KeyUsageExtension.class.getSimpleName()); - if (ext == null) - // should not happen + if (ext == null) + // should not happen continue; byte[] value = ext.getExtensionValue(); @@ -1221,13 +1217,12 @@ public class HashEnrollServlet extends CMSServlet { newvalue[1] = 0x03; newvalue[2] = 0x07; newvalue[3] = value[3]; - // force encryption certs to have digitial signature + // force encryption certs to have digitial signature // set too so smime can find the cert for encryption. if (value[3] == 0x20) { /* - newvalue[3] = 0x3f; - newvalue[4] = (byte)0x80; + * newvalue[3] = 0x3f; newvalue[4] = (byte)0x80; */ if (httpParams.getValueAsBoolean( "dual-use-hack", true)) { @@ -1235,22 +1230,21 @@ public class HashEnrollServlet extends CMSServlet { } } newvalue[4] = 0; - KeyUsageExtension newext = - new KeyUsageExtension(Boolean.valueOf(true), - (Object) newvalue); + KeyUsageExtension newext = + new KeyUsageExtension(Boolean.valueOf(true), + (Object) newvalue); exts.delete(KeyUsageExtension.class.getSimpleName()); exts.set(KeyUsageExtension.class.getSimpleName(), newext); } } catch (IOException e) { - // should never happen + // should never happen continue; } catch (CertificateException e) { - // should never happen + // should never happen continue; } } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java index 75726730..58822812 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.BufferedReader; import java.io.ByteArrayOutputStream; import java.io.StringReader; @@ -58,25 +57,25 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; - /** * Set up HTTP response to import certificate into browsers * - * The result must have been populate with the set of certificates - * to return. + * The result must have been populate with the set of certificates to return. + * * <pre> * inputs: certtype. * outputs: - * - cert type from http input (if any) + * - cert type from http input (if any) * - CA chain - * - authority name (RM, CM, DRM) + * - authority name (RM, CM, DRM) * - scheme:host:port of server. - * array of one or more + * array of one or more * - cert serial number * - cert pretty print - * - cert in base 64 encoding. - * - cmmf blob to import + * - cert in base 64 encoding. + * - cmmf blob to import * </pre> + * * @version $Revision$, $Date$ */ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { @@ -88,7 +87,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { public static final String CERT_FINGERPRINT = "certFingerprint"; // cisco public static final String CERT_NICKNAME = "certNickname"; public static final String CMMF_RESP = "cmmfResponse"; - public static final String PKCS7_RESP = "pkcs7ChainBase64"; // for MSIE + public static final String PKCS7_RESP = "pkcs7ChainBase64"; // for MSIE public ImportCertsTemplateFiller() { } @@ -100,32 +99,32 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { * @param e unexpected exception e. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) - throws Exception { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) + throws Exception { Certificate[] certs = (Certificate[]) cmsReq.getResult(); if (certs instanceof X509CertImpl[]) - return getX509TemplateParams(cmsReq, authority, locale, e); + return getX509TemplateParams(cmsReq, authority, locale, e); else return null; } - + public CMSTemplateParams getX509TemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) - throws Exception { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) + throws Exception { IArgBlock header = CMS.createArgBlock(); IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(header, fixed); - // set host name and port. + // set host name and port. HttpServletRequest httpReq = cmsReq.getHttpReq(); String host = httpReq.getServerName(); int port = httpReq.getServerPort(); String scheme = httpReq.getScheme(); String format = httpReq.getParameter("format"); - if(format!=null && format.equals("cmc")) + if (format != null && format.equals("cmc")) fixed.set("importCMC", "false"); - String agentPort = ""+port; + String agentPort = "" + port; fixed.set("agentHost", host); fixed.set("agentPort", agentPort); fixed.set(ICMSTemplateFiller.HOST, host); @@ -148,33 +147,34 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { // set cert type. IArgBlock httpParams = cmsReq.getHttpParams(); - String certType = - httpParams.getValueAsString(CERT_TYPE, null); + String certType = + httpParams.getValueAsString(CERT_TYPE, null); - if (certType != null) + if (certType != null) fixed.set(CERT_TYPE, certType); - // this authority - fixed.set(ICMSTemplateFiller.AUTHORITY, - (String) authority.getOfficialName()); + // this authority + fixed.set(ICMSTemplateFiller.AUTHORITY, + (String) authority.getOfficialName()); // CA chain. - CertificateChain cachain = - ((ICertAuthority) authority).getCACertChain(); + CertificateChain cachain = + ((ICertAuthority) authority).getCACertChain(); X509Certificate[] cacerts = cachain.getChain(); String replyTo = httpParams.getValueAsString("replyTo", null); - if (replyTo != null) fixed.set("replyTo", replyTo); + if (replyTo != null) + fixed.set("replyTo", replyTo); - // set user + CA cert chain and pkcs7 for MSIE. + // set user + CA cert chain and pkcs7 for MSIE. X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; int m = 1, n = 0; - for (; n < cacerts.length; m++, n++) + for (; n < cacerts.length; m++, n++) userChain[m] = (X509CertImpl) cacerts[n]; - // certs. + // certs. X509CertImpl[] certs = (X509CertImpl[]) cmsReq.getResult(); // expose CRMF request id @@ -188,7 +188,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { fixed.set(CRMF_REQID, crmfReqId); } - // set CA certs in cmmf, initialize CertRepContent + // set CA certs in cmmf, initialize CertRepContent // note cartman can't trust ca certs yet but it'll import them. // also set cert nickname for cartman. CertRepContent certRepContent = null; @@ -196,23 +196,23 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { if (CMSServlet.doCMMFResponse(httpParams)) { byte[][] caPubs = new byte[cacerts.length][]; - for (int j = 0; j < cacerts.length; j++) + for (int j = 0; j < cacerts.length; j++) caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded(); certRepContent = new CertRepContent(caPubs); - String certnickname = - cmsReq.getHttpParams().getValueAsString(CERT_NICKNAME, null); + String certnickname = + cmsReq.getHttpParams().getValueAsString(CERT_NICKNAME, null); // if nickname is not requested set to subject name by default. - if (certnickname == null) + if (certnickname == null) fixed.set(CERT_NICKNAME, certs[0].getSubjectDN().toString()); else fixed.set(CERT_NICKNAME, certnickname); } - // make pkcs7 for MSIE - if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq()) && - (certType == null || certType.equals("client"))) { + // make pkcs7 for MSIE + if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq()) && + (certType == null || certType.equals("client"))) { userChain[0] = certs[0]; PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(new byte[0]), @@ -222,7 +222,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { p7.encodeSignedData(bos); byte[] p7Bytes = bos.toByteArray(); - // String p7Str = encoder.encodeBuffer(p7Bytes); + // String p7Str = encoder.encodeBuffer(p7Bytes); String p7Str = CMS.BtoA(p7Bytes); header.set(PKCS7_RESP, p7Str); @@ -234,24 +234,24 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { X509CertImpl cert = certs[i]; // set serial number. - BigInteger serialNo = - ((X509Certificate) cert).getSerialNumber(); + BigInteger serialNo = + ((X509Certificate) cert).getSerialNumber(); repeat.addBigIntegerValue(ISSUED_CERT_SERIAL, serialNo, 16); // set base64 encoded blob. byte[] certEncoded = cert.getEncoded(); - // String b64 = encoder.encodeBuffer(certEncoded); + // String b64 = encoder.encodeBuffer(certEncoded); String b64 = CMS.BtoA(certEncoded); String b64cert = "-----BEGIN CERTIFICATE-----\n" + - b64 + "\n-----END CERTIFICATE-----"; + b64 + "\n-----END CERTIFICATE-----"; repeat.set(BASE64_CERT, b64cert); - + // set cert pretty print. - + String prettyPrintRequested = - cmsReq.getHttpParams().getValueAsString(CERT_PRETTYPRINT, null); + cmsReq.getHttpParams().getValueAsString(CERT_PRETTYPRINT, null); if (prettyPrintRequested == null) { prettyPrintRequested = "true"; @@ -266,7 +266,8 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { repeat.set(CERT_PRETTYPRINT, ppStr); // Now formulate a PKCS#7 blob - X509CertImpl[] certsInChain = new X509CertImpl[1];; + X509CertImpl[] certsInChain = new X509CertImpl[1]; + ; if (cacerts != null) { for (int j = 0; j < cacerts.length; j++) { if (cert.equals(cacerts[j])) { @@ -277,10 +278,10 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { certsInChain = new X509CertImpl[cacerts.length + 1]; } } - + // Set the EE cert certsInChain[0] = cert; - + // Set the Ca certificate chain if (cacerts != null) { for (int j = 0; j < cacerts.length; j++) { @@ -292,7 +293,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { String p7Str; try { - PKCS7 p7 = new PKCS7(new AlgorithmId[0], + PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(new byte[0]), certsInChain, new SignerInfo[0]); @@ -301,14 +302,14 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { p7.encodeSignedData(bos); byte[] p7Bytes = bos.toByteArray(); - //p7Str = encoder.encodeBuffer(p7Bytes); + // p7Str = encoder.encodeBuffer(p7Bytes); p7Str = CMS.BtoA(p7Bytes); repeat.addStringValue("pkcs7ChainBase64", p7Str); } catch (Exception ex) { - //p7Str = "PKCS#7 B64 Encoding error - " + ex.toString() - //+ "; Please contact your administrator"; + // p7Str = "PKCS#7 B64 Encoding error - " + ex.toString() + // + "; Please contact your administrator"; throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR")); + CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR")); } // set cert fingerprint (for Cisco routers) @@ -325,18 +326,18 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { throw new EBaseException( CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", ex.toString())); } - if (fingerprint != null && fingerprint.length() > 0) + if (fingerprint != null && fingerprint.length() > 0) repeat.set(CERT_FINGERPRINT, fingerprint); - // cmmf response for this cert. + // cmmf response for this cert. if (CMSServlet.doCMMFResponse(httpParams) && crmfReqId != null && - (certType == null || certType.equals("client"))) { + (certType == null || certType.equals("client"))) { PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted); - CertifiedKeyPair certifiedKP = - new CertifiedKeyPair(new CertOrEncCert(certEncoded)); - CertResponse resp = - new CertResponse(new INTEGER(crmfReqId), status, - certifiedKP); + CertifiedKeyPair certifiedKP = + new CertifiedKeyPair(new CertOrEncCert(certEncoded)); + CertResponse resp = + new CertResponse(new INTEGER(crmfReqId), status, + certifiedKP); certRepContent.addCertResponse(resp); } @@ -352,19 +353,19 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { byte[] certRepBytes = certRepOut.toByteArray(); String certRepB64 = com.netscape.osutil.OSUtil.BtoA(certRepBytes); // add CR to each return as required by cartman - BufferedReader certRepB64lines = - new BufferedReader(new StringReader(certRepB64)); + BufferedReader certRepB64lines = + new BufferedReader(new StringReader(certRepB64)); StringWriter certRepStringOut = new StringWriter(); String oneLine = null; boolean first = true; while ((oneLine = certRepB64lines.readLine()) != null) { if (first) { - //certRepStringOut.write("\""+oneLine+"\""); + // certRepStringOut.write("\""+oneLine+"\""); certRepStringOut.write(oneLine); first = false; } else { - //certRepStringOut.write("+\"\\n"+oneLine+"\""); + // certRepStringOut.write("+\"\\n"+oneLine+"\""); certRepStringOut.write("\n" + oneLine); } } @@ -376,4 +377,3 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java index a65be25a..9e89bb1a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.PublicKey; @@ -57,10 +56,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Retrieve a paged list of certs matching the specified query - * + * * @version $Revision$, $Date$ */ public class ListCerts extends CMSServlet { @@ -78,8 +76,8 @@ public class ListCerts extends CMSServlet { private ICertificateRepository mCertDB = null; private X500Name mAuthName = null; private String mFormPath = null; - private boolean mReverse = false; - private boolean mHardJumpTo = false; //jump to the end + private boolean mReverse = false; + private boolean mHardJumpTo = false; // jump to the end private String mDirection = null; private boolean mUseClientFilter = false; private Vector<String> mAllowedClientFilters = new Vector<String>(); @@ -95,7 +93,7 @@ public class ListCerts extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "queryCert.template" to render the response - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -120,28 +118,29 @@ public class ListCerts extends CMSServlet { /* do nothing, just use the default if integer parsing failed */ } - /* useClientFilter should be off by default. We keep - this parameter around so that we do not break - the client applications that submits raw LDAP - filter into this servlet. */ + /* + * useClientFilter should be off by default. We keep this parameter + * around so that we do not break the client applications that submits + * raw LDAP filter into this servlet. + */ if (sc.getInitParameter(USE_CLIENT_FILTER) != null && - sc.getInitParameter(USE_CLIENT_FILTER).equalsIgnoreCase("true")) { mUseClientFilter = true; + sc.getInitParameter(USE_CLIENT_FILTER).equalsIgnoreCase("true")) { + mUseClientFilter = true; } if (sc.getInitParameter(ALLOWED_CLIENT_FILTERS) == null || sc.getInitParameter(ALLOWED_CLIENT_FILTERS).equals("")) { - mAllowedClientFilters.addElement("(certStatus=*)"); - mAllowedClientFilters.addElement("(certStatus=VALID)"); - mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"); - mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=REVOKED))"); + mAllowedClientFilters.addElement("(certStatus=*)"); + mAllowedClientFilters.addElement("(certStatus=VALID)"); + mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"); + mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=REVOKED))"); } else { StringTokenizer st = new StringTokenizer(sc.getInitParameter(ALLOWED_CLIENT_FILTERS), ","); while (st.hasMoreTokens()) { - mAllowedClientFilters.addElement(st.nextToken()); + mAllowedClientFilters.addElement(st.nextToken()); } } } - public String buildFilter(HttpServletRequest req) - { + public String buildFilter(HttpServletRequest req) { String queryCertFilter = req.getParameter("queryCertFilter"); com.netscape.certsrv.apps.CMS.debug("client queryCertFilter=" + queryCertFilter); @@ -151,7 +150,7 @@ public class ListCerts extends CMSServlet { Enumeration<String> filters = mAllowedClientFilters.elements(); // check to see if the filter is allowed while (filters.hasMoreElements()) { - String filter = (String)filters.nextElement(); + String filter = (String) filters.nextElement(); com.netscape.certsrv.apps.CMS.debug("Comparing filter=" + filter + " queryCertFilter=" + queryCertFilter); if (filter.equals(queryCertFilter)) { return queryCertFilter; @@ -166,34 +165,37 @@ public class ListCerts extends CMSServlet { boolean skipRevoked = false; boolean skipNonValid = false; if (req.getParameter("skipRevoked") != null && - req.getParameter("skipRevoked").equals("on")) { + req.getParameter("skipRevoked").equals("on")) { skipRevoked = true; } if (req.getParameter("skipNonValid") != null && - req.getParameter("skipNonValid").equals("on")) { + req.getParameter("skipNonValid").equals("on")) { skipNonValid = true; } if (!skipRevoked && !skipNonValid) { - queryCertFilter = "(certStatus=*)"; - } else if (skipRevoked && skipNonValid) { - queryCertFilter = "(certStatus=VALID)"; - } else if (skipRevoked) { - queryCertFilter = "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"; - } else if (skipNonValid) { - queryCertFilter = "(|(certStatus=VALID)(certStatus=REVOKED))"; + queryCertFilter = "(certStatus=*)"; + } else if (skipRevoked && skipNonValid) { + queryCertFilter = "(certStatus=VALID)"; + } else if (skipRevoked) { + queryCertFilter = "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"; + } else if (skipNonValid) { + queryCertFilter = "(|(certStatus=VALID)(certStatus=REVOKED))"; } return queryCertFilter; } /** - * Process the HTTP request. - * <ul> - * <li>http.param maxCount Number of certificates to show + * Process the HTTP request. + * <ul> + * <li>http.param maxCount Number of certificates to show * <li>http.param queryFilter and ldap style filter specifying the - * certificates to show - * <li>http.param querySentinelDown the serial number of the first certificate to show (default decimal, or hex if prefixed with 0x) when paging down - * <li>http.param querySentinelUp the serial number of the first certificate to show (default decimal, or hex if prefixed with 0x) when paging up + * certificates to show + * <li>http.param querySentinelDown the serial number of the first + * certificate to show (default decimal, or hex if prefixed with 0x) when + * paging down + * <li>http.param querySentinelUp the serial number of the first certificate + * to show (default decimal, or hex if prefixed with 0x) when paging up * <li>http.param direction "up", "down", "begin", or "end" * </ul> */ @@ -232,24 +234,24 @@ public class ListCerts extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } - mHardJumpTo = false; + mHardJumpTo = false; try { - if (req.getParameter("direction") != null) { - mDirection = req.getParameter("direction").trim(); - mReverse = mDirection.equals("up"); - if (mReverse) - com.netscape.certsrv.apps.CMS.debug("reverse is true"); - else - com.netscape.certsrv.apps.CMS.debug("reverse is false"); + if (req.getParameter("direction") != null) { + mDirection = req.getParameter("direction").trim(); + mReverse = mDirection.equals("up"); + if (mReverse) + com.netscape.certsrv.apps.CMS.debug("reverse is true"); + else + com.netscape.certsrv.apps.CMS.debug("reverse is false"); - } + } if (req.getParameter("maxCount") != null) { maxCount = Integer.parseInt(req.getParameter("maxCount")); @@ -259,19 +261,19 @@ public class ListCerts extends CMSServlet { maxCount = mMaxReturns; } - String sentinelStr = ""; - if (mReverse) { - sentinelStr = req.getParameter("querySentinelUp"); - } else if (mDirection.equals("end")) { - // this servlet will figure out the end - sentinelStr = "0"; - mReverse = true; - mHardJumpTo = true; - } else if (mDirection.equals("down")) { - sentinelStr = req.getParameter("querySentinelDown"); - } else - sentinelStr = "0"; - //begin and non-specified have sentinel default "0" + String sentinelStr = ""; + if (mReverse) { + sentinelStr = req.getParameter("querySentinelUp"); + } else if (mDirection.equals("end")) { + // this servlet will figure out the end + sentinelStr = "0"; + mReverse = true; + mHardJumpTo = true; + } else if (mDirection.equals("down")) { + sentinelStr = req.getParameter("querySentinelDown"); + } else + sentinelStr = "0"; + // begin and non-specified have sentinel default "0" if (sentinelStr != null) { if (sentinelStr.trim().startsWith("0x")) { @@ -286,9 +288,9 @@ public class ListCerts extends CMSServlet { if (mAuthority instanceof ICertificateAuthority) { X509CertImpl caCert = ((ICertificateAuthority) mAuthority).getSigningUnit().getCertImpl(); - //if (isCertFromCA(caCert)) + // if (isCertFromCA(caCert)) header.addStringValue("caSerialNumber", - caCert.getSerialNumber().toString(16)); + caCert.getSerialNumber().toString(16)); } // constructs the ldap filter on the server side @@ -298,7 +300,7 @@ public class ListCerts extends CMSServlet { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - + com.netscape.certsrv.apps.CMS.debug("queryCertFilter=" + queryCertFilter); int totalRecordCount = -1; @@ -307,16 +309,16 @@ public class ListCerts extends CMSServlet { totalRecordCount = Integer.parseInt(req.getParameter("totalRecordCount")); } catch (Exception e) { } - processCertFilter(argSet, header, maxCount, - sentinel, - totalRecordCount, - req.getParameter("serialTo"), - queryCertFilter, - req, resp, revokeAll, locale[0]); + processCertFilter(argSet, header, maxCount, + sentinel, + totalRecordCount, + req.getParameter("serialTo"), + queryCertFilter, + req, resp, revokeAll, locale[0]); } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, com.netscape.certsrv.apps.CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - - error = new EBaseException(com.netscape.certsrv.apps.CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); + + error = new EBaseException(com.netscape.certsrv.apps.CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -329,36 +331,36 @@ public class ListCerts extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - cmsReq.setStatus(CMSRequest.SUCCESS); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - private void processCertFilter(CMSTemplateParams argSet, - IArgBlock header, - int maxCount, - BigInteger sentinel, - int totalRecordCount, - String serialTo, - String filter, - HttpServletRequest req, - HttpServletResponse resp, - String revokeAll, - Locale locale - ) throws EBaseException { + private void processCertFilter(CMSTemplateParams argSet, + IArgBlock header, + int maxCount, + BigInteger sentinel, + int totalRecordCount, + String serialTo, + String filter, + HttpServletRequest req, + HttpServletResponse resp, + String revokeAll, + Locale locale + ) throws EBaseException { BigInteger serialToVal = MINUS_ONE; try { @@ -376,31 +378,31 @@ public class ListCerts extends CMSServlet { } String jumpTo = sentinel.toString(); - int pSize = 0; - if (mReverse) { - if (!mHardJumpTo) //reverse gets one more - pSize = -1*maxCount-1; - else - pSize = -1*maxCount; - } else - pSize = maxCount; + int pSize = 0; + if (mReverse) { + if (!mHardJumpTo) // reverse gets one more + pSize = -1 * maxCount - 1; + else + pSize = -1 * maxCount; + } else + pSize = maxCount; ICertRecordList list = (ICertRecordList) mCertDB.findCertRecordsInList( - filter, (String[]) null, jumpTo, mHardJumpTo, "serialno", - pSize); + filter, (String[]) null, jumpTo, mHardJumpTo, "serialno", + pSize); // retrive maxCount + 1 entries - Enumeration<ICertRecord> e = list.getCertRecords(0, maxCount); + Enumeration<ICertRecord> e = list.getCertRecords(0, maxCount); ICertRecordList tolist = null; int toCurIndex = 0; if (!serialToVal.equals(MINUS_ONE)) { - // if user specify a range, we need to + // if user specify a range, we need to // calculate the totalRecordCount tolist = (ICertRecordList) mCertDB.findCertRecordsInList( - filter, - (String[]) null, serialTo, + filter, + (String[]) null, serialTo, "serialno", maxCount); Enumeration<ICertRecord> en = tolist.getCertRecords(0, 0); @@ -420,82 +422,85 @@ public class ListCerts extends CMSServlet { } } } - + int curIndex = list.getCurrentIndex(); int count = 0; - BigInteger firstSerial = new BigInteger("0"); - BigInteger curSerial = new BigInteger("0"); - ICertRecord[] recs = new ICertRecord[maxCount]; - int rcount = 0; + BigInteger firstSerial = new BigInteger("0"); + BigInteger curSerial = new BigInteger("0"); + ICertRecord[] recs = new ICertRecord[maxCount]; + int rcount = 0; if (e != null) { - /* in reverse (page up), because the sentinel is the one after the - * last item to be displayed, we need to skip it - */ - while ((count < ((mReverse &&!mHardJumpTo)? (maxCount+1):maxCount)) && e.hasMoreElements()) { + /* + * in reverse (page up), because the sentinel is the one after the + * last item to be displayed, we need to skip it + */ + while ((count < ((mReverse && !mHardJumpTo) ? (maxCount + 1) : maxCount)) && e.hasMoreElements()) { ICertRecord rec = (ICertRecord) e.nextElement(); if (rec == null) { - com.netscape.certsrv.apps.CMS.debug("record "+count+" is null"); + com.netscape.certsrv.apps.CMS.debug("record " + count + " is null"); break; - } + } curSerial = rec.getSerialNumber(); - com.netscape.certsrv.apps.CMS.debug("record "+count+" is serial#"+curSerial); - - if (count == 0) { - firstSerial = curSerial; - if (mReverse && !mHardJumpTo) {//reverse got one more, skip - count++; - continue; - } - } - - // DS has a problem where last record will be returned - // even though the filter is not matched. - /*cfu - is this necessary? it breaks when paging up - if (curSerial.compareTo(sentinel) == -1) { - com.netscape.certsrv.apps.CMS.debug("curSerial compare sentinel -1 break..."); - - break; - } - */ + com.netscape.certsrv.apps.CMS.debug("record " + count + " is serial#" + curSerial); + + if (count == 0) { + firstSerial = curSerial; + if (mReverse && !mHardJumpTo) {// reverse got one more, skip + count++; + continue; + } + } + + // DS has a problem where last record will be returned + // even though the filter is not matched. + /* + * cfu - is this necessary? it breaks when paging up if + * (curSerial.compareTo(sentinel) == -1) { + * com.netscape.certsrv.apps + * .CMS.debug("curSerial compare sentinel -1 break..."); + * + * break; } + */ if (!serialToVal.equals(MINUS_ONE)) { // check if we go over the limit if (curSerial.compareTo(serialToVal) == 1) { - com.netscape.certsrv.apps.CMS.debug("curSerial compare serialToVal 1 breaking..."); + com.netscape.certsrv.apps.CMS.debug("curSerial compare serialToVal 1 breaking..."); break; - } + } } - if (mReverse) { - recs[rcount++] = rec; - } else { + if (mReverse) { + recs[rcount++] = rec; + } else { - IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock(); + IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock(); - fillRecordIntoArg(rec, rarg); - argSet.addRepeatRecord(rarg); - } + fillRecordIntoArg(rec, rarg); + argSet.addRepeatRecord(rarg); + } count++; } } else { com.netscape.certsrv.apps.CMS.debug( - "ListCerts::processCertFilter() - no Cert Records found!" ); + "ListCerts::processCertFilter() - no Cert Records found!"); return; } - if (mReverse) { - // fill records into arg block and argSet - for (int ii = rcount-1; ii>= 0; ii--) { - if (recs[ii] != null) { - IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock(); - //com.netscape.certsrv.apps.CMS.debug("item "+ii+" is serial # "+ recs[ii].getSerialNumber()); - fillRecordIntoArg(recs[ii], rarg); - argSet.addRepeatRecord(rarg); - } - } - } + if (mReverse) { + // fill records into arg block and argSet + for (int ii = rcount - 1; ii >= 0; ii--) { + if (recs[ii] != null) { + IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock(); + // com.netscape.certsrv.apps.CMS.debug("item "+ii+" is serial # "+ + // recs[ii].getSerialNumber()); + fillRecordIntoArg(recs[ii], rarg); + argSet.addRepeatRecord(rarg); + } + } + } // peek ahead ICertRecord nextRec = null; @@ -519,58 +524,58 @@ public class ListCerts extends CMSServlet { if (totalRecordCount == -1) { if (!serialToVal.equals(MINUS_ONE)) { totalRecordCount = toCurIndex - curIndex + 1; - com.netscape.certsrv.apps.CMS.debug("totalRecordCount="+totalRecordCount); + com.netscape.certsrv.apps.CMS.debug("totalRecordCount=" + totalRecordCount); } else { - totalRecordCount = list.getSize() - + totalRecordCount = list.getSize() - list.getCurrentIndex(); - com.netscape.certsrv.apps.CMS.debug("totalRecordCount="+totalRecordCount); + com.netscape.certsrv.apps.CMS.debug("totalRecordCount=" + totalRecordCount); } } header.addIntegerValue("totalRecordCount", totalRecordCount); - header.addIntegerValue("currentRecordCount", list.getSize() - - list.getCurrentIndex()); - - String qs = ""; - if (mReverse) - qs = "querySentinelUp"; - else - qs = "querySentinelDown"; - - if (mHardJumpTo) { - com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:"+ curSerial.toString()); - - header.addStringValue("querySentinelUp", curSerial.toString()); - } else { - if (nextRec == null) { - header.addStringValue(qs, null); - com.netscape.certsrv.apps.CMS.debug("nextRec is null"); - if (mReverse) { - com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:"+ curSerial.toString()); - - header.addStringValue("querySentinelUp", curSerial.toString()); - } + header.addIntegerValue("currentRecordCount", list.getSize() - + list.getCurrentIndex()); + + String qs = ""; + if (mReverse) + qs = "querySentinelUp"; + else + qs = "querySentinelDown"; + + if (mHardJumpTo) { + com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:" + curSerial.toString()); + + header.addStringValue("querySentinelUp", curSerial.toString()); } else { - BigInteger nextRecNo = nextRec.getSerialNumber(); + if (nextRec == null) { + header.addStringValue(qs, null); + com.netscape.certsrv.apps.CMS.debug("nextRec is null"); + if (mReverse) { + com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:" + curSerial.toString()); - if (serialToVal.equals(MINUS_ONE)) { - header.addStringValue( - qs, nextRecNo.toString()); + header.addStringValue("querySentinelUp", curSerial.toString()); + } } else { - if (nextRecNo.compareTo(serialToVal) <= 0) { + BigInteger nextRecNo = nextRec.getSerialNumber(); + + if (serialToVal.equals(MINUS_ONE)) { header.addStringValue( - qs, nextRecNo.toString()); + qs, nextRecNo.toString()); } else { - header.addStringValue(qs, - null); + if (nextRecNo.compareTo(serialToVal) <= 0) { + header.addStringValue( + qs, nextRecNo.toString()); + } else { + header.addStringValue(qs, + null); + } } + com.netscape.certsrv.apps.CMS.debug("querySentinel " + qs + " = " + nextRecNo.toString()); } - com.netscape.certsrv.apps.CMS.debug("querySentinel "+qs+" = "+nextRecNo.toString()); - } - } // !mHardJumpto + } // !mHardJumpto - header.addStringValue(!mReverse? "querySentinelUp":"querySentinelDown", - firstSerial.toString()); + header.addStringValue(!mReverse ? "querySentinelUp" : "querySentinelDown", + firstSerial.toString()); } @@ -578,7 +583,7 @@ public class ListCerts extends CMSServlet { * Fills cert record into argument block. */ private void fillRecordIntoArg(ICertRecord rec, IArgBlock rarg) - throws EBaseException { + throws EBaseException { X509CertImpl xcert = rec.getCertificate(); @@ -586,9 +591,9 @@ public class ListCerts extends CMSServlet { fillX509RecordIntoArg(rec, rarg); } } - + private void fillX509RecordIntoArg(ICertRecord rec, IArgBlock rarg) - throws EBaseException { + throws EBaseException { X509CertImpl cert = rec.getCertificate(); @@ -631,12 +636,13 @@ public class ListCerts extends CMSServlet { rarg.addStringValue("signatureAlgorithm", cert.getSigAlgOID()); String issuedBy = rec.getIssuedBy(); - if (issuedBy == null) issuedBy = ""; + if (issuedBy == null) + issuedBy = ""; rarg.addStringValue("issuedBy", issuedBy); // cert.getIssuerDN().toString() rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000); rarg.addStringValue("revokedBy", - ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy())); + ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy())); if (rec.getRevokedOn() == null) { rarg.addStringValue("revokedOn", null); } else { @@ -665,4 +671,3 @@ public class ListCerts extends CMSServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java b/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java index db77d039..b248d2bd 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Calendar; import java.util.Date; @@ -51,10 +50,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Provide statistical queries of request and certificate records. - * + * * @version $Revision$, $Date$ */ public class Monitor extends CMSServlet { @@ -83,8 +81,8 @@ public class Monitor extends CMSServlet { /** * initialize the servlet. This servlet uses the template file - * 'monitor.template' to render the response. - * + * 'monitor.template' to render the response. + * * @param sc servlet configuration, read from the web.xml file */ @@ -111,8 +109,8 @@ public class Monitor extends CMSServlet { * Process the HTTP request. * <ul> * <li>http.param startTime start of time period to query - * <li>http.param endTime end of time period to query - * <li>http.param interval time between queries + * <li>http.param endTime end of time period to query + * <li>http.param interval time between queries * <li>http.param numberOfIntervals number of queries to run * <li>http.param maxResults =number * <li>http.param timeLimit =time @@ -130,10 +128,10 @@ public class Monitor extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -158,8 +156,8 @@ public class Monitor extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } @@ -172,7 +170,7 @@ public class Monitor extends CMSServlet { process(argSet, header, startTime, endTime, interval, numberOfIntervals, locale[0]); } catch (EBaseException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_PROCESSING_REQ", e.toString())); + CMS.getLogMessage("CMSGW_ERR_PROCESSING_REQ", e.toString())); error = e; } @@ -182,29 +180,29 @@ public class Monitor extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", + e.toString())); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - private void process(CMSTemplateParams argSet, IArgBlock header, - String startTime, String endTime, - String interval, String numberOfIntervals, - Locale locale) - throws EBaseException { + private void process(CMSTemplateParams argSet, IArgBlock header, + String startTime, String endTime, + String interval, String numberOfIntervals, + Locale locale) + throws EBaseException { if (interval == null || interval.length() == 0) { header.addStringValue("error", "Invalid interval: " + interval); return; @@ -270,7 +268,7 @@ public class Monitor extends CMSServlet { return; } - + Date nextDate(Date d, int seconds) { Date date = new Date((d.getTime()) + ((long) (seconds * 1000))); @@ -326,12 +324,12 @@ public class Monitor extends CMSServlet { mTotalReqs += count; } } catch (Exception ex) { - return "Exception: " + ex; + return "Exception: " + ex; } return null; } else { - return "Missing start or end date"; + return "Missing start or end date"; } } @@ -348,12 +346,12 @@ public class Monitor extends CMSServlet { int hour = Integer.parseInt(z.substring(8, 10)); int minute = Integer.parseInt(z.substring(10, 12)); int second = Integer.parseInt(z.substring(12, 14)); - Calendar calendar= Calendar.getInstance(); + Calendar calendar = Calendar.getInstance(); calendar.set(year, month, date, hour, minute, second); d = calendar.getTime(); } catch (NumberFormatException nfe) { } - } else if (z != null && z.length() > 1 && z.charAt(0) == '-') { // -5 + } else if (z != null && z.length() > 1 && z.charAt(0) == '-') { // -5 try { int i = Integer.parseInt(z); @@ -370,23 +368,27 @@ public class Monitor extends CMSServlet { Calendar calendar = Calendar.getInstance(); calendar.setTime(d); - String time = "" + (calendar.get(Calendar.YEAR)); int i = calendar.get(Calendar.MONTH) + 1; - if (i < 10) time += "0"; + if (i < 10) + time += "0"; time += i; - i = calendar.get(Calendar.DAY_OF_MONTH); - if (i < 10) time += "0"; + i = calendar.get(Calendar.DAY_OF_MONTH); + if (i < 10) + time += "0"; time += i; i = calendar.get(Calendar.HOUR_OF_DAY); - if (i < 10) time += "0"; + if (i < 10) + time += "0"; time += i; i = calendar.get(Calendar.MINUTE); - if (i < 10) time += "0"; + if (i < 10) + time += "0"; time += i; i = calendar.get(Calendar.SECOND); - if (i < 10) time += "0"; + if (i < 10) + time += "0"; time += i + "Z"; return time; } @@ -403,4 +405,3 @@ public class Monitor extends CMSServlet { return filter; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java index 50296cf1..db09fae9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Specify the RevocationReason when revoking a certificate - * + * * @version $Revision$, $Date$ */ public class ReasonToRevoke extends CMSServlet { @@ -75,9 +73,9 @@ public class ReasonToRevoke extends CMSServlet { } /** - * initialize the servlet. This servlet uses the template file - * 'reasonToRevoke.template' to render the response - * + * initialize the servlet. This servlet uses the template file + * 'reasonToRevoke.template' to render the response + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -108,13 +106,13 @@ public class ReasonToRevoke extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -130,10 +128,10 @@ public class ReasonToRevoke extends CMSServlet { mAuthzResourceName, "revoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -151,10 +149,10 @@ public class ReasonToRevoke extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -163,31 +161,26 @@ public class ReasonToRevoke extends CMSServlet { try { if (req.getParameter("totalRecordCount") != null) { - totalRecordCount = + totalRecordCount = Integer.parseInt(req.getParameter("totalRecordCount")); } revokeAll = req.getParameter("revokeAll"); - process(argSet, header, req, resp, - revokeAll, totalRecordCount, locale[0]); + process(argSet, header, req, resp, + revokeAll, totalRecordCount, locale[0]); } catch (EBaseException e) { error = e; } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_RECORD_COUNT_FORMAT")); error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); - } + } /* - catch (Exception e) { - noError = false; - header.addStringValue(OUT_ERROR, - MessageFormatter.getLocalizedString( - errorlocale[0], - BaseResources.class.getName(), - BaseResources.INTERNAL_ERROR_1, - e.toString())); - } + * catch (Exception e) { noError = false; + * header.addStringValue(OUT_ERROR, MessageFormatter.getLocalizedString( + * errorlocale[0], BaseResources.class.getName(), + * BaseResources.INTERNAL_ERROR_1, e.toString())); } */ try { @@ -196,30 +189,30 @@ public class ReasonToRevoke extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, - HttpServletResponse resp, - String revokeAll, int totalRecordCount, - Locale locale) - throws EBaseException { + HttpServletRequest req, + HttpServletResponse resp, + String revokeAll, int totalRecordCount, + Locale locale) + throws EBaseException { header.addStringValue("revokeAll", revokeAll); header.addIntegerValue("totalRecordCount", totalRecordCount); @@ -238,14 +231,14 @@ public class ReasonToRevoke extends CMSServlet { if (isCertFromCA(caCert)) { header.addStringValue("caSerialNumber", - caCert.getSerialNumber().toString(16)); + caCert.getSerialNumber().toString(16)); } } /** - ICertRecordList list = mCertDB.findCertRecordsInList( - revokeAll, null, totalRecordCount); - Enumeration e = list.getCertRecords(0, totalRecordCount - 1); + * ICertRecordList list = mCertDB.findCertRecordsInList( revokeAll, + * null, totalRecordCount); Enumeration e = list.getCertRecords(0, + * totalRecordCount - 1); **/ Enumeration e = mCertDB.searchCertificates(revokeAll, totalRecordCount, mTimeLimits); @@ -265,16 +258,16 @@ public class ReasonToRevoke extends CMSServlet { count++; IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("serialNumber", - xcert.getSerialNumber().toString(16)); - rarg.addStringValue("serialNumberDecimal", - xcert.getSerialNumber().toString()); - rarg.addStringValue("subject", - xcert.getSubjectDN().toString()); - rarg.addLongValue("validNotBefore", - xcert.getNotBefore().getTime() / 1000); - rarg.addLongValue("validNotAfter", - xcert.getNotAfter().getTime() / 1000); + rarg.addStringValue("serialNumber", + xcert.getSerialNumber().toString(16)); + rarg.addStringValue("serialNumberDecimal", + xcert.getSerialNumber().toString()); + rarg.addStringValue("subject", + xcert.getSubjectDN().toString()); + rarg.addLongValue("validNotBefore", + xcert.getNotBefore().getTime() / 1000); + rarg.addLongValue("validNotAfter", + xcert.getNotAfter().getTime() / 1000); argSet.addRepeatRecord(rarg); } } @@ -288,4 +281,3 @@ public class ReasonToRevoke extends CMSServlet { return; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java index 9c414b9c..c1d95acf 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Calendar; import java.util.Date; @@ -54,7 +53,6 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Allow agent to turn on/off authentication managers * @@ -89,11 +87,11 @@ public class RemoteAuthConfig extends CMSServlet { /** * Initializes the servlet. - * - * Presence of "auths.enableRemoteConfiguration=true" in CMS.cfg - * enables remote configuration for authentication plugins. - * List of remotely set instances can be found in CMS.cfg - * at "auths.remotelySetInstances=<name1>,<name2>,...,<nameN>" + * + * Presence of "auths.enableRemoteConfiguration=true" in CMS.cfg enables + * remote configuration for authentication plugins. List of remotely set + * instances can be found in CMS.cfg at + * "auths.remotelySetInstances=<name1>,<name2>,...,<nameN>" */ public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -104,7 +102,8 @@ public class RemoteAuthConfig extends CMSServlet { try { mEnableRemoteConfiguration = mAuthConfig.getBoolean(ENABLE_REMOTE_CONFIG, false); } catch (EBaseException eb) { - // Thanks to design of getBoolean we have to catch but we will never get anything. + // Thanks to design of getBoolean we have to catch but we will never + // get anything. } String remoteList = null; @@ -112,7 +111,8 @@ public class RemoteAuthConfig extends CMSServlet { try { remoteList = mAuthConfig.getString(REMOTELY_SET_INSTANCES, null); } catch (EBaseException eb) { - // Thanks to design of getString we have to catch but we will never get anything. + // Thanks to design of getString we have to catch but we will never + // get anything. } if (remoteList != null) { StringTokenizer s = new StringTokenizer(remoteList, ","); @@ -133,16 +133,10 @@ public class RemoteAuthConfig extends CMSServlet { /** * Serves HTTPS request. The format of this request is as follows: - * https://host:ee-port/remoteAuthConfig? - * op="add"|"delete"& - * instance=<instanceName>& - * of=<authPluginName>& - * host=<hostName>& - * port=<portNumber>& - * password=<password>& - * [adminDN=<adminDN>]& - * [uid=<uid>]& - * [baseDN=<baseDN>] + * https://host:ee-port/remoteAuthConfig? op="add"|"delete"& + * instance=<instanceName>& of=<authPluginName>& host=<hostName>& + * port=<portNumber>& password=<password>& [adminDN=<adminDN>]& [uid=<uid>]& + * [baseDN=<baseDN>] */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); @@ -201,7 +195,7 @@ public class RemoteAuthConfig extends CMSServlet { } } else { header.addStringValue("error", "Unknown instance " + - instance + "."); + instance + "."); } } else { header.addStringValue("error", "Unknown plugin name: " + plugin); @@ -217,7 +211,7 @@ public class RemoteAuthConfig extends CMSServlet { } if (isInstanceListed(instance)) { header.addStringValue("error", "Instance name " + - instance + " is already in use."); + instance + " is already in use."); } else { errMsg = addInstance(instance, plugin, host, port, baseDN, @@ -253,7 +247,7 @@ public class RemoteAuthConfig extends CMSServlet { } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -263,15 +257,15 @@ public class RemoteAuthConfig extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private String authenticateRemoteAdmin(String host, String port, - String adminDN, String password) { + String adminDN, String password) { if (host == null || host.length() == 0) { return "Missing host name."; } @@ -339,13 +333,11 @@ public class RemoteAuthConfig extends CMSServlet { } catch (LDAPException e) { /* - switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - case LDAPException.INVALID_CREDENTIALS: - case LDAPException.INSUFFICIENT_ACCESS_RIGHTS: - case LDAPException.LDAP_PARTIAL_RESULTS: - default: - } + * switch (e.getLDAPResultCode()) { case + * LDAPException.NO_SUCH_OBJECT: case + * LDAPException.INVALID_CREDENTIALS: case + * LDAPException.INSUFFICIENT_ACCESS_RIGHTS: case + * LDAPException.LDAP_PARTIAL_RESULTS: default: } */ c.disconnect(); return "LDAP error: " + e.toString(); @@ -362,8 +354,8 @@ public class RemoteAuthConfig extends CMSServlet { } private String authenticateRemoteAdmin(String host, String port, - String uid, String baseDN, - String password) { + String uid, String baseDN, + String password) { if (host == null || host.length() == 0) { return "Missing host name."; } @@ -473,8 +465,8 @@ public class RemoteAuthConfig extends CMSServlet { } private String addInstance(String instance, String plugin, - String host, String port, - String baseDN, String dnPattern) { + String host, String port, + String baseDN, String dnPattern) { if (host == null || host.length() == 0) { return "Missing host name."; } @@ -516,7 +508,8 @@ public class RemoteAuthConfig extends CMSServlet { StringBuffer list = new StringBuffer(); for (int i = 0; i < mRemotelySetInstances.size(); i++) { - if (i > 0) list.append(","); + if (i > 0) + list.append(","); list.append((String) mRemotelySetInstances.elementAt(i)); } @@ -542,7 +535,8 @@ public class RemoteAuthConfig extends CMSServlet { StringBuffer list = new StringBuffer(); for (int i = 0; i < mRemotelySetInstances.size(); i++) { - if (i > 0) list.append(","); + if (i > 0) + list.append(","); list.append((String) mRemotelySetInstances.elementAt(i)); } @@ -602,17 +596,21 @@ public class RemoteAuthConfig extends CMSServlet { int y = now.get(Calendar.YEAR); String name = "R" + y; - if (now.get(Calendar.MONTH) < 10) name += "0"; + if (now.get(Calendar.MONTH) < 10) + name += "0"; name += now.get(Calendar.MONTH); - if (now.get(Calendar.DAY_OF_MONTH) < 10) name += "0"; + if (now.get(Calendar.DAY_OF_MONTH) < 10) + name += "0"; name += now.get(Calendar.DAY_OF_MONTH); - if (now.get(Calendar.HOUR_OF_DAY) < 10) name += "0"; + if (now.get(Calendar.HOUR_OF_DAY) < 10) + name += "0"; name += now.get(Calendar.HOUR_OF_DAY); - if (now.get(Calendar.MINUTE) < 10) name += "0"; + if (now.get(Calendar.MINUTE) < 10) + name += "0"; name += now.get(Calendar.MINUTE); - if (now.get(Calendar.SECOND) < 10) name += "0"; + if (now.get(Calendar.SECOND) < 10) + name += "0"; name += now.get(Calendar.SECOND); return name; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java index 050dd36d..e603103a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateException; @@ -59,7 +58,7 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller; /** * Certificate Renewal - * + * * @version $Revision$, $Date$ */ public class RenewalServlet extends CMSServlet { @@ -69,29 +68,27 @@ public class RenewalServlet extends CMSServlet { private static final long serialVersionUID = -3094124661102395244L; // renewal templates. - public static final String - RENEWAL_SUCCESS_TEMPLATE = "RenewalSuccess.template"; + public static final String RENEWAL_SUCCESS_TEMPLATE = "RenewalSuccess.template"; - // http params + // http params public static final String CERT_TYPE = "certType"; public static final String SERIAL_NO = "serialNo"; - // XXX can't do pkcs10 cause it's got no serial no. + // XXX can't do pkcs10 cause it's got no serial no. // (unless put serial no in pki attributes) - // public static final String PKCS10 = "pkcs10"; + // public static final String PKCS10 = "pkcs10"; public static final String IMPORT_CERT = "importCert"; private String mRenewalSuccessTemplate = RENEWAL_SUCCESS_TEMPLATE; - private ICMSTemplateFiller - mRenewalSuccessFiller = new ImportCertsTemplateFiller(); + private ICMSTemplateFiller mRenewalSuccessFiller = new ImportCertsTemplateFiller(); public RenewalServlet() { super(); } /** - * initialize the servlet. This servlet makes use of the - * template file "RenewalSuccess.template" to render the - * response + * initialize the servlet. This servlet makes use of the template file + * "RenewalSuccess.template" to render the response + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -103,43 +100,42 @@ public class RenewalServlet extends CMSServlet { PROP_SUCCESS_TEMPLATE); if (mRenewalSuccessTemplate == null) mRenewalSuccessTemplate = RENEWAL_SUCCESS_TEMPLATE; - String fillername = - sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); + String fillername = + sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); if (fillername != null) { ICMSTemplateFiller filler = newFillerObject(fillername); - if (filler != null) + if (filler != null) mRenewalSuccessFiller = filler; } } catch (Exception e) { - // this should never happen. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), - mId)); + // this should never happen. + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), + mId)); } } - /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { long startTime = CMS.getCurrentDate().getTime(); IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); - // renewal requires either: - // - coming from ee: - // - old cert from ssl client auth - // - old certs from auth manager - // - coming from agent or trusted RA: - // - serial no of cert to be renewed. - + // renewal requires either: + // - coming from ee: + // - old cert from ssl client auth + // - old certs from auth manager + // - coming from agent or trusted RA: + // - serial no of cert to be renewed. + BigInteger old_serial_no = null; X509CertImpl old_cert = null; X509CertImpl renewed_cert = null; @@ -156,10 +152,10 @@ public class RenewalServlet extends CMSServlet { mAuthzResourceName, "renew"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -174,7 +170,7 @@ public class RenewalServlet extends CMSServlet { authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); } - // coming from agent + // coming from agent if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { X509Certificate[] cert = new X509Certificate[1]; @@ -190,7 +186,7 @@ public class RenewalServlet extends CMSServlet { int endDate = httpParams.getValueAsInt("endDate", -1); if (beginYear != -1 && beginMonth != -1 && beginDate != -1 && - endYear != -1 && endMonth != -1 && endDate != -1) { + endYear != -1 && endMonth != -1 && endDate != -1) { Calendar calendar = Calendar.getInstance(); calendar.set(beginYear, beginMonth, beginDate); notBefore = calendar.getTime(); @@ -199,7 +195,7 @@ public class RenewalServlet extends CMSServlet { } } // coming from client else { - // from auth manager + // from auth manager X509CertImpl[] cert = new X509CertImpl[1]; old_serial_no = getCertFromAuthMgr(authToken, cert); @@ -213,44 +209,44 @@ public class RenewalServlet extends CMSServlet { X509CertInfo new_certInfo = null; req = mRequestQueue.newRequest(IRequest.RENEWAL_REQUEST); - req.setExtData(IRequest.OLD_SERIALS, new BigInteger[] {old_serial_no}); + req.setExtData(IRequest.OLD_SERIALS, new BigInteger[] { old_serial_no }); if (old_cert != null) { req.setExtData(IRequest.OLD_CERTS, - new X509CertImpl[] { old_cert } - ); - // create new certinfo from old_cert contents. + new X509CertImpl[] { old_cert } + ); + // create new certinfo from old_cert contents. X509CertInfo old_certInfo = (X509CertInfo) - ((X509CertImpl) old_cert).get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + ((X509CertImpl) old_cert).get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); new_certInfo = new X509CertInfo(old_certInfo.getEncodedInfo()); } else { - // if no old cert (came from RA agent) create new cert info - // (serializable) to pass through policies. And set the old + // if no old cert (came from RA agent) create new cert info + // (serializable) to pass through policies. And set the old // serial number to pick up. new_certInfo = new CertInfo(); - new_certInfo.set(X509CertInfo.SERIAL_NUMBER, - new CertificateSerialNumber(old_serial_no)); + new_certInfo.set(X509CertInfo.SERIAL_NUMBER, + new CertificateSerialNumber(old_serial_no)); } - + if (notBefore == null || notAfter == null) { notBefore = new Date(0); notAfter = new Date(0); } - new_certInfo.set(X509CertInfo.VALIDITY, - new CertificateValidity(notBefore, notAfter)); + new_certInfo.set(X509CertInfo.VALIDITY, + new CertificateValidity(notBefore, notAfter)); req.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { new_certInfo } - ); + ); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR")); } saveHttpHeaders(httpReq, req); @@ -259,7 +255,7 @@ public class RenewalServlet extends CMSServlet { saveAuthToken(authToken, req); cmsReq.setIRequest(req); - // send request to request queue. + // send request to request queue. mRequestQueue.processRequest(req); // for audit log @@ -269,12 +265,12 @@ public class RenewalServlet extends CMSServlet { if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { agentID = authToken.getInString("userid"); initiative = AuditFormat.FROMAGENT + " agentID: " + agentID; - }else { + } else { // request is from eegateway, so fromUser. initiative = AuditFormat.FROMUSER; } - // check resulting status + // check resulting status RequestStatus status = req.getRequestStatus(); if (status != RequestStatus.COMPLETE) { @@ -292,92 +288,92 @@ public class RenewalServlet extends CMSServlet { wholeMsg.append(msgs.nextElement()); } - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "violation: " + - wholeMsg.toString()} - // wholeMsg}, - // ILogger.L_MULTILINE - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "violation: " + + wholeMsg.toString() } + // wholeMsg}, + // ILogger.L_MULTILINE + ); } else { // no policy violation, from agent mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "" } + ); + } + } else { // other imcomplete status + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.RENEWALFORMAT, new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "" } - ); - } - } else { // other imcomplete status - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "" } - ); + req.getRequestId(), + initiative, + authMgr, + status.toString(), + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "" } + ); } return; } - // service error + // service error Integer result = req.getExtDataInInteger(IRequest.RESULT); CMS.debug( - "RenewalServlet: Result for request " + req.getRequestId() + " is " + result); + "RenewalServlet: Result for request " + req.getRequestId() + " is " + result); if (result.equals(IRequest.RES_ERROR)) { CMS.debug( - "RenewalServlet: Result for request " + req.getRequestId() + " is error."); + "RenewalServlet: Result for request " + req.getRequestId() + " is error."); cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(req.getExtDataInString(IRequest.ERROR)); String[] svcErrors = - req.getExtDataInStringArray(IRequest.SVCERRORS); + req.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - //System.out.println( - //"revocation servlet: setting error description "+ - //err.toString()); + // System.out.println( + // "revocation servlet: setting error description "+ + // err.toString()); cmsReq.setErrorDescription(err); mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed with error: " + - err, - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "" } - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed with error: " + + err, + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "" } + ); } } @@ -393,31 +389,31 @@ public class RenewalServlet extends CMSServlet { long endTime = CMS.getCurrentDate().getTime(); mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed", - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "new serial number: 0x" + - renewed_cert.getSerialNumber().toString(16) + " time: " + (endTime - startTime)} - ); + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed", + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "new serial number: 0x" + + renewed_cert.getSerialNumber().toString(16) + " time: " + (endTime - startTime) } + ); return; } private void respondSuccess( - CMSRequest cmsReq, X509CertImpl renewed_cert) - throws EBaseException { - cmsReq.setResult(new X509CertImpl[] {renewed_cert} - ); + CMSRequest cmsReq, X509CertImpl renewed_cert) + throws EBaseException { + cmsReq.setResult(new X509CertImpl[] { renewed_cert } + ); cmsReq.setStatus(CMSRequest.SUCCESS); - // check if cert should be imported. - // browser must have input type set to nav or cartman since + // check if cert should be imported. + // browser must have input type set to nav or cartman since // there's no other way to tell IArgBlock httpParams = cmsReq.getHttpParams(); @@ -425,45 +421,45 @@ public class RenewalServlet extends CMSServlet { String certType = httpParams.getValueAsString(CERT_TYPE, "client"); String agent = httpReq.getHeader("user-agent"); - if (checkImportCertToNav(cmsReq.getHttpResp(), + if (checkImportCertToNav(cmsReq.getHttpResp(), httpParams, renewed_cert)) { return; } else { try { - renderTemplate(cmsReq, - mRenewalSuccessTemplate, mRenewalSuccessFiller); + renderTemplate(cmsReq, + mRenewalSuccessTemplate, mRenewalSuccessFiller); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1", - mRenewalSuccessTemplate, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1", + mRenewalSuccessTemplate, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } return; } - protected BigInteger getRenewedCert(ICertRecord certRec) - throws EBaseException { + protected BigInteger getRenewedCert(ICertRecord certRec) + throws EBaseException { BigInteger renewedCert = null; String serial = null; - MetaInfo meta = certRec.getMetaInfo(); + MetaInfo meta = certRec.getMetaInfo(); if (meta == null) { - log(ILogger.LL_INFO, - "no meta info in cert serial 0x" + certRec.getSerialNumber().toString(16)); + log(ILogger.LL_INFO, + "no meta info in cert serial 0x" + certRec.getSerialNumber().toString(16)); return null; } serial = (String) meta.get(ICertRecord.META_RENEWED_CERT); if (serial == null) { - log(ILogger.LL_INFO, - "no renewed cert in cert 0x" + certRec.getSerialNumber().toString(16)); + log(ILogger.LL_INFO, + "no renewed cert in cert 0x" + certRec.getSerialNumber().toString(16)); return null; } renewedCert = new BigInteger(serial); - log(ILogger.LL_INFO, - "renewed cert serial 0x" + renewedCert.toString(16) + "found for 0x" + - certRec.getSerialNumber().toString(16)); + log(ILogger.LL_INFO, + "renewed cert serial 0x" + renewedCert.toString(16) + "found for 0x" + + certRec.getSerialNumber().toString(16)); return renewedCert; } @@ -471,27 +467,27 @@ public class RenewalServlet extends CMSServlet { * get certs to renew from agent. */ private BigInteger getCertFromAgent( - IArgBlock httpParams, X509Certificate[] certContainer) - throws EBaseException { + IArgBlock httpParams, X509Certificate[] certContainer) + throws EBaseException { BigInteger serialno = null; X509Certificate cert = null; // get serial no serialno = httpParams.getValueAsBigInteger(SERIAL_NO, null); if (serialno == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_RENEW")); + CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_RENEW")); } // get cert from db if we're cert authority. if (mAuthority instanceof ICertificateAuthority) { cert = getX509Certificate(serialno); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW_1", serialno.toString(16))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW_1", serialno.toString(16))); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL")); } } certContainer[0] = cert; @@ -502,23 +498,23 @@ public class RenewalServlet extends CMSServlet { * get cert to renew from auth manager */ private BigInteger getCertFromAuthMgr( - IAuthToken authToken, X509Certificate[] certContainer) - throws EBaseException { + IAuthToken authToken, X509Certificate[] certContainer) + throws EBaseException { X509CertImpl cert = - authToken.getInCert(AuthToken.TOKEN_CERT); + authToken.getInCert(AuthToken.TOKEN_CERT); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTS_RENEW_FROM_AUTHMGR")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_CERTS_RENEW_FROM_AUTHMGR")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR")); + CMS.getUserMessage("CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR")); } - if (mAuthority instanceof ICertificateAuthority && - !isCertFromCA(cert)) { + if (mAuthority instanceof ICertificateAuthority && + !isCertFromCA(cert)) { log(ILogger.LL_FAILURE, "certficate from auth manager for " + - " renewal is not from this ca."); + " renewal is not from this ca."); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL")); } certContainer[0] = cert; BigInteger serialno = ((X509Certificate) cert).getSerialNumber(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java index 9b39acc7..78d2b8b9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateEncodingException; @@ -57,10 +56,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Perform the first step in revoking a certificate - * + * * @version $Revision$, $Date$ */ public class RevocationServlet extends CMSServlet { @@ -72,11 +70,11 @@ public class RevocationServlet extends CMSServlet { // revocation templates. private final static String TPL_FILE = "reasonToRevoke.template"; - // http params + // http params public static final String SERIAL_NO = "serialNo"; - // XXX can't do pkcs10 cause it's got no serial no. + // XXX can't do pkcs10 cause it's got no serial no. // (unless put serial no in pki attributes) - // public static final String PKCS10 = "pkcs10"; + // public static final String PKCS10 = "pkcs10"; public static final String REASON_CODE = "reasonCode"; private String mFormPath = null; @@ -85,15 +83,14 @@ public class RevocationServlet extends CMSServlet { private Random mRandom = null; private Nonces mNonces = null; - public RevocationServlet() { super(); } /** - * initialize the servlet. This servlet uses - * the template file "reasonToRevoke.template" to render the - * result. + * initialize the servlet. This servlet uses the template file + * "reasonToRevoke.template" to render the result. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -115,7 +112,7 @@ public class RevocationServlet extends CMSServlet { } } - // set to false by revokeByDN=false in web.xml + // set to false by revokeByDN=false in web.xml mRevokeByDN = false; String tmp = sc.getInitParameter(PROP_REVOKEBYDN); @@ -127,28 +124,27 @@ public class RevocationServlet extends CMSServlet { } } - /** - * Process the HTTP request. Note that this servlet does not - * actually perform the certificate revocation. This is the first - * step in the multi-step revocation process. (the next step is - * in the ReasonToRevoke servlet. - * + * Process the HTTP request. Note that this servlet does not actually + * perform the certificate revocation. This is the first step in the + * multi-step revocation process. (the next step is in the ReasonToRevoke + * servlet. + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); - // revocation requires either: - // - coming from ee: - // - old cert from ssl client auth - // - old certs from auth manager - // - coming from agent or trusted RA: - // - serial no of cert to be revoked. - + // revocation requires either: + // - coming from ee: + // - old cert from ssl client auth + // - old certs from auth manager + // - coming from agent or trusted RA: + // - serial no of cert to be revoked. + BigInteger old_serial_no = null; X509CertImpl old_cert = null; String revokeAll = null; @@ -159,10 +155,10 @@ public class RevocationServlet extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -178,18 +174,18 @@ public class RevocationServlet extends CMSServlet { mAuthzResourceName, "submit"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - - // coming from agent + + // coming from agent if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { X509Certificate[] cert = new X509Certificate[1]; @@ -197,22 +193,24 @@ public class RevocationServlet extends CMSServlet { old_cert = (X509CertImpl) cert[0]; } // coming from client else { - // from auth manager + // from auth manager X509CertImpl[] cert = new X509CertImpl[1]; - + old_serial_no = getCertFromAuthMgr(authToken, cert); old_cert = cert[0]; } header.addStringValue("serialNumber", old_cert.getSerialNumber().toString(16)); header.addStringValue("serialNumberDecimal", old_cert.getSerialNumber().toString()); - // header.addStringValue("subject", old_cert.getSubjectDN().toString()); - // header.addLongValue("validNotBefore", old_cert.getNotBefore().getTime()/1000); - // header.addLongValue("validNotAfter", old_cert.getNotAfter().getTime()/1000); + // header.addStringValue("subject", old_cert.getSubjectDN().toString()); + // header.addLongValue("validNotBefore", + // old_cert.getNotBefore().getTime()/1000); + // header.addLongValue("validNotAfter", + // old_cert.getNotAfter().getTime()/1000); if (mNonces != null) { long n = mRandom.nextLong(); - long m = mNonces.addNonce(n, (X509Certificate)old_cert); + long m = mNonces.addNonce(n, (X509Certificate) old_cert); if ((n + m) != 0) { header.addStringValue("nonce", Long.toString(m)); } @@ -229,12 +227,12 @@ public class RevocationServlet extends CMSServlet { } else if (mAuthority instanceof IRegistrationAuthority) { IRequest req = mRequestQueue.newRequest(IRequest.GETCERTS_REQUEST); String filter = "(&(" + ICertRecord.ATTR_X509CERT + "." + - X509CertInfo.SUBJECT + "=" + - old_cert.getSubjectDN().toString() + ")(|(" + - ICertRecord.ATTR_CERT_STATUS + "=" + - ICertRecord.STATUS_VALID + ")(" + - ICertRecord.ATTR_CERT_STATUS + "=" + - ICertRecord.STATUS_EXPIRED + ")))"; + X509CertInfo.SUBJECT + "=" + + old_cert.getSubjectDN().toString() + ")(|(" + + ICertRecord.ATTR_CERT_STATUS + "=" + + ICertRecord.STATUS_VALID + ")(" + + ICertRecord.ATTR_CERT_STATUS + "=" + + ICertRecord.STATUS_EXPIRED + ")))"; req.setExtData(IRequest.CERT_FILTER, filter); mRequestQueue.processRequest(req); @@ -271,8 +269,8 @@ public class RevocationServlet extends CMSServlet { if (!noInfo && (certsToRevoke == null || certsToRevoke.length == 0 || (!authorized))) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CA_CERT_ALREADY_REVOKED_1", old_serial_no.toString(16))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CA_CERT_ALREADY_REVOKED_1", old_serial_no.toString(16))); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CERT_ALREADY_REVOKED")); } @@ -296,15 +294,15 @@ public class RevocationServlet extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addStringValue("serialNumber", - certsToRevoke[i].getSerialNumber().toString(16)); + certsToRevoke[i].getSerialNumber().toString(16)); rarg.addStringValue("serialNumberDecimal", - certsToRevoke[i].getSerialNumber().toString()); + certsToRevoke[i].getSerialNumber().toString()); rarg.addStringValue("subject", - certsToRevoke[i].getSubjectDN().toString()); + certsToRevoke[i].getSubjectDN().toString()); rarg.addLongValue("validNotBefore", - certsToRevoke[i].getNotBefore().getTime() / 1000); + certsToRevoke[i].getNotBefore().getTime() / 1000); rarg.addLongValue("validNotAfter", - certsToRevoke[i].getNotAfter().getTime() / 1000); + certsToRevoke[i].getNotAfter().getTime() / 1000); argSet.addRepeatRecord(rarg); } } else { @@ -313,7 +311,7 @@ public class RevocationServlet extends CMSServlet { } // set revocation reason, default to unspecified if not set. - int reasonCode = httpParams.getValueAsInt(REASON_CODE, 0); + int reasonCode = httpParams.getValueAsInt(REASON_CODE, 0); header.addIntegerValue("reason", reasonCode); @@ -324,10 +322,10 @@ public class RevocationServlet extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } return; @@ -337,28 +335,28 @@ public class RevocationServlet extends CMSServlet { * get cert to revoke from agent. */ private BigInteger getCertFromAgent( - IArgBlock httpParams, X509Certificate[] certContainer) - throws EBaseException { + IArgBlock httpParams, X509Certificate[] certContainer) + throws EBaseException { BigInteger serialno = null; X509Certificate cert = null; // get serial no serialno = httpParams.getValueAsBigInteger(SERIAL_NO, null); if (serialno == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE")); + CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE")); } // get cert from db if we're cert authority. if (mAuthority instanceof ICertificateAuthority) { cert = getX509Certificate(serialno); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); } } certContainer[0] = cert; @@ -369,22 +367,22 @@ public class RevocationServlet extends CMSServlet { * get cert to revoke from auth manager */ private BigInteger getCertFromAuthMgr( - IAuthToken authToken, X509Certificate[] certContainer) - throws EBaseException { + IAuthToken authToken, X509Certificate[] certContainer) + throws EBaseException { X509CertImpl cert = - authToken.getInCert(AuthToken.TOKEN_CERT); + authToken.getInCert(AuthToken.TOKEN_CERT); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); + CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); } - if (mAuthority instanceof ICertificateAuthority && - !isCertFromCA(cert)) { + if (mAuthority instanceof ICertificateAuthority && + !isCertFromCA(cert)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); } certContainer[0] = cert; BigInteger serialno = ((X509Certificate) cert).getSerialNumber(); @@ -393,4 +391,3 @@ public class RevocationServlet extends CMSServlet { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java index 3a571d44..bd983a6c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.util.Locale; import javax.servlet.http.HttpServletRequest; @@ -31,21 +30,13 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ICMSTemplateFiller; - /** - * Certificates Template filler. - * must have list of certificates in result. - * looks at inputs: certtype. - * outputs: - * - cert type from http input (if any) - * - CA chain - * - authority name (RM, CM, DRM) - * - scheme:host:port of server. - * array of one or more - * - cert serial number - * - cert pretty print - * - cert in base 64 encoding. - * - cmmf blob to import + * Certificates Template filler. must have list of certificates in result. looks + * at inputs: certtype. outputs: - cert type from http input (if any) - CA chain + * - authority name (RM, CM, DRM) - scheme:host:port of server. array of one or + * more - cert serial number - cert pretty print - cert in base 64 encoding. - + * cmmf blob to import + * * @version $Revision$, $Date$ */ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller { @@ -61,12 +52,12 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller { * @param e unexpected exception e. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) - throws Exception { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) + throws Exception { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); - // set host name and port. + // set host name and port. HttpServletRequest httpReq = cmsReq.getHttpReq(); String host = httpReq.getServerName(); int port = httpReq.getServerPort(); @@ -77,15 +68,15 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller { fixed.set(ICMSTemplateFiller.SCHEME, scheme); // this authority - fixed.set(ICMSTemplateFiller.AUTHORITY, - (String) authority.getOfficialName()); + fixed.set(ICMSTemplateFiller.AUTHORITY, + (String) authority.getOfficialName()); // XXX CA chain. - RevokedCertImpl[] revoked = - (RevokedCertImpl[]) cmsReq.getResult(); + RevokedCertImpl[] revoked = + (RevokedCertImpl[]) cmsReq.getResult(); - // revoked certs. + // revoked certs. for (int i = 0; i < revoked.length; i++) { IArgBlock repeat = CMS.createArgBlock(); @@ -96,4 +87,3 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller { return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java index 17bad7a1..dfd735f0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.PublicKey; @@ -61,10 +60,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Search for certificates matching complex query filter - * + * * @version $Revision$, $Date$ */ public class SrchCerts extends CMSServlet { @@ -96,8 +94,9 @@ public class SrchCerts extends CMSServlet { } /** - * initialize the servlet. This servlet uses srchCert.template - * to render the response + * initialize the servlet. This servlet uses srchCert.template to render the + * response + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -140,20 +139,20 @@ public class SrchCerts extends CMSServlet { /* do nothing, just use the default if integer parsing failed */ } - /* useClientFilter should be off by default. We keep - this parameter around so that we do not break - the client applications that submits raw LDAP - filter into this servlet. */ + /* + * useClientFilter should be off by default. We keep this parameter + * around so that we do not break the client applications that submits + * raw LDAP filter into this servlet. + */ if (sc.getInitParameter("useClientFilter") != null && - sc.getInitParameter("useClientFilter").equalsIgnoreCase("true")) { + sc.getInitParameter("useClientFilter").equalsIgnoreCase("true")) { mUseClientFilter = true; } } - private boolean isOn(HttpServletRequest req, String name) - { + private boolean isOn(HttpServletRequest req, String name) { String inUse = req.getParameter(name); - if (inUse == null) { + if (inUse == null) { return false; } if (inUse.equals("on")) { @@ -162,10 +161,9 @@ public class SrchCerts extends CMSServlet { return false; } - private boolean isOff(HttpServletRequest req, String name) - { + private boolean isOff(HttpServletRequest req, String name) { String inUse = req.getParameter(name); - if (inUse == null) { + if (inUse == null) { return false; } if (inUse.equals("off")) { @@ -174,8 +172,7 @@ public class SrchCerts extends CMSServlet { return false; } - private void buildCertStatusFilter(HttpServletRequest req, StringBuffer filter) - { + private void buildCertStatusFilter(HttpServletRequest req, StringBuffer filter) { if (!isOn(req, "statusInUse")) { return; } @@ -185,8 +182,7 @@ public class SrchCerts extends CMSServlet { filter.append(")"); } - private void buildProfileFilter(HttpServletRequest req, StringBuffer filter) - { + private void buildProfileFilter(HttpServletRequest req, StringBuffer filter) { if (!isOn(req, "profileInUse")) { return; } @@ -196,16 +192,14 @@ public class SrchCerts extends CMSServlet { filter.append(")"); } - private void buildBasicConstraintsFilter(HttpServletRequest req, StringBuffer filter) - { + private void buildBasicConstraintsFilter(HttpServletRequest req, StringBuffer filter) { if (!isOn(req, "basicConstraintsInUse")) { return; } filter.append("(x509cert.BasicConstraints.isCA=on)"); } - private void buildSerialNumberRangeFilter(HttpServletRequest req, StringBuffer filter) - { + private void buildSerialNumberRangeFilter(HttpServletRequest req, StringBuffer filter) { if (!isOn(req, "serialNumberRangeInUse")) { return; } @@ -225,9 +219,8 @@ public class SrchCerts extends CMSServlet { } } - private void buildAVAFilter(HttpServletRequest req, String paramName, - String avaName, StringBuffer lf, String match) - { + private void buildAVAFilter(HttpServletRequest req, String paramName, + String avaName, StringBuffer lf, String match) { String val = req.getParameter(paramName); if (val != null && !val.equals("")) { if (match != null && match.equals("exact")) { @@ -254,8 +247,7 @@ public class SrchCerts extends CMSServlet { } } - private void buildSubjectFilter(HttpServletRequest req, StringBuffer filter) - { + private void buildSubjectFilter(HttpServletRequest req, StringBuffer filter) { if (!isOn(req, "subjectInUse")) { return; } @@ -286,9 +278,8 @@ public class SrchCerts extends CMSServlet { } } - private void buildRevokedByFilter(HttpServletRequest req, - StringBuffer filter) - { + private void buildRevokedByFilter(HttpServletRequest req, + StringBuffer filter) { if (!isOn(req, "revokedByInUse")) { return; } @@ -302,10 +293,9 @@ public class SrchCerts extends CMSServlet { } } - private void buildDateFilter(HttpServletRequest req, String prefix, + private void buildDateFilter(HttpServletRequest req, String prefix, String outStr, long adjustment, - StringBuffer filter) - { + StringBuffer filter) { String queryCertFilter = null; long epoch = 0; try { @@ -324,19 +314,17 @@ public class SrchCerts extends CMSServlet { } private void buildRevokedOnFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "revokedOnInUse")) { return; } buildDateFilter(req, "revokedOnFrom", "certRevokedOn>=", 0, filter); - buildDateFilter(req, "revokedOnTo", "certRevokedOn<=", 86399999, + buildDateFilter(req, "revokedOnTo", "certRevokedOn<=", 86399999, filter); } private void buildRevocationReasonFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "revocationReasonInUse")) { return; } @@ -347,23 +335,22 @@ public class SrchCerts extends CMSServlet { String queryCertFilter = null; StringTokenizer st = new StringTokenizer(reasons, ","); if (st.hasMoreTokens()) { - filter.append("(|"); - while (st.hasMoreTokens()) { - String token = st.nextToken(); - if (queryCertFilter == null) { - queryCertFilter = ""; - } - filter.append("(x509cert.certRevoInfo="); - filter.append(token); - filter.append(")"); - } - filter.append(")"); + filter.append("(|"); + while (st.hasMoreTokens()) { + String token = st.nextToken(); + if (queryCertFilter == null) { + queryCertFilter = ""; + } + filter.append("(x509cert.certRevoInfo="); + filter.append(token); + filter.append(")"); + } + filter.append(")"); } } - private void buildIssuedByFilter(HttpServletRequest req, - StringBuffer filter) - { + private void buildIssuedByFilter(HttpServletRequest req, + StringBuffer filter) { if (!isOn(req, "issuedByInUse")) { return; } @@ -378,43 +365,39 @@ public class SrchCerts extends CMSServlet { } private void buildIssuedOnFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "issuedOnInUse")) { return; } buildDateFilter(req, "issuedOnFrom", "certCreateTime>=", 0, filter); - buildDateFilter(req, "issuedOnTo", "certCreateTime<=", 86399999, + buildDateFilter(req, "issuedOnTo", "certCreateTime<=", 86399999, filter); } private void buildValidNotBeforeFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "validNotBeforeInUse")) { return; } - buildDateFilter(req, "validNotBeforeFrom", "x509cert.notBefore>=", + buildDateFilter(req, "validNotBeforeFrom", "x509cert.notBefore>=", 0, filter); - buildDateFilter(req, "validNotBeforeTo", "x509cert.notBefore<=", + buildDateFilter(req, "validNotBeforeTo", "x509cert.notBefore<=", 86399999, filter); } private void buildValidNotAfterFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "validNotAfterInUse")) { return; } - buildDateFilter(req, "validNotAfterFrom", "x509cert.notAfter>=", + buildDateFilter(req, "validNotAfterFrom", "x509cert.notAfter>=", 0, filter); - buildDateFilter(req, "validNotAfterTo", "x509cert.notAfter<=", + buildDateFilter(req, "validNotAfterTo", "x509cert.notAfter<=", 86399999, filter); } private void buildValidityLengthFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "validityLengthInUse")) { return; } @@ -439,8 +422,7 @@ public class SrchCerts extends CMSServlet { } private void buildCertTypeFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "certTypeInUse")) { return; } @@ -471,8 +453,7 @@ public class SrchCerts extends CMSServlet { } } - public String buildFilter(HttpServletRequest req) - { + public String buildFilter(HttpServletRequest req) { String queryCertFilter = req.getParameter("queryCertFilter"); StringBuffer filter = new StringBuffer(); @@ -504,10 +485,8 @@ public class SrchCerts extends CMSServlet { /** * Serves HTTP request. This format of this request is as follows: - * queryCert? - * [maxCount=<number>] - * [queryFilter=<filter>] - * [revokeAll=<filter>] + * queryCert? [maxCount=<number>] [queryFilter=<filter>] + * [revokeAll=<filter>] */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); @@ -522,10 +501,10 @@ public class SrchCerts extends CMSServlet { mAuthzResourceName, "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -551,10 +530,10 @@ public class SrchCerts extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -571,10 +550,10 @@ public class SrchCerts extends CMSServlet { String queryCertFilter = buildFilter(req); process(argSet, header, queryCertFilter, - revokeAll, maxResults, timeLimit, req, resp, locale[0]); + revokeAll, maxResults, timeLimit, req, resp, locale[0]); } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -585,33 +564,33 @@ public class SrchCerts extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - cmsReq.setStatus(CMSRequest.SUCCESS); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } /** * Process the key search. */ - private void process(CMSTemplateParams argSet, IArgBlock header, - String filter, String revokeAll, - int maxResults, int timeLimit, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) - throws EBaseException { + private void process(CMSTemplateParams argSet, IArgBlock header, + String filter, String revokeAll, + int maxResults, int timeLimit, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) + throws EBaseException { try { long startTime = CMS.getCurrentDate().getTime(); @@ -629,7 +608,7 @@ public class SrchCerts extends CMSServlet { timeLimit = mTimeLimits; } CMS.debug("Start searching ... " + "filter=" + filter + " maxreturns=" + maxResults + " timelimit=" + timeLimit); - Enumeration<ICertRecord > e = mCertDB.searchCertificates(filter, maxResults, timeLimit); + Enumeration<ICertRecord> e = mCertDB.searchCertificates(filter, maxResults, timeLimit); int count = 0; @@ -671,7 +650,8 @@ public class SrchCerts extends CMSServlet { int i = filter.indexOf(CURRENT_TIME, k); while (i > -1) { - if (now == null) now = new Date(); + if (now == null) + now = new Date(); newFilter.append(filter.substring(k, i)); newFilter.append(now.getTime()); k = i + CURRENT_TIME.length(); @@ -687,7 +667,7 @@ public class SrchCerts extends CMSServlet { * Fills cert record into argument block. */ private void fillRecordIntoArg(ICertRecord rec, IArgBlock rarg) - throws EBaseException { + throws EBaseException { X509CertImpl xcert = rec.getCertificate(); @@ -695,9 +675,9 @@ public class SrchCerts extends CMSServlet { fillX509RecordIntoArg(rec, rarg); } } - + private void fillX509RecordIntoArg(ICertRecord rec, IArgBlock rarg) - throws EBaseException { + throws EBaseException { X509CertImpl cert = rec.getCertificate(); @@ -708,7 +688,7 @@ public class SrchCerts extends CMSServlet { String subject = (String) cert.getSubjectDN().toString(); if (subject.equals("")) { - rarg.addStringValue("subject", " "); + rarg.addStringValue("subject", " "); } else { rarg.addStringValue("subject", subject); @@ -744,12 +724,13 @@ public class SrchCerts extends CMSServlet { rarg.addStringValue("signatureAlgorithm", cert.getSigAlgOID()); String issuedBy = rec.getIssuedBy(); - if (issuedBy == null) issuedBy = ""; + if (issuedBy == null) + issuedBy = ""; rarg.addStringValue("issuedBy", issuedBy); // cert.getIssuerDN().toString() rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000); rarg.addStringValue("revokedBy", - ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy())); + ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy())); if (rec.getRevokedOn() == null) { rarg.addStringValue("revokedOn", null); } else { diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java index b10086e1..45544583 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.util.Date; @@ -60,10 +59,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Force the CRL to be updated now. - * + * * @version $Revision$, $Date$ */ public class UpdateCRL extends CMSServlet { @@ -88,40 +86,41 @@ public class UpdateCRL extends CMSServlet { } /** - * Initializes the servlet. This servlet uses updateCRL.template - * to render the result + * Initializes the servlet. This servlet uses updateCRL.template to render + * the result */ public void init(ServletConfig sc) throws ServletException { super.init(sc); mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; if (mAuthority instanceof ICertificateAuthority) mCA = (ICertificateAuthority) mAuthority; - - // override success to do output orw own template. + + // override success to do output orw own template. mTemplates.remove(CMSRequest.SUCCESS); if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param signatureAlgorithm the algorithm to use to sign the CRL - * <li>http.param waitForUpdate true/false - should the servlet wait until - * the CRL update is complete? + * <li>http.param waitForUpdate true/false - should the servlet wait until + * the CRL update is complete? * <li>http.param clearCRLCache true/false - should the CRL cache cleared - * before the CRL is generated? + * before the CRL is generated? * <li>http.param crlIssuingPoint the CRL Issuing Point to Update * </ul> + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("crl", true /* main action */); + statsSub.startTiming("crl", true /* main action */); } long startTime = CMS.getCurrentDate().getTime(); @@ -133,16 +132,16 @@ public class UpdateCRL extends CMSServlet { mAuthzResourceName, "update"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); if (statsSub != null) { - statsSub.endTiming("crl"); + statsSub.endTiming("crl"); } return; } @@ -159,21 +158,21 @@ public class UpdateCRL extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); if (statsSub != null) { - statsSub.endTiming("crl"); + statsSub.endTiming("crl"); } throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { - String signatureAlgorithm = - req.getParameter("signatureAlgorithm"); + String signatureAlgorithm = + req.getParameter("signatureAlgorithm"); - process(argSet, header, req, resp, - signatureAlgorithm, locale[0]); + process(argSet, header, req, resp, + signatureAlgorithm, locale[0]); } catch (EBaseException e) { error = e; } @@ -184,42 +183,43 @@ public class UpdateCRL extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", + e.toString())); if (statsSub != null) { - statsSub.endTiming("crl"); + statsSub.endTiming("crl"); } throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } if (statsSub != null) { - statsSub.endTiming("crl"); + statsSub.endTiming("crl"); } } - private CRLExtensions crlEntryExtensions (String reason, String invalidity) { + private CRLExtensions crlEntryExtensions(String reason, String invalidity) { CRLExtensions entryExts = new CRLExtensions(); CRLReasonExtension crlReasonExtn = null; if (reason != null && reason.length() > 0) { try { RevocationReason revReason = RevocationReason.fromInt(Integer.parseInt(reason)); - if (revReason == null) revReason = RevocationReason.UNSPECIFIED; + if (revReason == null) + revReason = RevocationReason.UNSPECIFIED; crlReasonExtn = new CRLReasonExtension(revReason); } catch (Exception e) { - CMS.debug("Invalid revocation reason: "+reason); + CMS.debug("Invalid revocation reason: " + reason); } } @@ -229,15 +229,15 @@ public class UpdateCRL extends CMSServlet { Date invalidityDate = null; try { long backInTime = Long.parseLong(invalidity); - invalidityDate = new Date(now-(backInTime*60000)); + invalidityDate = new Date(now - (backInTime * 60000)); } catch (Exception e) { - CMS.debug("Invalid invalidity time offset: "+invalidity); + CMS.debug("Invalid invalidity time offset: " + invalidity); } if (invalidityDate != null) { try { invalidityDateExtn = new InvalidityDateExtension(invalidityDate); } catch (Exception e) { - CMS.debug("Error creating invalidity extension: "+e); + CMS.debug("Error creating invalidity extension: " + e); } } } @@ -246,7 +246,7 @@ public class UpdateCRL extends CMSServlet { try { entryExts.set(crlReasonExtn.getName(), crlReasonExtn); } catch (Exception e) { - CMS.debug("Error adding revocation reason extension to entry extensions: "+e); + CMS.debug("Error adding revocation reason extension to entry extensions: " + e); } } @@ -254,7 +254,7 @@ public class UpdateCRL extends CMSServlet { try { entryExts.set(invalidityDateExtn.getName(), invalidityDateExtn); } catch (Exception e) { - CMS.debug("Error adding invalidity date extension to entry extensions: "+e); + CMS.debug("Error adding invalidity date extension to entry extensions: " + e); } } @@ -293,18 +293,18 @@ public class UpdateCRL extends CMSServlet { } private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, - HttpServletResponse resp, - String signatureAlgorithm, - Locale locale) - throws EBaseException { + HttpServletRequest req, + HttpServletResponse resp, + String signatureAlgorithm, + Locale locale) + throws EBaseException { long startTime = CMS.getCurrentDate().getTime(); - String waitForUpdate = - req.getParameter("waitForUpdate"); - String clearCache = - req.getParameter("clearCRLCache"); - String crlIssuingPointId = - req.getParameter("crlIssuingPoint"); + String waitForUpdate = + req.getParameter("waitForUpdate"); + String clearCache = + req.getParameter("clearCRLCache"); + String crlIssuingPointId = + req.getParameter("crlIssuingPoint"); String test = req.getParameter("test"); String add = req.getParameter("add"); String from = req.getParameter("from"); @@ -317,45 +317,46 @@ public class UpdateCRL extends CMSServlet { Enumeration<ICRLIssuingPoint> ips = mCA.getCRLIssuingPoints(); while (ips.hasMoreElements()) { - ICRLIssuingPoint ip = ips.nextElement(); + ICRLIssuingPoint ip = ips.nextElement(); if (crlIssuingPointId.equals(ip.getId())) { break; } - if (!ips.hasMoreElements()) crlIssuingPointId = null; + if (!ips.hasMoreElements()) + crlIssuingPointId = null; } } if (crlIssuingPointId == null) { crlIssuingPointId = ICertificateAuthority.PROP_MASTER_CRL; } - ICRLIssuingPoint crlIssuingPoint = - mCA.getCRLIssuingPoint(crlIssuingPointId); + ICRLIssuingPoint crlIssuingPoint = + mCA.getCRLIssuingPoint(crlIssuingPointId); header.addStringValue("crlIssuingPoint", crlIssuingPointId); IPublisherProcessor lpm = mCA.getPublisherProcessor(); if (crlIssuingPoint != null) { if (clearCache != null && clearCache.equals("true") && - crlIssuingPoint.isCRLGenerationEnabled() && - crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE && - crlIssuingPoint.isCRLIssuingPointInitialized() + crlIssuingPoint.isCRLGenerationEnabled() && + crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE && + crlIssuingPoint.isCRLIssuingPointInitialized() == ICRLIssuingPoint.CRL_IP_INITIALIZED) { crlIssuingPoint.clearCRLCache(); } if (waitForUpdate != null && waitForUpdate.equals("true") && - crlIssuingPoint.isCRLGenerationEnabled() && - crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE && - crlIssuingPoint.isCRLIssuingPointInitialized() + crlIssuingPoint.isCRLGenerationEnabled() && + crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE && + crlIssuingPoint.isCRLIssuingPointInitialized() == ICRLIssuingPoint.CRL_IP_INITIALIZED) { if (test != null && test.equals("true") && - crlIssuingPoint.isCRLCacheTestingEnabled() && - (!mTesting.contains(crlIssuingPointId))) { + crlIssuingPoint.isCRLCacheTestingEnabled() && + (!mTesting.contains(crlIssuingPointId))) { CMS.debug("CRL test started."); mTesting.add(crlIssuingPointId); BigInteger addLen = null; BigInteger startFrom = null; if (add != null && add.length() > 0 && - from != null && from.length() > 0) { + from != null && from.length() > 0) { try { addLen = new BigInteger(add); startFrom = new BigInteger(from); @@ -366,7 +367,7 @@ public class UpdateCRL extends CMSServlet { Date revocationDate = CMS.getCurrentDate(); String err = null; - CRLExtensions entryExts = crlEntryExtensions (reason, invalidity); + CRLExtensions entryExts = crlEntryExtensions(reason, invalidity); BigInteger serialNumber = startFrom; BigInteger counter = addLen; @@ -380,16 +381,16 @@ public class UpdateCRL extends CMSServlet { long t1 = System.currentTimeMillis(); long t2 = 0; - + while (counter.compareTo(BigInteger.ZERO) > 0) { RevokedCertImpl revokedCert = - new RevokedCertImpl(serialNumber, revocationDate, entryExts); + new RevokedCertImpl(serialNumber, revocationDate, entryExts); crlIssuingPoint.addRevokedCert(serialNumber, revokedCert); serialNumber = serialNumber.add(BigInteger.ONE); counter = counter.subtract(BigInteger.ONE); if ((counter.compareTo(BigInteger.ZERO) == 0) || - (stepBy != null && ((counter.mod(stepBy)).compareTo(BigInteger.ZERO) == 0))) { + (stepBy != null && ((counter.mod(stepBy)).compareTo(BigInteger.ZERO) == 0))) { t2 = System.currentTimeMillis(); long t0 = t2 - t1; t1 = t2; @@ -465,40 +466,40 @@ public class UpdateCRL extends CMSServlet { String agentId = (String) sContext.get(SessionContext.USER_ID); IAuthToken authToken = (IAuthToken) sContext.get(SessionContext.AUTH_TOKEN); String authMgr = AuditFormat.NOAUTH; - + if (authToken != null) { authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); } long endTime = CMS.getCurrentDate().getTime(); if (crlIssuingPoint.getNextUpdate() != null) { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.CRLUPDATEFORMAT, - new Object[] { - AuditFormat.FROMAGENT + " agentID: " + agentId, - authMgr, - "completed", - crlIssuingPoint.getId(), - crlIssuingPoint.getCRLNumber(), - crlIssuingPoint.getLastUpdate(), - crlIssuingPoint.getNextUpdate(), - Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime)} - ); - }else { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.CRLUPDATEFORMAT, - new Object[] { - AuditFormat.FROMAGENT + " agentID: " + agentId, - authMgr, - "completed", - crlIssuingPoint.getId(), - crlIssuingPoint.getCRLNumber(), - crlIssuingPoint.getLastUpdate(), - "not set", - Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime)} - ); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.CRLUPDATEFORMAT, + new Object[] { + AuditFormat.FROMAGENT + " agentID: " + agentId, + authMgr, + "completed", + crlIssuingPoint.getId(), + crlIssuingPoint.getCRLNumber(), + crlIssuingPoint.getLastUpdate(), + crlIssuingPoint.getNextUpdate(), + Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime) } + ); + } else { + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.CRLUPDATEFORMAT, + new Object[] { + AuditFormat.FROMAGENT + " agentID: " + agentId, + authMgr, + "completed", + crlIssuingPoint.getId(), + crlIssuingPoint.getCRLNumber(), + crlIssuingPoint.getLastUpdate(), + "not set", + Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime) } + ); } } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_UPDATE_CRL", e.toString())); @@ -511,8 +512,7 @@ public class UpdateCRL extends CMSServlet { } } } else { - if (crlIssuingPoint.isCRLIssuingPointInitialized() - != ICRLIssuingPoint.CRL_IP_INITIALIZED) { + if (crlIssuingPoint.isCRLIssuingPointInitialized() != ICRLIssuingPoint.CRL_IP_INITIALIZED) { header.addStringValue("crlUpdate", "notInitialized"); } else if (crlIssuingPoint.isCRLUpdateInProgress() != ICRLIssuingPoint.CRL_UPDATE_DONE || diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java index ccba3362..5b7688c5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.util.Enumeration; @@ -58,10 +57,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Update the configured LDAP server with specified objects - * + * * @version $Revision$, $Date$ */ public class UpdateDir extends CMSServlet { @@ -85,12 +83,12 @@ public class UpdateDir extends CMSServlet { private final static int REVOKED_FROM = 10; private final static int REVOKED_TO = 11; private final static int CHECK_FLAG = 12; - private final static String[] updateName = - {"updateAll", "updateCRL", "updateCA", - "updateValid", "validFrom", "validTo", - "updateExpired", "expiredFrom", "expiredTo", - "updateRevoked", "revokedFrom", "revokedTo", - "checkFlag"}; + private final static String[] updateName = + { "updateAll", "updateCRL", "updateCA", + "updateValid", "validFrom", "validTo", + "updateExpired", "expiredFrom", "expiredTo", + "updateRevoked", "revokedFrom", "revokedTo", + "checkFlag" }; private String mFormPath = null; private ICertificateAuthority mCA = null; @@ -112,7 +110,7 @@ public class UpdateDir extends CMSServlet { public void init(ServletConfig sc) throws ServletException { super.init(sc); - if( mAuthority != null ) { + if (mAuthority != null) { mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; if (mAuthority instanceof ICertificateAuthority) { mCA = (ICertificateAuthority) mAuthority; @@ -129,8 +127,8 @@ public class UpdateDir extends CMSServlet { } /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -146,10 +144,10 @@ public class UpdateDir extends CMSServlet { mAuthzResourceName, "update"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -169,17 +167,17 @@ public class UpdateDir extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { String crlIssuingPointId = req.getParameter("crlIssuingPoint"); if (mPublisherProcessor == null || - !mPublisherProcessor.enabled()) + !mPublisherProcessor.enabled()) throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_PUB_MODULE")); String[] updateValue = new String[updateName.length]; @@ -191,7 +189,7 @@ public class UpdateDir extends CMSServlet { String masterHost = CMS.getConfigStore().getString("master.ca.agent.host", ""); String masterPort = CMS.getConfigStore().getString("master.ca.agent.port", ""); if (masterHost != null && masterHost.length() > 0 && - masterPort != null && masterPort.length() > 0) { + masterPort != null && masterPort.length() > 0) { mClonedCA = true; } @@ -206,29 +204,29 @@ public class UpdateDir extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private void updateCRLIssuingPoint( - IArgBlock header, - String crlIssuingPointId, - ICRLIssuingPoint crlIssuingPoint, - Locale locale) { + IArgBlock header, + String crlIssuingPointId, + ICRLIssuingPoint crlIssuingPoint, + Locale locale) { SessionContext sc = SessionContext.getContext(); sc.put(ICRLIssuingPoint.SC_ISSUING_POINT_ID, crlIssuingPointId); @@ -237,28 +235,28 @@ public class UpdateDir extends CMSServlet { try { if (mCRLRepository != null) { - crlRecord = (ICRLIssuingPointRecord)mCRLRepository.readCRLIssuingPointRecord(crlIssuingPointId); + crlRecord = (ICRLIssuingPointRecord) mCRLRepository.readCRLIssuingPointRecord(crlIssuingPointId); } } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_CRL_RECORD", e.toString())); } if (crlRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); header.addStringValue("crlPublished", "Failure"); header.addStringValue("crlError", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); } else { - String publishDN = (crlIssuingPoint != null)? crlIssuingPoint.getPublishDN(): null; + String publishDN = (crlIssuingPoint != null) ? crlIssuingPoint.getPublishDN() : null; byte[] crlbytes = crlRecord.getCRL(); if (crlbytes == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", "")); header.addStringValue("crlPublished", "Failure"); header.addStringValue("crlError", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); } else { X509CRLImpl crl = null; @@ -271,13 +269,13 @@ public class UpdateDir extends CMSServlet { if (crl == null) { header.addStringValue("crlPublished", "Failure"); header.addStringValue("crlError", - new ECMSGWException(CMS.getUserMessage(locale,"CMS_GW_DECODE_CRL_FAILED")).toString()); + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); } else { try { if (publishDN != null) { mPublisherProcessor.publishCRL(publishDN, crl); } else { - mPublisherProcessor.publishCRL(crl,crlIssuingPointId); + mPublisherProcessor.publishCRL(crl, crlIssuingPointId); } header.addStringValue("crlPublished", "Success"); } catch (ELdapException e) { @@ -307,20 +305,20 @@ public class UpdateDir extends CMSServlet { BigInteger deltaNumber = crlRecord.getDeltaCRLNumber(); Long deltaCRLSize = crlRecord.getDeltaCRLSize(); if (deltaCRLSize != null && deltaCRLSize.longValue() > -1 && - crlNumber != null && deltaNumber != null && - deltaNumber.compareTo(crlNumber) >= 0) { + crlNumber != null && deltaNumber != null && + deltaNumber.compareTo(crlNumber) >= 0) { goodDelta = true; } } if (deltaCrl != null && ((mClonedCA && goodDelta) || - (crlIssuingPoint != null && - crlIssuingPoint.isThisCurrentDeltaCRL(deltaCrl)))) { + (crlIssuingPoint != null && + crlIssuingPoint.isThisCurrentDeltaCRL(deltaCrl)))) { try { if (publishDN != null) { mPublisherProcessor.publishCRL(publishDN, deltaCrl); } else { - mPublisherProcessor.publishCRL(deltaCrl,crlIssuingPointId); + mPublisherProcessor.publishCRL(deltaCrl, crlIssuingPointId); } } catch (ELdapException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_PUBLISH_DELTA_CRL", e.toString())); @@ -331,16 +329,16 @@ public class UpdateDir extends CMSServlet { } private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, - HttpServletResponse resp, - String crlIssuingPointId, - String[] updateValue, - Locale locale) - throws EBaseException { + HttpServletRequest req, + HttpServletResponse resp, + String crlIssuingPointId, + String[] updateValue, + Locale locale) + throws EBaseException { // all or crl if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || - (updateValue[UPDATE_CRL] != null && + (updateValue[UPDATE_CRL] != null && updateValue[UPDATE_CRL].equalsIgnoreCase("yes"))) { // check if received issuing point ID is known to the server if (crlIssuingPointId != null) { @@ -352,7 +350,8 @@ public class UpdateDir extends CMSServlet { if (crlIssuingPointId.equals(ip.getId())) { break; } - if (!ips.hasMoreElements()) crlIssuingPointId = null; + if (!ips.hasMoreElements()) + crlIssuingPointId = null; } } if (crlIssuingPointId == null) { @@ -361,7 +360,7 @@ public class UpdateDir extends CMSServlet { Vector ipNames = mCRLRepository.getIssuingPointsNames(); if (ipNames != null && ipNames.size() > 0) { for (int i = 0; i < ipNames.size(); i++) { - String ipName = (String)ipNames.elementAt(i); + String ipName = (String) ipNames.elementAt(i); updateCRLIssuingPoint(header, ipName, null, locale); } @@ -377,11 +376,11 @@ public class UpdateDir extends CMSServlet { } } else { ICRLIssuingPoint crlIssuingPoint = - mCA.getCRLIssuingPoint(crlIssuingPointId); + mCA.getCRLIssuingPoint(crlIssuingPointId); ICRLIssuingPointRecord crlRecord = null; - updateCRLIssuingPoint(header, crlIssuingPointId, - crlIssuingPoint, locale); + updateCRLIssuingPoint(header, crlIssuingPointId, + crlIssuingPoint, locale); } } @@ -390,7 +389,7 @@ public class UpdateDir extends CMSServlet { // all or ca if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || - (updateValue[UPDATE_CA] != null && + (updateValue[UPDATE_CA] != null && updateValue[UPDATE_CA].equalsIgnoreCase("yes"))) { X509CertImpl caCert = mCA.getSigningUnit().getCertImpl(); @@ -408,7 +407,7 @@ public class UpdateDir extends CMSServlet { // all or valid if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || - (updateValue[UPDATE_VALID] != null && + (updateValue[UPDATE_VALID] != null && updateValue[UPDATE_VALID].equalsIgnoreCase("yes"))) { if (certificateRepository != null) { if (updateValue[VALID_FROM].startsWith("0x")) { @@ -420,16 +419,16 @@ public class UpdateDir extends CMSServlet { Enumeration validCerts = null; if (updateValue[CHECK_FLAG] != null && - updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { - validCerts = + updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { + validCerts = certificateRepository.getValidNotPublishedCertificates( - updateValue[VALID_FROM], - updateValue[VALID_TO]); + updateValue[VALID_FROM], + updateValue[VALID_TO]); } else { - validCerts = + validCerts = certificateRepository.getValidCertificates( - updateValue[VALID_FROM], - updateValue[VALID_TO]); + updateValue[VALID_FROM], + updateValue[VALID_TO]); } int i = 0; int l = 0; @@ -438,8 +437,8 @@ public class UpdateDir extends CMSServlet { if (validCerts != null) { while (validCerts.hasMoreElements()) { ICertRecord certRecord = - (ICertRecord) validCerts.nextElement(); - //X509CertImpl cert = certRecord.getCertificate(); + (ICertRecord) validCerts.nextElement(); + // X509CertImpl cert = certRecord.getCertificate(); X509CertImpl cert = null; Object o = certRecord.getCertificate(); @@ -454,9 +453,9 @@ public class UpdateDir extends CMSServlet { // ca's self signed signing cert and // server cert has no related request and // have no metaInfo - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD", - cert.getSerialNumber().toString(16))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD", + cert.getSerialNumber().toString(16))); } else { ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); } @@ -465,55 +464,55 @@ public class UpdateDir extends CMSServlet { if (ridString != null) { RequestId rid = new RequestId(ridString); - + r = mCA.getRequestQueue().findRequest(rid); - } + } try { l++; - SessionContext sc = SessionContext.getContext(); + SessionContext sc = SessionContext.getContext(); if (r == null) { if (CMS.isEncryptionCert(cert)) sc.put((Object) "isEncryptionCert", (Object) "true"); - else + else sc.put((Object) "isEncryptionCert", (Object) "false"); mPublisherProcessor.publishCert(cert, null); } else { if (CMS.isEncryptionCert(cert)) r.setExtData("isEncryptionCert", "true"); - else + else r.setExtData("isEncryptionCert", "false"); mPublisherProcessor.publishCert(cert, r); } i++; } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_PUBLISH_CERT", certRecord.getSerialNumber().toString(16), - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_PUBLISH_CERT", certRecord.getSerialNumber().toString(16), + e.toString())); validCertsError += "Failed to publish certificate: 0x" + - certRecord.getSerialNumber().toString(16) + - ".\n <BR> "; + certRecord.getSerialNumber().toString(16) + + ".\n <BR> "; } } } if (i > 0 && i == l) { header.addStringValue("validCertsPublished", - "Success"); + "Success"); if (i == 1) - header.addStringValue("validCertsError", i + - " valid certificate is published in the directory."); + header.addStringValue("validCertsError", i + + " valid certificate is published in the directory."); else - header.addStringValue("validCertsError", i + - " valid certificates are published in the directory."); + header.addStringValue("validCertsError", i + + " valid certificates are published in the directory."); } else { if (l == 0) { header.addStringValue("validCertsPublished", "No"); } else { header.addStringValue("validCertsPublished", "Failure"); - header.addStringValue("validCertsError", - validCertsError); + header.addStringValue("validCertsError", + validCertsError); } } } else { @@ -525,7 +524,7 @@ public class UpdateDir extends CMSServlet { // all or expired if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || - (updateValue[UPDATE_EXPIRED] != null && + (updateValue[UPDATE_EXPIRED] != null && updateValue[UPDATE_EXPIRED].equalsIgnoreCase("yes"))) { if (certificateRepository != null) { if (updateValue[EXPIRED_FROM].startsWith("0x")) { @@ -537,26 +536,26 @@ public class UpdateDir extends CMSServlet { Enumeration expiredCerts = null; if (updateValue[CHECK_FLAG] != null && - updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { + updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { expiredCerts = certificateRepository.getExpiredPublishedCertificates( - updateValue[EXPIRED_FROM], - updateValue[EXPIRED_TO]); + updateValue[EXPIRED_FROM], + updateValue[EXPIRED_TO]); } else { expiredCerts = certificateRepository.getExpiredCertificates( - updateValue[EXPIRED_FROM], - updateValue[EXPIRED_TO]); + updateValue[EXPIRED_FROM], + updateValue[EXPIRED_TO]); } int i = 0; int l = 0; StringBuffer expiredCertsError = new StringBuffer(); - if (expiredCerts != null) { + if (expiredCerts != null) { while (expiredCerts.hasMoreElements()) { ICertRecord certRecord = - (ICertRecord) expiredCerts.nextElement(); - //X509CertImpl cert = certRecord.getCertificate(); + (ICertRecord) expiredCerts.nextElement(); + // X509CertImpl cert = certRecord.getCertificate(); X509CertImpl cert = null; Object o = certRecord.getCertificate(); @@ -571,9 +570,9 @@ public class UpdateDir extends CMSServlet { // ca's self signed signing cert and // server cert has no related request and // have no metaInfo - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD", - cert.getSerialNumber().toString(16))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD", + cert.getSerialNumber().toString(16))); } else { ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); } @@ -582,9 +581,9 @@ public class UpdateDir extends CMSServlet { if (ridString != null) { RequestId rid = new RequestId(ridString); - + r = mCA.getRequestQueue().findRequest(rid); - } + } try { l++; @@ -595,10 +594,10 @@ public class UpdateDir extends CMSServlet { } i++; } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT", - certRecord.getSerialNumber().toString(16), - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT", + certRecord.getSerialNumber().toString(16), + e.toString())); expiredCertsError.append( "Failed to unpublish certificate: 0x"); expiredCertsError.append( @@ -611,18 +610,18 @@ public class UpdateDir extends CMSServlet { if (i > 0 && i == l) { header.addStringValue("expiredCertsUnpublished", "Success"); if (i == 1) - header.addStringValue("expiredCertsError", i + - " expired certificate is unpublished in the directory."); + header.addStringValue("expiredCertsError", i + + " expired certificate is unpublished in the directory."); else - header.addStringValue("expiredCertsError", i + - " expired certificates are unpublished in the directory."); + header.addStringValue("expiredCertsError", i + + " expired certificates are unpublished in the directory."); } else { if (l == 0) { header.addStringValue("expiredCertsUnpublished", "No"); } else { header.addStringValue("expiredCertsUnpublished", "Failure"); - header.addStringValue("expiredCertsError", - expiredCertsError.toString()); + header.addStringValue("expiredCertsError", + expiredCertsError.toString()); } } } else { @@ -634,7 +633,7 @@ public class UpdateDir extends CMSServlet { // all or revoked if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || - (updateValue[UPDATE_REVOKED] != null && + (updateValue[UPDATE_REVOKED] != null && updateValue[UPDATE_REVOKED].equalsIgnoreCase("yes"))) { if (certificateRepository != null) { if (updateValue[REVOKED_FROM].startsWith("0x")) { @@ -646,26 +645,26 @@ public class UpdateDir extends CMSServlet { Enumeration revokedCerts = null; if (updateValue[CHECK_FLAG] != null && - updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { + updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { revokedCerts = certificateRepository.getRevokedPublishedCertificates( - updateValue[REVOKED_FROM], - updateValue[REVOKED_TO]); + updateValue[REVOKED_FROM], + updateValue[REVOKED_TO]); } else { revokedCerts = certificateRepository.getRevokedCertificates( - updateValue[REVOKED_FROM], - updateValue[REVOKED_TO]); + updateValue[REVOKED_FROM], + updateValue[REVOKED_TO]); } int i = 0; int l = 0; String revokedCertsError = ""; - if (revokedCerts != null) { + if (revokedCerts != null) { while (revokedCerts.hasMoreElements()) { ICertRecord certRecord = - (ICertRecord) revokedCerts.nextElement(); - //X509CertImpl cert = certRecord.getCertificate(); + (ICertRecord) revokedCerts.nextElement(); + // X509CertImpl cert = certRecord.getCertificate(); X509CertImpl cert = null; Object o = certRecord.getCertificate(); @@ -680,9 +679,9 @@ public class UpdateDir extends CMSServlet { // ca's self signed signing cert and // server cert has no related request and // have no metaInfo - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD", - cert.getSerialNumber().toString(16))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD", + cert.getSerialNumber().toString(16))); } else { ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); } @@ -691,9 +690,9 @@ public class UpdateDir extends CMSServlet { if (ridString != null) { RequestId rid = new RequestId(ridString); - + r = mCA.getRequestQueue().findRequest(rid); - } + } try { l++; @@ -704,32 +703,32 @@ public class UpdateDir extends CMSServlet { } i++; } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT", - certRecord.getSerialNumber().toString(16), - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT", + certRecord.getSerialNumber().toString(16), + e.toString())); revokedCertsError += "Failed to unpublish certificate: 0x" + - certRecord.getSerialNumber().toString(16) + - ".\n <BR> "; + certRecord.getSerialNumber().toString(16) + + ".\n <BR> "; } } } if (i > 0 && i == l) { header.addStringValue("revokedCertsUnpublished", "Success"); if (i == 1) - header.addStringValue("revokedCertsError", i + - " revoked certificate is unpublished in the directory."); + header.addStringValue("revokedCertsError", i + + " revoked certificate is unpublished in the directory."); else - header.addStringValue("revokedCertsError", i + - " revoked certificates are unpublished in the directory."); + header.addStringValue("revokedCertsError", i + + " revoked certificates are unpublished in the directory."); } else { if (l == 0) { header.addStringValue("revokedCertsUnpublished", "No"); } else { header.addStringValue("revokedCertsUnpublished", "Failure"); - header.addStringValue("revokedCertsError", - revokedCertsError); + header.addStringValue("revokedCertsError", + revokedCertsError); } } } else { diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java index f181e156..ad28c921 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java @@ -122,242 +122,234 @@ import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.profile.SSLClientCertProvider; import com.netscape.cmsutil.scep.CRSPKIMessage; - /** - * This servlet deals with PKCS#10-based certificate requests from - * CRS, now called SCEP, and defined at: - * http://search.ietf.org/internet-drafts/draft-nourse-scep-02.txt + * This servlet deals with PKCS#10-based certificate requests from CRS, now + * called SCEP, and defined at: + * http://search.ietf.org/internet-drafts/draft-nourse-scep-02.txt * * The router is hardcoded to look for the http://host:80/cgi-bin/pkiclient.exe - * - * The HTTP parameters are 'operation' and 'message' - * operation can be either 'GetCACert' or 'PKIOperation' - * + * + * The HTTP parameters are 'operation' and 'message' operation can be either + * 'GetCACert' or 'PKIOperation' + * * @version $Revision$, $Date$ */ -public class CRSEnrollment extends HttpServlet -{ - /** +public class CRSEnrollment extends HttpServlet { + /** * */ private static final long serialVersionUID = 8483002540957382369L; -protected IProfileSubsystem mProfileSubsystem = null; - protected String mProfileId = null; - protected ICertAuthority mAuthority; - protected IConfigStore mConfig = null; - protected IAuthSubsystem mAuthSubsystem; - protected String mAppendDN=null; - protected String mEntryObjectclass=null; - protected boolean mCreateEntry=false; - protected boolean mFlattenDN=false; - - private String mAuthManagerName; - private String mSubstoreName; - private boolean mEnabled = false; - private boolean mUseCA = true; - private String mNickname = null; - private String mTokenName = ""; - private String mHashAlgorithm = "SHA1"; - private String mHashAlgorithmList = null; - private String[] mAllowedHashAlgorithm; - private String mConfiguredEncryptionAlgorithm = "DES3"; - private String mEncryptionAlgorithm = "DES3"; - private String mEncryptionAlgorithmList = null; - private String[] mAllowedEncryptionAlgorithm; - private Random mRandom = null; - private int mNonceSizeLimit = 0; - protected ILogger mLogger = CMS.getLogger(); - private ICertificateAuthority ca; - /* for hashing challenge password */ - protected MessageDigest mSHADigest = null; - - private static final String PROP_SUBSTORENAME = "substorename"; - private static final String PROP_AUTHORITY = "authority"; - private static final String PROP_CRS = "crs"; - private static final String PROP_CRSCA = "casubsystem"; - private static final String PROP_CRSAUTHMGR = "authName"; - private static final String PROP_APPENDDN = "appendDN"; - private static final String PROP_CREATEENTRY= "createEntry"; - private static final String PROP_FLATTENDN = "flattenDN"; - private static final String PROP_ENTRYOC = "entryObjectclass"; - - // URL parameters - private static final String URL_OPERATION = "operation"; - private static final String URL_MESSAGE = "message"; - - // possible values for 'operation' - private static final String OP_GETCACERT = "GetCACert"; - private static final String OP_PKIOPERATION = "PKIOperation"; - - public static final String AUTH_PASSWORD = "pwd"; - - public static final String AUTH_CREDS = "AuthCreds"; - public static final String AUTH_TOKEN = "AuthToken"; - public static final String AUTH_FAILED = "AuthFailed"; - - public static final String SANE_DNSNAME = "DNSName"; - public static final String SANE_IPADDRESS = "IPAddress"; - - public static final String CERTINFO = "CertInfo"; - public static final String SUBJECTNAME = "SubjectName"; - - - public static ObjectIdentifier OID_UNSTRUCTUREDNAME = null; - public static ObjectIdentifier OID_UNSTRUCTUREDADDRESS = null; - public static ObjectIdentifier OID_SERIALNUMBER = null; - - public CRSEnrollment(){} - - public static Hashtable<String, String> toHashtable(HttpServletRequest req) { - Hashtable<String, String> httpReqHash = new Hashtable<String, String>(); - @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); - while (names.hasMoreElements()) { - String name = (String)names.nextElement(); - httpReqHash.put(name, req.getParameter(name)); - } - return httpReqHash; - } - - public void init(ServletConfig sc) { - // Find the CertificateAuthority we should use for CRS. - String crsCA = sc.getInitParameter(PROP_AUTHORITY); - if (crsCA == null) - crsCA = "ca"; - mAuthority = (ICertAuthority) CMS.getSubsystem(crsCA); - ca = (ICertificateAuthority)mAuthority; - - if (mAuthority == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CANT_FIND_AUTHORITY",crsCA)); - } - - try { - if (mAuthority instanceof ISubsystem) { - IConfigStore authorityConfig = ((ISubsystem)mAuthority).getConfigStore(); - IConfigStore scepConfig = authorityConfig.getSubStore("scep"); - mEnabled = scepConfig.getBoolean("enable", false); - mHashAlgorithm = scepConfig.getString("hashAlgorithm", "SHA1"); - mConfiguredEncryptionAlgorithm = scepConfig.getString("encryptionAlgorithm", "DES3"); - mNonceSizeLimit = scepConfig.getInteger("nonceSizeLimit", 0); - mHashAlgorithmList = scepConfig.getString("allowedHashAlgorithms", "SHA1,SHA256,SHA512"); - mAllowedHashAlgorithm = mHashAlgorithmList.split(","); - mEncryptionAlgorithmList = scepConfig.getString("allowedEncryptionAlgorithms", "DES3"); - mAllowedEncryptionAlgorithm = mEncryptionAlgorithmList.split(","); - mNickname = scepConfig.getString("nickname", ca.getNickname()); - if (mNickname.equals(ca.getNickname())) { - mTokenName = ca.getSigningUnit().getTokenName(); - } else { - mTokenName = scepConfig.getString("tokenname", ""); - mUseCA = false; - } - if (!(mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) || - mTokenName.equalsIgnoreCase("Internal Key Storage Token") || - mTokenName.length() == 0)) { - int i = mNickname.indexOf(':'); - if (!((i > -1) && (mTokenName.length() == i) && (mNickname.startsWith(mTokenName)))) { - mNickname = mTokenName + ":" + mNickname; - } - } - } - } catch (EBaseException e) { - CMS.debug("CRSEnrollment: init: EBaseException: "+e); - } - mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm; - CMS.debug("CRSEnrollment: init: SCEP support is "+((mEnabled)?"enabled":"disabled")+"."); - CMS.debug("CRSEnrollment: init: SCEP nickname: "+mNickname); - CMS.debug("CRSEnrollment: init: CA nickname: "+ca.getNickname()); - CMS.debug("CRSEnrollment: init: Token name: "+mTokenName); - CMS.debug("CRSEnrollment: init: Is SCEP using CA keys: "+mUseCA); - CMS.debug("CRSEnrollment: init: mNonceSizeLimit: "+mNonceSizeLimit); - CMS.debug("CRSEnrollment: init: mHashAlgorithm: "+mHashAlgorithm); - CMS.debug("CRSEnrollment: init: mHashAlgorithmList: "+mHashAlgorithmList); - for (int i = 0; i < mAllowedHashAlgorithm.length; i++) { - mAllowedHashAlgorithm[i] = mAllowedHashAlgorithm[i].trim(); - CMS.debug("CRSEnrollment: init: mAllowedHashAlgorithm["+i+"]="+mAllowedHashAlgorithm[i]); - } - CMS.debug("CRSEnrollment: init: mEncryptionAlgorithm: "+mEncryptionAlgorithm); - CMS.debug("CRSEnrollment: init: mEncryptionAlgorithmList: "+mEncryptionAlgorithmList); - for (int i = 0; i < mAllowedEncryptionAlgorithm.length; i++) { - mAllowedEncryptionAlgorithm[i] = mAllowedEncryptionAlgorithm[i].trim(); - CMS.debug("CRSEnrollment: init: mAllowedEncryptionAlgorithm["+i+"]="+mAllowedEncryptionAlgorithm[i]); - } - - try { - mProfileSubsystem = (IProfileSubsystem)CMS.getSubsystem("profile"); - mProfileId = sc.getInitParameter("profileId"); - CMS.debug("CRSEnrollment: init: mProfileId="+mProfileId); - - mAuthSubsystem = (IAuthSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); - mAuthManagerName = sc.getInitParameter(PROP_CRSAUTHMGR); - mAppendDN = sc.getInitParameter(PROP_APPENDDN); - String tmp = sc.getInitParameter(PROP_CREATEENTRY); - if (tmp != null && tmp.trim().equalsIgnoreCase("true")) - mCreateEntry = true; - else - mCreateEntry = false; - tmp = sc.getInitParameter(PROP_FLATTENDN); - if (tmp != null && tmp.trim().equalsIgnoreCase("true")) - mFlattenDN = true; - else - mFlattenDN = false; - mEntryObjectclass = sc.getInitParameter(PROP_ENTRYOC); - if (mEntryObjectclass == null) - mEntryObjectclass = "cep"; - mSubstoreName = sc.getInitParameter(PROP_SUBSTORENAME); - if (mSubstoreName == null) - mSubstoreName = "default"; - } catch (Exception e) { - } - - OID_UNSTRUCTUREDNAME = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDNAME"); - OID_UNSTRUCTUREDADDRESS = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDADDRESS"); - OID_SERIALNUMBER = X500NameAttrMap.getDefault().getOid("SERIALNUMBER"); - - - try { - mSHADigest = MessageDigest.getInstance("SHA1"); + protected IProfileSubsystem mProfileSubsystem = null; + protected String mProfileId = null; + protected ICertAuthority mAuthority; + protected IConfigStore mConfig = null; + protected IAuthSubsystem mAuthSubsystem; + protected String mAppendDN = null; + protected String mEntryObjectclass = null; + protected boolean mCreateEntry = false; + protected boolean mFlattenDN = false; + + private String mAuthManagerName; + private String mSubstoreName; + private boolean mEnabled = false; + private boolean mUseCA = true; + private String mNickname = null; + private String mTokenName = ""; + private String mHashAlgorithm = "SHA1"; + private String mHashAlgorithmList = null; + private String[] mAllowedHashAlgorithm; + private String mConfiguredEncryptionAlgorithm = "DES3"; + private String mEncryptionAlgorithm = "DES3"; + private String mEncryptionAlgorithmList = null; + private String[] mAllowedEncryptionAlgorithm; + private Random mRandom = null; + private int mNonceSizeLimit = 0; + protected ILogger mLogger = CMS.getLogger(); + private ICertificateAuthority ca; + /* for hashing challenge password */ + protected MessageDigest mSHADigest = null; + + private static final String PROP_SUBSTORENAME = "substorename"; + private static final String PROP_AUTHORITY = "authority"; + private static final String PROP_CRS = "crs"; + private static final String PROP_CRSCA = "casubsystem"; + private static final String PROP_CRSAUTHMGR = "authName"; + private static final String PROP_APPENDDN = "appendDN"; + private static final String PROP_CREATEENTRY = "createEntry"; + private static final String PROP_FLATTENDN = "flattenDN"; + private static final String PROP_ENTRYOC = "entryObjectclass"; + + // URL parameters + private static final String URL_OPERATION = "operation"; + private static final String URL_MESSAGE = "message"; + + // possible values for 'operation' + private static final String OP_GETCACERT = "GetCACert"; + private static final String OP_PKIOPERATION = "PKIOperation"; + + public static final String AUTH_PASSWORD = "pwd"; + + public static final String AUTH_CREDS = "AuthCreds"; + public static final String AUTH_TOKEN = "AuthToken"; + public static final String AUTH_FAILED = "AuthFailed"; + + public static final String SANE_DNSNAME = "DNSName"; + public static final String SANE_IPADDRESS = "IPAddress"; + + public static final String CERTINFO = "CertInfo"; + public static final String SUBJECTNAME = "SubjectName"; + + public static ObjectIdentifier OID_UNSTRUCTUREDNAME = null; + public static ObjectIdentifier OID_UNSTRUCTUREDADDRESS = null; + public static ObjectIdentifier OID_SERIALNUMBER = null; + + public CRSEnrollment() { + } + + public static Hashtable<String, String> toHashtable(HttpServletRequest req) { + Hashtable<String, String> httpReqHash = new Hashtable<String, String>(); + @SuppressWarnings("unchecked") + Enumeration<String> names = req.getParameterNames(); + while (names.hasMoreElements()) { + String name = (String) names.nextElement(); + httpReqHash.put(name, req.getParameter(name)); + } + return httpReqHash; + } + + public void init(ServletConfig sc) { + // Find the CertificateAuthority we should use for CRS. + String crsCA = sc.getInitParameter(PROP_AUTHORITY); + if (crsCA == null) + crsCA = "ca"; + mAuthority = (ICertAuthority) CMS.getSubsystem(crsCA); + ca = (ICertificateAuthority) mAuthority; + + if (mAuthority == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CANT_FIND_AUTHORITY", crsCA)); + } + + try { + if (mAuthority instanceof ISubsystem) { + IConfigStore authorityConfig = ((ISubsystem) mAuthority).getConfigStore(); + IConfigStore scepConfig = authorityConfig.getSubStore("scep"); + mEnabled = scepConfig.getBoolean("enable", false); + mHashAlgorithm = scepConfig.getString("hashAlgorithm", "SHA1"); + mConfiguredEncryptionAlgorithm = scepConfig.getString("encryptionAlgorithm", "DES3"); + mNonceSizeLimit = scepConfig.getInteger("nonceSizeLimit", 0); + mHashAlgorithmList = scepConfig.getString("allowedHashAlgorithms", "SHA1,SHA256,SHA512"); + mAllowedHashAlgorithm = mHashAlgorithmList.split(","); + mEncryptionAlgorithmList = scepConfig.getString("allowedEncryptionAlgorithms", "DES3"); + mAllowedEncryptionAlgorithm = mEncryptionAlgorithmList.split(","); + mNickname = scepConfig.getString("nickname", ca.getNickname()); + if (mNickname.equals(ca.getNickname())) { + mTokenName = ca.getSigningUnit().getTokenName(); + } else { + mTokenName = scepConfig.getString("tokenname", ""); + mUseCA = false; + } + if (!(mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) || + mTokenName.equalsIgnoreCase("Internal Key Storage Token") || mTokenName.length() == 0)) { + int i = mNickname.indexOf(':'); + if (!((i > -1) && (mTokenName.length() == i) && (mNickname.startsWith(mTokenName)))) { + mNickname = mTokenName + ":" + mNickname; + } + } + } + } catch (EBaseException e) { + CMS.debug("CRSEnrollment: init: EBaseException: " + e); + } + mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm; + CMS.debug("CRSEnrollment: init: SCEP support is " + ((mEnabled) ? "enabled" : "disabled") + "."); + CMS.debug("CRSEnrollment: init: SCEP nickname: " + mNickname); + CMS.debug("CRSEnrollment: init: CA nickname: " + ca.getNickname()); + CMS.debug("CRSEnrollment: init: Token name: " + mTokenName); + CMS.debug("CRSEnrollment: init: Is SCEP using CA keys: " + mUseCA); + CMS.debug("CRSEnrollment: init: mNonceSizeLimit: " + mNonceSizeLimit); + CMS.debug("CRSEnrollment: init: mHashAlgorithm: " + mHashAlgorithm); + CMS.debug("CRSEnrollment: init: mHashAlgorithmList: " + mHashAlgorithmList); + for (int i = 0; i < mAllowedHashAlgorithm.length; i++) { + mAllowedHashAlgorithm[i] = mAllowedHashAlgorithm[i].trim(); + CMS.debug("CRSEnrollment: init: mAllowedHashAlgorithm[" + i + "]=" + mAllowedHashAlgorithm[i]); + } + CMS.debug("CRSEnrollment: init: mEncryptionAlgorithm: " + mEncryptionAlgorithm); + CMS.debug("CRSEnrollment: init: mEncryptionAlgorithmList: " + mEncryptionAlgorithmList); + for (int i = 0; i < mAllowedEncryptionAlgorithm.length; i++) { + mAllowedEncryptionAlgorithm[i] = mAllowedEncryptionAlgorithm[i].trim(); + CMS.debug("CRSEnrollment: init: mAllowedEncryptionAlgorithm[" + i + "]=" + mAllowedEncryptionAlgorithm[i]); + } + + try { + mProfileSubsystem = (IProfileSubsystem) CMS.getSubsystem("profile"); + mProfileId = sc.getInitParameter("profileId"); + CMS.debug("CRSEnrollment: init: mProfileId=" + mProfileId); + + mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + mAuthManagerName = sc.getInitParameter(PROP_CRSAUTHMGR); + mAppendDN = sc.getInitParameter(PROP_APPENDDN); + String tmp = sc.getInitParameter(PROP_CREATEENTRY); + if (tmp != null && tmp.trim().equalsIgnoreCase("true")) + mCreateEntry = true; + else + mCreateEntry = false; + tmp = sc.getInitParameter(PROP_FLATTENDN); + if (tmp != null && tmp.trim().equalsIgnoreCase("true")) + mFlattenDN = true; + else + mFlattenDN = false; + mEntryObjectclass = sc.getInitParameter(PROP_ENTRYOC); + if (mEntryObjectclass == null) + mEntryObjectclass = "cep"; + mSubstoreName = sc.getInitParameter(PROP_SUBSTORENAME); + if (mSubstoreName == null) + mSubstoreName = "default"; + } catch (Exception e) { + } + + OID_UNSTRUCTUREDNAME = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDNAME"); + OID_UNSTRUCTUREDADDRESS = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDADDRESS"); + OID_SERIALNUMBER = X500NameAttrMap.getDefault().getOid("SERIALNUMBER"); + + try { + mSHADigest = MessageDigest.getInstance("SHA1"); + } catch (NoSuchAlgorithmException e) { + } + + mRandom = new Random(); } - catch (NoSuchAlgorithmException e) { - } - - mRandom = new Random(); - } - - - /** - * - * Service a CRS Request. It all starts here. This is where the message from the - * router is processed - * - * @param httpReq The HttpServletRequest. - * @param httpResp The HttpServletResponse. - * - */ - public void service(HttpServletRequest httpReq, + + /** + * + * Service a CRS Request. It all starts here. This is where the message from + * the router is processed + * + * @param httpReq The HttpServletRequest. + * @param httpResp The HttpServletResponse. + * + */ + public void service(HttpServletRequest httpReq, HttpServletResponse httpResp) - throws ServletException - { - boolean running_state = CMS.isInRunningState(); - if (!running_state) - throw new ServletException( - "CMS server is not ready to serve."); + throws ServletException { + boolean running_state = CMS.isInRunningState(); + if (!running_state) + throw new ServletException( + "CMS server is not ready to serve."); String operation = null; - String message = null; + String message = null; mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm; - - + // Parse the URL from the HTTP Request. Split it up into // a structure which enables us to read the form elements IArgBlock input = CMS.createArgBlock(toHashtable(httpReq)); - - try { + + try { // Read in two form parameters - the router sets these - operation = (String)input.get(URL_OPERATION); + operation = (String) input.get(URL_OPERATION); CMS.debug("operation=" + operation); - message = (String)input.get(URL_MESSAGE); + message = (String) input.get(URL_MESSAGE); CMS.debug("message=" + message); - + if (!mEnabled) { CMS.debug("CRSEnrollment: SCEP support is disabled."); throw new ServletException("SCEP support is disabled."); @@ -366,55 +358,48 @@ protected IProfileSubsystem mProfileSubsystem = null; // 'operation' is mandatory. throw new ServletException("Bad request: operation missing from URL"); } - - /** - * the router can make two kinds of requests - * 1) simple request for CA cert - * 2) encoded, signed, enveloped request for anything else (PKIOperation) + + /** + * the router can make two kinds of requests 1) simple request for + * CA cert 2) encoded, signed, enveloped request for anything else + * (PKIOperation) */ - + if (operation.equals(OP_GETCACERT)) { - handleGetCACert(httpReq, httpResp); - } - else if (operation.equals(OP_PKIOPERATION)) { - String decodeMode = (String)input.get("decode"); + handleGetCACert(httpReq, httpResp); + } else if (operation.equals(OP_PKIOPERATION)) { + String decodeMode = (String) input.get("decode"); if (decodeMode == null || decodeMode.equals("false")) { - handlePKIOperation(httpReq, httpResp, message); + handlePKIOperation(httpReq, httpResp, message); } else { - decodePKIMessage(httpReq, httpResp, message); + decodePKIMessage(httpReq, httpResp, message); } - } - else { + } else { CMS.debug("Invalid operation " + operation); - throw new ServletException("unknown operation requested: "+operation); + throw new ServletException("unknown operation requested: " + operation); } - - } - catch (ServletException e) - { + + } catch (ServletException e) { CMS.debug("ServletException " + e); throw new ServletException(e.getMessage().toString()); + } catch (Exception e) { + CMS.debug("Service exception " + e); + log(ILogger.LL_FAILURE, e.getMessage()); } - catch (Exception e) - { - CMS.debug("Service exception " + e); - log(ILogger.LL_FAILURE,e.getMessage()); - } - + } /** - * Log a message to the system log + * Log a message to the system log */ - private void log(int level, String msg) { - + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - level, "CEP Enrollment: "+msg); + level, "CEP Enrollment: " + msg); } - private boolean isAlgorithmAllowed (String[] allowedAlgorithm, String algorithm) { + private boolean isAlgorithmAllowed(String[] allowedAlgorithm, String algorithm) { boolean allowed = false; if (algorithm != null && algorithm.length() > 0) { @@ -429,7 +414,7 @@ protected IProfileSubsystem mProfileSubsystem = null; } public IAuthToken authenticate(AuthCredentials credentials, IProfileAuthenticator authenticator, - HttpServletRequest request) throws EBaseException { + HttpServletRequest request) throws EBaseException { // build credential Enumeration<String> authNames = authenticator.getValueNames(); @@ -445,314 +430,301 @@ protected IProfileSubsystem mProfileSubsystem = null; credentials.set("clientHost", request.getRemoteHost()); IAuthToken authToken = authenticator.authenticate(credentials); if (authToken == null) { - return null; + return null; } SessionContext sc = SessionContext.getContext(); if (sc != null) { - sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); - String userid = authToken.getInString(IAuthToken.USER_ID); - if (userid != null) { - sc.put(SessionContext.USER_ID, userid); - } + sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); + String userid = authToken.getInString(IAuthToken.USER_ID); + if (userid != null) { + sc.put(SessionContext.USER_ID, userid); + } } return authToken; } - /** - * Return the CA certificate back to the requestor. - * This needs to be changed so that if the CA has a certificate chain, - * the whole thing should get packaged as a PKIMessage (degnerate PKCS7 - no - * signerInfo) - */ - - public void handleGetCACert(HttpServletRequest httpReq, - HttpServletResponse httpResp) - throws ServletException { - java.security.cert.X509Certificate[] chain = null; - - CertificateChain certChain = mAuthority.getCACertChain(); - - try { - if (certChain == null) { - throw new ServletException("Internal Error: cannot get CA Cert"); - } - - chain = certChain.getChain(); - - byte[] bytes = null; - - int i = 0; - String message = (String)httpReq.getParameter(URL_MESSAGE); - CMS.debug("handleGetCACert message=" + message); - if (message != null) { - try { - int j = Integer.parseInt(message); - if (j < chain.length) { - i = j; - } - } catch (NumberFormatException e1) { + /** + * Return the CA certificate back to the requestor. This needs to be changed + * so that if the CA has a certificate chain, the whole thing should get + * packaged as a PKIMessage (degnerate PKCS7 - no signerInfo) + */ + + public void handleGetCACert(HttpServletRequest httpReq, + HttpServletResponse httpResp) + throws ServletException { + java.security.cert.X509Certificate[] chain = null; + + CertificateChain certChain = mAuthority.getCACertChain(); + + try { + if (certChain == null) { + throw new ServletException("Internal Error: cannot get CA Cert"); + } + + chain = certChain.getChain(); + + byte[] bytes = null; + + int i = 0; + String message = (String) httpReq.getParameter(URL_MESSAGE); + CMS.debug("handleGetCACert message=" + message); + if (message != null) { + try { + int j = Integer.parseInt(message); + if (j < chain.length) { + i = j; + } + } catch (NumberFormatException e1) { + } + } + CMS.debug("handleGetCACert selected chain=" + i); + + if (mUseCA) { + bytes = chain[i].getEncoded(); + } else { + CryptoContext cx = new CryptoContext(); + bytes = cx.getSigningCert().getEncoded(); } - } - CMS.debug("handleGetCACert selected chain=" + i); - - if (mUseCA) { - bytes = chain[i].getEncoded(); - } else { - CryptoContext cx = new CryptoContext(); - bytes = cx.getSigningCert().getEncoded(); - } - - httpResp.setContentType("application/x-x509-ca-cert"); - - -// The following code may be used one day to encode -// the RA/CA cert chain for RA mode, but it will need some -// work. - - /****** - SET certs = new SET(); - for (int i=0; i<chain.length; i++) { - ANY cert = new ANY(chain[i].getEncoded()); - certs.addElement(cert); - } - - SignedData crsd = new SignedData( - new SET(), // empty set of digestAlgorithmID's - new ContentInfo( - new OBJECT_IDENTIFIER(new long[] {1,2,840,113549,1,7,1}), - null), //empty content - certs, - null, // no CRL's - new SET() // empty SignerInfos - ); - - ContentInfo wrap = new ContentInfo(ContentInfo.SIGNED_DATA, crsd); - - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - wrap.encode(baos); - - bytes = baos.toByteArray(); - - httpResp.setContentType("application/x-x509-ca-ra-cert"); - *****/ - - httpResp.setContentLength(bytes.length); - httpResp.getOutputStream().write(bytes); - httpResp.getOutputStream().flush(); - - CMS.debug("Output certificate chain:"); - CMS.debug(bytes); - } - catch (Exception e) { - CMS.debug("handleGetCACert exception " + e); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_SENDING_DER_ENCODE_CERT",e.getMessage())); - throw new ServletException("Failed sending DER encoded version of CA cert to client"); - } - - } - - public String getPasswordFromP10(PKCS10 p10) - { - PKCS10Attributes p10atts = p10.getAttributes(); - Enumeration<PKCS10Attribute> e = p10atts.getElements(); - - try { - while (e.hasMoreElements()) { - PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement(); - CertAttrSet attr = p10a.getAttributeValue(); - - if (attr.getName().equals(ChallengePassword.NAME)) { - if (attr.get(ChallengePassword.PASSWORD) != null) { - return (String)attr.get(ChallengePassword.PASSWORD); - } - } - } - } catch(Exception e1) { - // do nothing - } - return null; - } - - /** - * If the 'operation' is 'PKIOperation', the 'message' part of the URL is a - * PKIMessage structure. We decode it to see what type message it is. - */ - - /** - * Decodes the PKI message and return information to RA. - */ - public void decodePKIMessage(HttpServletRequest httpReq, + + httpResp.setContentType("application/x-x509-ca-cert"); + + // The following code may be used one day to encode + // the RA/CA cert chain for RA mode, but it will need some + // work. + + /****** + * SET certs = new SET(); for (int i=0; i<chain.length; i++) { ANY + * cert = new ANY(chain[i].getEncoded()); certs.addElement(cert); } + * + * SignedData crsd = new SignedData( new SET(), // empty set of + * digestAlgorithmID's new ContentInfo( new OBJECT_IDENTIFIER(new + * long[] {1,2,840,113549,1,7,1}), null), //empty content certs, + * null, // no CRL's new SET() // empty SignerInfos ); + * + * ContentInfo wrap = new ContentInfo(ContentInfo.SIGNED_DATA, + * crsd); + * + * ByteArrayOutputStream baos = new ByteArrayOutputStream(); + * wrap.encode(baos); + * + * bytes = baos.toByteArray(); + * + * httpResp.setContentType("application/x-x509-ca-ra-cert"); + *****/ + + httpResp.setContentLength(bytes.length); + httpResp.getOutputStream().write(bytes); + httpResp.getOutputStream().flush(); + + CMS.debug("Output certificate chain:"); + CMS.debug(bytes); + } catch (Exception e) { + CMS.debug("handleGetCACert exception " + e); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_SENDING_DER_ENCODE_CERT", e.getMessage())); + throw new ServletException("Failed sending DER encoded version of CA cert to client"); + } + + } + + public String getPasswordFromP10(PKCS10 p10) { + PKCS10Attributes p10atts = p10.getAttributes(); + Enumeration<PKCS10Attribute> e = p10atts.getElements(); + + try { + while (e.hasMoreElements()) { + PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement(); + CertAttrSet attr = p10a.getAttributeValue(); + + if (attr.getName().equals(ChallengePassword.NAME)) { + if (attr.get(ChallengePassword.PASSWORD) != null) { + return (String) attr.get(ChallengePassword.PASSWORD); + } + } + } + } catch (Exception e1) { + // do nothing + } + return null; + } + + /** + * If the 'operation' is 'PKIOperation', the 'message' part of the URL is a + * PKIMessage structure. We decode it to see what type message it is. + */ + + /** + * Decodes the PKI message and return information to RA. + */ + public void decodePKIMessage(HttpServletRequest httpReq, HttpServletResponse httpResp, String msg) - throws ServletException { - - CryptoContext cx=null; - - CRSPKIMessage req=null; - - byte[] decodedPKIMessage; - byte[] response=null; - String responseData = ""; - - decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg); - - try { - ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage); - - // We make two CRSPKIMessages. One of them, is the request, so we initialize - // it from the DER given to us from the router. - // The second is the response, and we'll fill this in as we go. - - if (decodedPKIMessage.length < 50) { - throw new ServletException("CRS request is too small to be a real request ("+ - decodedPKIMessage.length+" bytes)"); - } - try { - req = new CRSPKIMessage(is); - String ea = req.getEncryptionAlgorithm(); - if (!isAlgorithmAllowed (mAllowedEncryptionAlgorithm, ea)) { - CMS.debug("CRSEnrollment: decodePKIMessage: Encryption algorithm '"+ea+ - "' is not allowed ("+mEncryptionAlgorithmList+")."); - throw new ServletException("Encryption algorithm '"+ea+ - "' is not allowed ("+mEncryptionAlgorithmList+")."); + throws ServletException { + + CryptoContext cx = null; + + CRSPKIMessage req = null; + + byte[] decodedPKIMessage; + byte[] response = null; + String responseData = ""; + + decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg); + + try { + ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage); + + // We make two CRSPKIMessages. One of them, is the request, so we + // initialize + // it from the DER given to us from the router. + // The second is the response, and we'll fill this in as we go. + + if (decodedPKIMessage.length < 50) { + throw new ServletException("CRS request is too small to be a real request (" + + decodedPKIMessage.length + " bytes)"); + } + try { + req = new CRSPKIMessage(is); + String ea = req.getEncryptionAlgorithm(); + if (!isAlgorithmAllowed(mAllowedEncryptionAlgorithm, ea)) { + CMS.debug("CRSEnrollment: decodePKIMessage: Encryption algorithm '" + ea + + "' is not allowed (" + mEncryptionAlgorithmList + ")."); + throw new ServletException("Encryption algorithm '" + ea + + "' is not allowed (" + mEncryptionAlgorithmList + ")."); + } + String da = req.getDigestAlgorithmName(); + if (!isAlgorithmAllowed(mAllowedHashAlgorithm, da)) { + CMS.debug("CRSEnrollment: decodePKIMessage: Hashing algorithm '" + da + + "' is not allowed (" + mHashAlgorithmList + ")."); + throw new ServletException("Hashing algorithm '" + da + + "' is not allowed (" + mHashAlgorithmList + ")."); + } + if (ea != null) { + mEncryptionAlgorithm = ea; + } + } catch (Exception e) { + CMS.debug(e); + throw new ServletException("Could not decode the request."); } - String da = req.getDigestAlgorithmName(); - if (!isAlgorithmAllowed (mAllowedHashAlgorithm, da)) { - CMS.debug("CRSEnrollment: decodePKIMessage: Hashing algorithm '"+da+ - "' is not allowed ("+mHashAlgorithmList+")."); - throw new ServletException("Hashing algorithm '"+da+ - "' is not allowed ("+mHashAlgorithmList+")."); + + // Create a new crypto context for doing all the crypto operations + cx = new CryptoContext(); + + // Verify Signature on message (throws exception if sig bad) + verifyRequest(req, cx); + unwrapPKCS10(req, cx); + + IProfile profile = mProfileSubsystem.getProfile(mProfileId); + if (profile == null) { + CMS.debug("Profile '" + mProfileId + "' not found."); + throw new ServletException("Profile '" + mProfileId + "' not found."); + } else { + CMS.debug("Found profile '" + mProfileId + "'."); } - if (ea != null) { - mEncryptionAlgorithm = ea; - } - } - catch (Exception e) { - CMS.debug(e); - throw new ServletException("Could not decode the request."); - } - - // Create a new crypto context for doing all the crypto operations - cx = new CryptoContext(); - - // Verify Signature on message (throws exception if sig bad) - verifyRequest(req,cx); - unwrapPKCS10(req,cx); - - IProfile profile = mProfileSubsystem.getProfile(mProfileId); - if (profile == null) { - CMS.debug("Profile '" + mProfileId + "' not found."); - throw new ServletException("Profile '" + mProfileId + "' not found."); - } else { - CMS.debug("Found profile '" + mProfileId + "'."); - } - - IProfileAuthenticator authenticator = null; - try { - CMS.debug("Retrieving authenticator"); - authenticator = profile.getAuthenticator(); - if (authenticator == null) { - CMS.debug("Authenticator not found."); - throw new ServletException("Authenticator not found."); - } else { - CMS.debug("Got authenticator=" + authenticator.getClass().getName()); - } - } catch (EProfileException e) { - throw new ServletException("Authenticator not found."); - } - AuthCredentials credentials = new AuthCredentials(); - IAuthToken authToken = null; - // for ssl authentication; pass in servlet for retrieving - // ssl client certificates - SessionContext context = SessionContext.getContext(); - - // insert profile context so that input parameter can be retrieved - context.put("sslClientCertProvider", new SSLClientCertProvider(httpReq)); - - try { - authToken = authenticate(credentials, authenticator, httpReq); - } catch (Exception e) { - CMS.debug("Authentication failure: "+ e.getMessage()); - throw new ServletException("Authentication failure: "+ e.getMessage()); - } - if (authToken == null) { - CMS.debug("Authentication failure."); - throw new ServletException("Authentication failure."); - } - - // Deal with Transaction ID - String transactionID = req.getTransactionID(); - responseData = responseData + - "<TransactionID>" + transactionID + "</TransactionID>"; - - // End-User or RA's IP address - responseData = responseData + - "<RemoteAddr>" + httpReq.getRemoteAddr() + "</RemoteAddr>"; - - responseData = responseData + - "<RemoteHost>" + httpReq.getRemoteHost() + "</RemoteHost>"; - - // Deal with Nonces - byte[] sn = req.getSenderNonce(); - - // Deal with message type - String mt = req.getMessageType(); - responseData = responseData + - "<MessageType>" + mt + "</MessageType>"; - - PKCS10 p10 = (PKCS10)req.getP10(); - X500Name p10subject = p10.getSubjectName(); - responseData = responseData + - "<SubjectName>" + p10subject.toString() + "</SubjectName>"; - - String pkcs10Attr = ""; - PKCS10Attributes p10atts = p10.getAttributes(); - Enumeration<PKCS10Attribute> e = p10atts.getElements(); - - while (e.hasMoreElements()) { - PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement(); - CertAttrSet attr = p10a.getAttributeValue(); - - - if (attr.getName().equals(ChallengePassword.NAME)) { - if (attr.get(ChallengePassword.PASSWORD) != null) { - pkcs10Attr = pkcs10Attr + - "<ChallengePassword><Password>" + (String)attr.get(ChallengePassword.PASSWORD) + "</Password></ChallengePassword>"; - } - - } - String extensionsStr = ""; - if (attr.getName().equals(ExtensionsRequested.NAME)) { - - Enumeration<Extension> exts = ((ExtensionsRequested)attr).getExtensions().elements(); - while (exts.hasMoreElements()) { - Extension ext = exts.nextElement(); - - if (ext.getExtensionId().equals( - OIDMap.getOID(SubjectAlternativeNameExtension.IDENT)) ) { - DerOutputStream dos = new DerOutputStream(); - SubjectAlternativeNameExtension sane = new SubjectAlternativeNameExtension( - Boolean.valueOf(false), // noncritical - ext.getExtensionValue()); - - - @SuppressWarnings("unchecked") - Vector<GeneralNameInterface> v = - (Vector<GeneralNameInterface>) sane.get(SubjectAlternativeNameExtension. SUBJECT_NAME); - - Enumeration<GeneralNameInterface> gne = v.elements(); + + IProfileAuthenticator authenticator = null; + try { + CMS.debug("Retrieving authenticator"); + authenticator = profile.getAuthenticator(); + if (authenticator == null) { + CMS.debug("Authenticator not found."); + throw new ServletException("Authenticator not found."); + } else { + CMS.debug("Got authenticator=" + authenticator.getClass().getName()); + } + } catch (EProfileException e) { + throw new ServletException("Authenticator not found."); + } + AuthCredentials credentials = new AuthCredentials(); + IAuthToken authToken = null; + // for ssl authentication; pass in servlet for retrieving + // ssl client certificates + SessionContext context = SessionContext.getContext(); + + // insert profile context so that input parameter can be retrieved + context.put("sslClientCertProvider", new SSLClientCertProvider(httpReq)); + + try { + authToken = authenticate(credentials, authenticator, httpReq); + } catch (Exception e) { + CMS.debug("Authentication failure: " + e.getMessage()); + throw new ServletException("Authentication failure: " + e.getMessage()); + } + if (authToken == null) { + CMS.debug("Authentication failure."); + throw new ServletException("Authentication failure."); + } + + // Deal with Transaction ID + String transactionID = req.getTransactionID(); + responseData = responseData + + "<TransactionID>" + transactionID + "</TransactionID>"; + + // End-User or RA's IP address + responseData = responseData + + "<RemoteAddr>" + httpReq.getRemoteAddr() + "</RemoteAddr>"; + + responseData = responseData + + "<RemoteHost>" + httpReq.getRemoteHost() + "</RemoteHost>"; + + // Deal with Nonces + byte[] sn = req.getSenderNonce(); + + // Deal with message type + String mt = req.getMessageType(); + responseData = responseData + + "<MessageType>" + mt + "</MessageType>"; + + PKCS10 p10 = (PKCS10) req.getP10(); + X500Name p10subject = p10.getSubjectName(); + responseData = responseData + + "<SubjectName>" + p10subject.toString() + "</SubjectName>"; + + String pkcs10Attr = ""; + PKCS10Attributes p10atts = p10.getAttributes(); + Enumeration<PKCS10Attribute> e = p10atts.getElements(); + + while (e.hasMoreElements()) { + PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement(); + CertAttrSet attr = p10a.getAttributeValue(); + + if (attr.getName().equals(ChallengePassword.NAME)) { + if (attr.get(ChallengePassword.PASSWORD) != null) { + pkcs10Attr = pkcs10Attr + + "<ChallengePassword><Password>" + (String) attr.get(ChallengePassword.PASSWORD) + "</Password></ChallengePassword>"; + } + + } + String extensionsStr = ""; + if (attr.getName().equals(ExtensionsRequested.NAME)) { + + Enumeration<Extension> exts = ((ExtensionsRequested) attr).getExtensions().elements(); + while (exts.hasMoreElements()) { + Extension ext = exts.nextElement(); + + if (ext.getExtensionId().equals( + OIDMap.getOID(SubjectAlternativeNameExtension.IDENT))) { + DerOutputStream dos = new DerOutputStream(); + SubjectAlternativeNameExtension sane = new SubjectAlternativeNameExtension( + Boolean.valueOf(false), // noncritical + ext.getExtensionValue()); + + @SuppressWarnings("unchecked") + Vector<GeneralNameInterface> v = + (Vector<GeneralNameInterface>) sane.get(SubjectAlternativeNameExtension.SUBJECT_NAME); + + Enumeration<GeneralNameInterface> gne = v.elements(); StringBuffer subjAltNameStr = new StringBuffer(); - while (gne.hasMoreElements()) { - GeneralNameInterface gni = gne.nextElement(); - if (gni instanceof GeneralName) { - GeneralName genName = (GeneralName) gni; + while (gne.hasMoreElements()) { + GeneralNameInterface gni = gne.nextElement(); + if (gni instanceof GeneralName) { + GeneralName genName = (GeneralName) gni; - String gn = genName.toString(); - int colon = gn.indexOf(':'); - String gnType = gn.substring(0,colon).trim(); - String gnValue = gn.substring(colon+1).trim(); + String gn = genName.toString(); + int colon = gn.indexOf(':'); + String gnType = gn.substring(0, colon).trim(); + String gnValue = gn.substring(colon + 1).trim(); subjAltNameStr.append("<"); subjAltNameStr.append(gnType); @@ -761,1453 +733,1398 @@ protected IProfileSubsystem mProfileSubsystem = null; subjAltNameStr.append("</"); subjAltNameStr.append(gnType); subjAltNameStr.append(">"); - } - } // while + } + } // while extensionsStr = "<SubjAltName>" + - subjAltNameStr.toString() + "</SubjAltName>"; - } // if - } // while - pkcs10Attr = pkcs10Attr + + subjAltNameStr.toString() + "</SubjAltName>"; + } // if + } // while + pkcs10Attr = pkcs10Attr + "<Extensions>" + extensionsStr + "</Extensions>"; - } // if extensions - } // while - responseData = responseData + - "<PKCS10>" + pkcs10Attr + "</PKCS10>"; - - } catch (ServletException e) { - throw new ServletException(e.getMessage().toString()); - } catch (CRSInvalidSignatureException e) { - CMS.debug("handlePKIMessage exception " + e); - CMS.debug(e); - } catch (Exception e) { - CMS.debug("handlePKIMessage exception " + e); - CMS.debug(e); - throw new ServletException("Failed to process message in CEP servlet: "+ e.getMessage()); - } - - // We have now processed the request, and need to make the response message - - try { - - responseData = "<XMLResponse>" + responseData + "</XMLResponse>"; - // Get the response coding - response = responseData.getBytes(); - - // Encode the httpResp into B64 - httpResp.setContentType("application/xml"); - httpResp.setContentLength(response.length); - httpResp.getOutputStream().write(response); - httpResp.getOutputStream().flush(); - - int i1 = responseData.indexOf("<Password>"); - if (i1 > -1) { - i1 += 10; // 10 is a length of "<Password>" - int i2 = responseData.indexOf("</Password>", i1); - if (i2 > -1) { - responseData = responseData.substring(0, i1) + "********" + + } // if extensions + } // while + responseData = responseData + + "<PKCS10>" + pkcs10Attr + "</PKCS10>"; + + } catch (ServletException e) { + throw new ServletException(e.getMessage().toString()); + } catch (CRSInvalidSignatureException e) { + CMS.debug("handlePKIMessage exception " + e); + CMS.debug(e); + } catch (Exception e) { + CMS.debug("handlePKIMessage exception " + e); + CMS.debug(e); + throw new ServletException("Failed to process message in CEP servlet: " + e.getMessage()); + } + + // We have now processed the request, and need to make the response + // message + + try { + + responseData = "<XMLResponse>" + responseData + "</XMLResponse>"; + // Get the response coding + response = responseData.getBytes(); + + // Encode the httpResp into B64 + httpResp.setContentType("application/xml"); + httpResp.setContentLength(response.length); + httpResp.getOutputStream().write(response); + httpResp.getOutputStream().flush(); + + int i1 = responseData.indexOf("<Password>"); + if (i1 > -1) { + i1 += 10; // 10 is a length of "<Password>" + int i2 = responseData.indexOf("</Password>", i1); + if (i2 > -1) { + responseData = responseData.substring(0, i1) + "********" + responseData.substring(i2, responseData.length()); - } - } - - CMS.debug("Output (decoding) PKIOperation response:"); - CMS.debug(responseData); - } - catch (Exception e) { - throw new ServletException("Failed to create response for CEP message"+e.getMessage()); - } - - } - - - /** - * finds a request with this transaction ID. - * If could not find any request - return null - * If could only find 'rejected' or 'cancelled' requests, return null - * If found 'pending' or 'completed' request - return that request - */ - - - public void handlePKIOperation(HttpServletRequest httpReq, + } + } + + CMS.debug("Output (decoding) PKIOperation response:"); + CMS.debug(responseData); + } catch (Exception e) { + throw new ServletException("Failed to create response for CEP message" + e.getMessage()); + } + + } + + /** + * finds a request with this transaction ID. If could not find any request - + * return null If could only find 'rejected' or 'cancelled' requests, return + * null If found 'pending' or 'completed' request - return that request + */ + + public void handlePKIOperation(HttpServletRequest httpReq, HttpServletResponse httpResp, String msg) - throws ServletException { - - - CryptoContext cx=null; - - CRSPKIMessage req=null; - CRSPKIMessage crsResp=null; - - byte[] decodedPKIMessage; - byte[] response=null; - X509CertImpl cert = null; - - decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg); - - try { - ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage); - - // We make two CRSPKIMessages. One of them, is the request, so we initialize - // it from the DER given to us from the router. - // The second is the response, and we'll fill this in as we go. - - if (decodedPKIMessage.length < 50) { - throw new ServletException("CRS request is too small to be a real request ("+ - decodedPKIMessage.length+" bytes)"); - } - try { - req = new CRSPKIMessage(is); - String ea = req.getEncryptionAlgorithm(); - if (!isAlgorithmAllowed (mAllowedEncryptionAlgorithm, ea)) { - CMS.debug("CRSEnrollment: handlePKIOperation: Encryption algorithm '"+ea+ - "' is not allowed ("+mEncryptionAlgorithmList+")."); - throw new ServletException("Encryption algorithm '"+ea+ - "' is not allowed ("+mEncryptionAlgorithmList+")."); + throws ServletException { + + CryptoContext cx = null; + + CRSPKIMessage req = null; + CRSPKIMessage crsResp = null; + + byte[] decodedPKIMessage; + byte[] response = null; + X509CertImpl cert = null; + + decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg); + + try { + ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage); + + // We make two CRSPKIMessages. One of them, is the request, so we + // initialize + // it from the DER given to us from the router. + // The second is the response, and we'll fill this in as we go. + + if (decodedPKIMessage.length < 50) { + throw new ServletException("CRS request is too small to be a real request (" + + decodedPKIMessage.length + " bytes)"); + } + try { + req = new CRSPKIMessage(is); + String ea = req.getEncryptionAlgorithm(); + if (!isAlgorithmAllowed(mAllowedEncryptionAlgorithm, ea)) { + CMS.debug("CRSEnrollment: handlePKIOperation: Encryption algorithm '" + ea + + "' is not allowed (" + mEncryptionAlgorithmList + ")."); + throw new ServletException("Encryption algorithm '" + ea + + "' is not allowed (" + mEncryptionAlgorithmList + ")."); + } + String da = req.getDigestAlgorithmName(); + if (!isAlgorithmAllowed(mAllowedHashAlgorithm, da)) { + CMS.debug("CRSEnrollment: handlePKIOperation: Hashing algorithm '" + da + + "' is not allowed (" + mHashAlgorithmList + ")."); + throw new ServletException("Hashing algorithm '" + da + + "' is not allowed (" + mHashAlgorithmList + ")."); + } + if (ea != null) { + mEncryptionAlgorithm = ea; + } + crsResp = new CRSPKIMessage(); + } catch (ServletException e) { + throw new ServletException(e.getMessage().toString()); + } catch (Exception e) { + CMS.debug(e); + throw new ServletException("Could not decode the request."); + } + crsResp.setMessageType(CRSPKIMessage.mType_CertRep); + + // Create a new crypto context for doing all the crypto operations + cx = new CryptoContext(); + + // Verify Signature on message (throws exception if sig bad) + verifyRequest(req, cx); + + // Deal with Transaction ID + String transactionID = req.getTransactionID(); + if (transactionID == null) { + throw new ServletException("Error: malformed PKIMessage - missing transactionID"); + } else { + crsResp.setTransactionID(transactionID); + } + + // Deal with Nonces + byte[] sn = req.getSenderNonce(); + if (sn == null) { + throw new ServletException("Error: malformed PKIMessage - missing sendernonce"); + } else { + if (mNonceSizeLimit > 0 && sn.length > mNonceSizeLimit) { + byte[] snLimited = (mNonceSizeLimit > 0) ? new byte[mNonceSizeLimit] : null; + System.arraycopy(sn, 0, snLimited, 0, mNonceSizeLimit); + crsResp.setRecipientNonce(snLimited); + } else { + crsResp.setRecipientNonce(sn); + } + byte[] serverNonce = new byte[16]; + mRandom.nextBytes(serverNonce); + crsResp.setSenderNonce(serverNonce); + // crsResp.setSenderNonce(new byte[] {0}); } - String da = req.getDigestAlgorithmName(); - if (!isAlgorithmAllowed (mAllowedHashAlgorithm, da)) { - CMS.debug("CRSEnrollment: handlePKIOperation: Hashing algorithm '"+da+ - "' is not allowed ("+mHashAlgorithmList+")."); - throw new ServletException("Hashing algorithm '"+da+ - "' is not allowed ("+mHashAlgorithmList+")."); + + // Deal with message type + String mt = req.getMessageType(); + if (mt == null) { + throw new ServletException("Error: malformed PKIMessage - missing messageType"); } - if (ea != null) { - mEncryptionAlgorithm = ea; - } - crsResp = new CRSPKIMessage(); - } - catch (ServletException e) { - throw new ServletException(e.getMessage().toString()); - } - catch (Exception e) { + + // now run appropriate code, depending on message type + if (mt.equals(CRSPKIMessage.mType_PKCSReq)) { + CMS.debug("Processing PKCSReq"); + try { + // Check if there is an existing request. If this returns + // non-null, + // then the request is 'active' (either pending or + // completed) in + // which case, we compare the hash of the new request to the + // hash of the + // one in the queue - if they are the same, I return the + // state of the + // original request - as if it was 'getCertInitial' message. + // If the hashes are different, then the user attempted to + // enroll + // for a new request with the same txid, which is not + // allowed - + // so we return 'failure'. + + IRequest cmsRequest = findRequestByTransactionID(req.getTransactionID(), true); + + // If there was no request (with a cert) with this + // transaction ID, + // process it as a new request + + cert = handlePKCSReq(httpReq, cmsRequest, req, crsResp, cx); + + } catch (CRSFailureException e) { + throw new ServletException("Couldn't handle CEP request (PKCSReq) - " + e.getMessage()); + } + } else if (mt.equals(CRSPKIMessage.mType_GetCertInitial)) { + CMS.debug("Processing GetCertInitial"); + cert = handleGetCertInitial(req, crsResp); + } else { + CMS.debug("Invalid request type " + mt); + } + } catch (ServletException e) { + throw new ServletException(e.getMessage().toString()); + } catch (CRSInvalidSignatureException e) { + CMS.debug("handlePKIMessage exception " + e); + CMS.debug(e); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); + } catch (Exception e) { + CMS.debug("handlePKIMessage exception " + e); CMS.debug(e); - throw new ServletException("Could not decode the request."); - } - crsResp.setMessageType(CRSPKIMessage.mType_CertRep); - - // Create a new crypto context for doing all the crypto operations - cx = new CryptoContext(); - - // Verify Signature on message (throws exception if sig bad) - verifyRequest(req,cx); - - // Deal with Transaction ID - String transactionID = req.getTransactionID(); - if (transactionID == null) { - throw new ServletException("Error: malformed PKIMessage - missing transactionID"); - } - else { - crsResp.setTransactionID(transactionID); - } - - // Deal with Nonces - byte[] sn = req.getSenderNonce(); - if (sn == null) { - throw new ServletException("Error: malformed PKIMessage - missing sendernonce"); - } - else { - if (mNonceSizeLimit > 0 && sn.length > mNonceSizeLimit) { - byte[] snLimited = (mNonceSizeLimit > 0)? new byte[mNonceSizeLimit]: null; - System.arraycopy(sn, 0, snLimited, 0, mNonceSizeLimit); - crsResp.setRecipientNonce(snLimited); - } else { - crsResp.setRecipientNonce(sn); - } - byte[] serverNonce = new byte[16]; - mRandom.nextBytes(serverNonce); - crsResp.setSenderNonce(serverNonce); - // crsResp.setSenderNonce(new byte[] {0}); - } - - // Deal with message type - String mt = req.getMessageType(); - if (mt == null) { - throw new ServletException("Error: malformed PKIMessage - missing messageType"); - } - - // now run appropriate code, depending on message type - if (mt.equals(CRSPKIMessage.mType_PKCSReq)) { - CMS.debug("Processing PKCSReq"); - try { - // Check if there is an existing request. If this returns non-null, - // then the request is 'active' (either pending or completed) in - // which case, we compare the hash of the new request to the hash of the - // one in the queue - if they are the same, I return the state of the - // original request - as if it was 'getCertInitial' message. - // If the hashes are different, then the user attempted to enroll - // for a new request with the same txid, which is not allowed - - // so we return 'failure'. - - IRequest cmsRequest= findRequestByTransactionID(req.getTransactionID(),true); - - // If there was no request (with a cert) with this transaction ID, - // process it as a new request - - cert = handlePKCSReq(httpReq, cmsRequest,req,crsResp,cx); - - } - catch (CRSFailureException e) { - throw new ServletException("Couldn't handle CEP request (PKCSReq) - "+e.getMessage()); - } - } - else if (mt.equals(CRSPKIMessage.mType_GetCertInitial)) { - CMS.debug("Processing GetCertInitial"); - cert = handleGetCertInitial(req,crsResp); - } else { - CMS.debug("Invalid request type " + mt); - } - } - catch (ServletException e) { - throw new ServletException(e.getMessage().toString()); - } - catch (CRSInvalidSignatureException e) { - CMS.debug("handlePKIMessage exception " + e); - CMS.debug(e); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); - } - catch (Exception e) { - CMS.debug("handlePKIMessage exception " + e); - CMS.debug(e); - throw new ServletException("Failed to process message in CEP servlet: "+ e.getMessage()); - } - - // We have now processed the request, and need to make the response message - - try { - // make the response - processCertRep(cx, cert,crsResp, req); - - // Get the response coding - response = crsResp.getResponse(); - - // Encode the crsResp into B64 - httpResp.setContentType("application/x-pki-message"); - httpResp.setContentLength(response.length); - httpResp.getOutputStream().write(response); - httpResp.getOutputStream().flush(); - - CMS.debug("Output PKIOperation response:"); - CMS.debug(CMS.BtoA(response)); - } - catch (Exception e) { - throw new ServletException("Failed to create response for CEP message"+e.getMessage()); - } - - } - - - /** - * finds a request with this transaction ID. - * If could not find any request - return null - * If could only find 'rejected' or 'cancelled' requests, return null - * If found 'pending' or 'completed' request - return that request - */ - - public IRequest findRequestByTransactionID(String txid, boolean ignoreRejected) - throws EBaseException { - - /* Check if certificate request has been completed */ - - IRequestQueue rq = ca.getRequestQueue(); - IRequest foundRequest = null; - - Enumeration<RequestId> rids = rq.findRequestsBySourceId(txid); - if (rids == null) { return null; } - - int count=0; - while (rids.hasMoreElements()) { - RequestId rid = rids.nextElement(); - if (rid == null) { - continue; - } - - IRequest request = rq.findRequest(rid); - if (request == null) { - continue; - } - if ( !ignoreRejected || - request.getRequestStatus().equals(RequestStatus.PENDING) || - request.getRequestStatus().equals(RequestStatus.COMPLETE)) { - if (foundRequest != null) { - } - foundRequest = request; - } - } - return foundRequest; - } - - /** - * Called if the router is requesting us to send it its certificate - * Examine request queue for a request matching the transaction ID. - * Ignore any rejected or cancelled requests. - * - * If a request is found in the pending state, the response should be - * 'pending' - * - * If a request is found in the completed state, the response should be - * to return the certificate - * - * If no request is found, the response should be to return null - * - */ - - public X509CertImpl handleGetCertInitial(CRSPKIMessage req,CRSPKIMessage resp) - { - IRequest foundRequest=null; - - // already done by handlePKIOperation - // resp.setRecipientNonce(req.getSenderNonce()); - // resp.setSenderNonce(null); - - try { - foundRequest = findRequestByTransactionID(req.getTransactionID(),false); - } catch (EBaseException e) { - } - - if (foundRequest == null) { - resp.setFailInfo(CRSPKIMessage.mFailInfo_badCertId); - resp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - return null; - } - - return makeResponseFromRequest(req,resp,foundRequest); - } - - - public void verifyRequest(CRSPKIMessage req, CryptoContext cx) - throws CRSInvalidSignatureException { - - // Get Signed Data - - byte[] reqAAbytes = req.getAA(); - byte[] reqAAsig = req.getAADigest(); - - } - - - /** - * Create an entry for this user in the publishing directory - * - */ - - private boolean createEntry(String dn) - { - boolean result = false; - - IPublisherProcessor ldapPub = mAuthority.getPublisherProcessor(); - if (ldapPub == null || !ldapPub.enabled()) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_CREATE_ENTRY_FROM_CEP")); - - return result; - } - - ILdapConnFactory connFactory = ((IPublisherProcessor)ldapPub).getLdapConnModule().getLdapConnFactory(); - if (connFactory == null) { - return result; - } - - LDAPConnection connection=null; - try { - connection = connFactory.getConn(); - String[] objectclasses = { "top", mEntryObjectclass }; - LDAPAttribute ocAttrs = new LDAPAttribute("objectclass",objectclasses); - - LDAPAttributeSet attrSet = new LDAPAttributeSet(); - attrSet.add(ocAttrs); - - LDAPEntry newEntry = new LDAPEntry(dn, attrSet); - connection.add(newEntry); - result=true; - } - catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAIL_CREAT_ENTRY_EXISTS",dn)); - } - finally { - try { - connFactory.returnConn(connection); - } - catch (Exception f) {} - } - return result; + throw new ServletException("Failed to process message in CEP servlet: " + e.getMessage()); + } + + // We have now processed the request, and need to make the response + // message + + try { + // make the response + processCertRep(cx, cert, crsResp, req); + + // Get the response coding + response = crsResp.getResponse(); + + // Encode the crsResp into B64 + httpResp.setContentType("application/x-pki-message"); + httpResp.setContentLength(response.length); + httpResp.getOutputStream().write(response); + httpResp.getOutputStream().flush(); + + CMS.debug("Output PKIOperation response:"); + CMS.debug(CMS.BtoA(response)); + } catch (Exception e) { + throw new ServletException("Failed to create response for CEP message" + e.getMessage()); + } + + } + + /** + * finds a request with this transaction ID. If could not find any request - + * return null If could only find 'rejected' or 'cancelled' requests, return + * null If found 'pending' or 'completed' request - return that request + */ + + public IRequest findRequestByTransactionID(String txid, boolean ignoreRejected) + throws EBaseException { + + /* Check if certificate request has been completed */ + + IRequestQueue rq = ca.getRequestQueue(); + IRequest foundRequest = null; + + Enumeration<RequestId> rids = rq.findRequestsBySourceId(txid); + if (rids == null) { + return null; + } + + int count = 0; + while (rids.hasMoreElements()) { + RequestId rid = rids.nextElement(); + if (rid == null) { + continue; + } + + IRequest request = rq.findRequest(rid); + if (request == null) { + continue; + } + if (!ignoreRejected || + request.getRequestStatus().equals(RequestStatus.PENDING) || + request.getRequestStatus().equals(RequestStatus.COMPLETE)) { + if (foundRequest != null) { + } + foundRequest = request; + } + } + return foundRequest; + } + + /** + * Called if the router is requesting us to send it its certificate Examine + * request queue for a request matching the transaction ID. Ignore any + * rejected or cancelled requests. + * + * If a request is found in the pending state, the response should be + * 'pending' + * + * If a request is found in the completed state, the response should be to + * return the certificate + * + * If no request is found, the response should be to return null + * + */ + + public X509CertImpl handleGetCertInitial(CRSPKIMessage req, CRSPKIMessage resp) { + IRequest foundRequest = null; + + // already done by handlePKIOperation + // resp.setRecipientNonce(req.getSenderNonce()); + // resp.setSenderNonce(null); + + try { + foundRequest = findRequestByTransactionID(req.getTransactionID(), false); + } catch (EBaseException e) { + } + + if (foundRequest == null) { + resp.setFailInfo(CRSPKIMessage.mFailInfo_badCertId); + resp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + return null; + } + + return makeResponseFromRequest(req, resp, foundRequest); + } + + public void verifyRequest(CRSPKIMessage req, CryptoContext cx) + throws CRSInvalidSignatureException { + + // Get Signed Data + + byte[] reqAAbytes = req.getAA(); + byte[] reqAAsig = req.getAADigest(); + } + /** + * Create an entry for this user in the publishing directory + * + */ + private boolean createEntry(String dn) { + boolean result = false; - /** - * Here we decrypt the PKCS10 message from the client - * - */ - - public void unwrapPKCS10(CRSPKIMessage req, CryptoContext cx) - throws ServletException, + IPublisherProcessor ldapPub = mAuthority.getPublisherProcessor(); + if (ldapPub == null || !ldapPub.enabled()) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_CREATE_ENTRY_FROM_CEP")); + + return result; + } + + ILdapConnFactory connFactory = ((IPublisherProcessor) ldapPub).getLdapConnModule().getLdapConnFactory(); + if (connFactory == null) { + return result; + } + + LDAPConnection connection = null; + try { + connection = connFactory.getConn(); + String[] objectclasses = { "top", mEntryObjectclass }; + LDAPAttribute ocAttrs = new LDAPAttribute("objectclass", objectclasses); + + LDAPAttributeSet attrSet = new LDAPAttributeSet(); + attrSet.add(ocAttrs); + + LDAPEntry newEntry = new LDAPEntry(dn, attrSet); + connection.add(newEntry); + result = true; + } catch (Exception e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAIL_CREAT_ENTRY_EXISTS", dn)); + } finally { + try { + connFactory.returnConn(connection); + } catch (Exception f) { + } + } + return result; + } + + /** + * Here we decrypt the PKCS10 message from the client + * + */ + + public void unwrapPKCS10(CRSPKIMessage req, CryptoContext cx) + throws ServletException, CryptoManager.NotInitializedException, - CryptoContext.CryptoContextException, + CryptoContext.CryptoContextException, CRSFailureException { - - byte[] decryptedP10bytes = null; - SymmetricKey sk; - SymmetricKey skinternal; - SymmetricKey.Type skt; - KeyWrapper kw; - Cipher cip; - EncryptionAlgorithm ea; - boolean errorInRequest = false; - - // Unwrap the session key with the Cert server key - try { - kw = cx.getKeyWrapper(); - - kw.initUnwrap(cx.getPrivateKey(),null); - - skt = SymmetricKey.Type.DES; - ea = EncryptionAlgorithm.DES_CBC; - if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) { - skt = SymmetricKey.Type.DES3; - ea = EncryptionAlgorithm.DES3_CBC; - } - - sk = kw.unwrapSymmetric(req.getWrappedKey(), + + byte[] decryptedP10bytes = null; + SymmetricKey sk; + SymmetricKey skinternal; + SymmetricKey.Type skt; + KeyWrapper kw; + Cipher cip; + EncryptionAlgorithm ea; + boolean errorInRequest = false; + + // Unwrap the session key with the Cert server key + try { + kw = cx.getKeyWrapper(); + + kw.initUnwrap(cx.getPrivateKey(), null); + + skt = SymmetricKey.Type.DES; + ea = EncryptionAlgorithm.DES_CBC; + if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) { + skt = SymmetricKey.Type.DES3; + ea = EncryptionAlgorithm.DES3_CBC; + } + + sk = kw.unwrapSymmetric(req.getWrappedKey(), skt, SymmetricKey.Usage.DECRYPT, - 0); // keylength is ignored - - skinternal = cx.getDESKeyGenerator().clone(sk); - - cip = skinternal.getOwningToken().getCipherContext(ea); - - cip.initDecrypt(skinternal,(new IVParameterSpec(req.getIV()))); - - decryptedP10bytes = cip.doFinal(req.getEncryptedPkcs10()); - CMS.debug("decryptedP10bytes:"); - CMS.debug(decryptedP10bytes); - - req.setP10(new PKCS10(decryptedP10bytes)); - } catch (Exception e) { - CMS.debug("failed to unwrap PKCS10 " + e); - throw new CRSFailureException("Could not unwrap PKCS10 blob: "+e.getMessage()); - } - - } - - - -private void getDetailFromRequest(CRSPKIMessage req, CRSPKIMessage crsResp) - throws CRSFailureException { - - IRequest issueReq = null; - X509CertImpl issuedCert=null; - SubjectAlternativeNameExtension sane = null; - CertAttrSet requested_ext = null; - - try { - PKCS10 p10 = req.getP10(); - - if (p10 == null) { - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - throw new CRSFailureException("Failed to decode pkcs10 from CEP request"); - } - - AuthCredentials authCreds = new AuthCredentials(); - - String challengePassword = null; - // Here, we make a new CertInfo - it's a new start for a certificate - - X509CertInfo certInfo = CMS.getDefaultX509CertInfo(); - - // get some stuff out of the request - X509Key key = p10.getSubjectPublicKeyInfo(); - X500Name p10subject = p10.getSubjectName(); - - X500Name subject=null; - - // The following code will copy all the attributes - // into the AuthCredentials so they can be used for - // authentication - // - // Optionally, you can re-map the subject name from: - // one RDN, with many AVA's to - // many RDN's with one AVA in each. - - Enumeration<RDN> rdne = p10subject.getRDNs(); - Vector<RDN> rdnv = new Vector<RDN>(); - - Hashtable<String, String> sanehash = new Hashtable<String, String>(); - - X500NameAttrMap xnap = X500NameAttrMap.getDefault(); - while (rdne.hasMoreElements()) { - RDN rdn = (RDN) rdne.nextElement(); - int i=0; - AVA[] oldavas = rdn.getAssertion(); - for (i=0; i<rdn.getAssertionLength(); i++) { - AVA[] newavas = new AVA[1]; - newavas[0] = oldavas[i]; - - authCreds.set(xnap.getName(oldavas[i].getOid()), - oldavas[i].getValue().getAsString()); - - if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDNAME)) { - - sanehash.put(SANE_DNSNAME,oldavas[i].getValue().getAsString()); - } - if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDADDRESS)) { - sanehash.put(SANE_IPADDRESS,oldavas[i].getValue().getAsString()); - } - - RDN newrdn = new RDN(newavas); - if (mFlattenDN) { - rdnv.addElement(newrdn); - } - } - } - - if (mFlattenDN) subject = new X500Name(rdnv); - else subject = p10subject; - - - // create default key usage extension - KeyUsageExtension kue = new KeyUsageExtension(); - kue.set(KeyUsageExtension.DIGITAL_SIGNATURE, Boolean.valueOf(true)); - kue.set(KeyUsageExtension.KEY_ENCIPHERMENT, Boolean.valueOf(true)); - - - PKCS10Attributes p10atts = p10.getAttributes(); - Enumeration<PKCS10Attribute> e = p10atts.getElements(); - - while (e.hasMoreElements()) { - PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement(); - CertAttrSet attr = p10a.getAttributeValue(); - - - if (attr.getName().equals(ChallengePassword.NAME)) { - if (attr.get(ChallengePassword.PASSWORD) != null) { - req.put(AUTH_PASSWORD, - (String)attr.get(ChallengePassword.PASSWORD)); - req.put(ChallengePassword.NAME, - hashPassword( - (String)attr.get(ChallengePassword.PASSWORD))); - } - } - - if (attr.getName().equals(ExtensionsRequested.NAME)) { - - Enumeration<Extension> exts = ((ExtensionsRequested)attr).getExtensions().elements(); - while (exts.hasMoreElements()) { - Extension ext = exts.nextElement(); - - if (ext.getExtensionId().equals( - OIDMap.getOID(KeyUsageExtension.IDENT)) ) { - - kue = new KeyUsageExtension( - new Boolean(false), // noncritical - ext.getExtensionValue()); - } - - if (ext.getExtensionId().equals( - OIDMap.getOID(SubjectAlternativeNameExtension.IDENT)) ) { - DerOutputStream dos = new DerOutputStream(); - sane = new SubjectAlternativeNameExtension( - new Boolean(false), // noncritical - ext.getExtensionValue()); - - - @SuppressWarnings("unchecked") - Vector<GeneralNameInterface> v = - (Vector<GeneralNameInterface>) sane.get(SubjectAlternativeNameExtension. SUBJECT_NAME); - - Enumeration<GeneralNameInterface> gne = v.elements(); - - while (gne.hasMoreElements()) { - GeneralNameInterface gni = (GeneralNameInterface) gne.nextElement(); - if (gni instanceof GeneralName) { - GeneralName genName = (GeneralName) gni; - - String gn = genName.toString(); - int colon = gn.indexOf(':'); - String gnType = gn.substring(0,colon).trim(); - String gnValue = gn.substring(colon+1).trim(); - - authCreds.set(gnType,gnValue); - } - } - } - } - } - } - - if (authCreds != null) req.put(AUTH_CREDS,authCreds); - - try { - if (sane == null) sane = makeDefaultSubjectAltName(sanehash); - } catch (Exception sane_e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME", - sane_e.getMessage())); - } - - - - try { - if (mAppendDN != null && ! mAppendDN.equals("")) { - - X500Name newSubject = new X500Name(subject.toString()); - subject = new X500Name( subject.toString().concat(","+mAppendDN)); - } - - } catch (Exception sne) { - log(ILogger.LL_INFO, "Unable to use appendDN parameter: "+mAppendDN+". Error is "+sne.getMessage()+" Using unmodified subjectname"); - } - - if (subject != null) req.put(SUBJECTNAME, subject); - - if (key == null || subject == null) { - // log - //throw new ERegistrationException(RegistrationResources.ERROR_MALFORMED_P10); - } - - - - certInfo.set(X509CertInfo.VERSION, + 0); // keylength is ignored + + skinternal = cx.getDESKeyGenerator().clone(sk); + + cip = skinternal.getOwningToken().getCipherContext(ea); + + cip.initDecrypt(skinternal, (new IVParameterSpec(req.getIV()))); + + decryptedP10bytes = cip.doFinal(req.getEncryptedPkcs10()); + CMS.debug("decryptedP10bytes:"); + CMS.debug(decryptedP10bytes); + + req.setP10(new PKCS10(decryptedP10bytes)); + } catch (Exception e) { + CMS.debug("failed to unwrap PKCS10 " + e); + throw new CRSFailureException("Could not unwrap PKCS10 blob: " + e.getMessage()); + } + + } + + private void getDetailFromRequest(CRSPKIMessage req, CRSPKIMessage crsResp) + throws CRSFailureException { + + IRequest issueReq = null; + X509CertImpl issuedCert = null; + SubjectAlternativeNameExtension sane = null; + CertAttrSet requested_ext = null; + + try { + PKCS10 p10 = req.getP10(); + + if (p10 == null) { + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + throw new CRSFailureException("Failed to decode pkcs10 from CEP request"); + } + + AuthCredentials authCreds = new AuthCredentials(); + + String challengePassword = null; + // Here, we make a new CertInfo - it's a new start for a certificate + + X509CertInfo certInfo = CMS.getDefaultX509CertInfo(); + + // get some stuff out of the request + X509Key key = p10.getSubjectPublicKeyInfo(); + X500Name p10subject = p10.getSubjectName(); + + X500Name subject = null; + + // The following code will copy all the attributes + // into the AuthCredentials so they can be used for + // authentication + // + // Optionally, you can re-map the subject name from: + // one RDN, with many AVA's to + // many RDN's with one AVA in each. + + Enumeration<RDN> rdne = p10subject.getRDNs(); + Vector<RDN> rdnv = new Vector<RDN>(); + + Hashtable<String, String> sanehash = new Hashtable<String, String>(); + + X500NameAttrMap xnap = X500NameAttrMap.getDefault(); + while (rdne.hasMoreElements()) { + RDN rdn = (RDN) rdne.nextElement(); + int i = 0; + AVA[] oldavas = rdn.getAssertion(); + for (i = 0; i < rdn.getAssertionLength(); i++) { + AVA[] newavas = new AVA[1]; + newavas[0] = oldavas[i]; + + authCreds.set(xnap.getName(oldavas[i].getOid()), + oldavas[i].getValue().getAsString()); + + if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDNAME)) { + + sanehash.put(SANE_DNSNAME, oldavas[i].getValue().getAsString()); + } + if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDADDRESS)) { + sanehash.put(SANE_IPADDRESS, oldavas[i].getValue().getAsString()); + } + + RDN newrdn = new RDN(newavas); + if (mFlattenDN) { + rdnv.addElement(newrdn); + } + } + } + + if (mFlattenDN) + subject = new X500Name(rdnv); + else + subject = p10subject; + + // create default key usage extension + KeyUsageExtension kue = new KeyUsageExtension(); + kue.set(KeyUsageExtension.DIGITAL_SIGNATURE, Boolean.valueOf(true)); + kue.set(KeyUsageExtension.KEY_ENCIPHERMENT, Boolean.valueOf(true)); + + PKCS10Attributes p10atts = p10.getAttributes(); + Enumeration<PKCS10Attribute> e = p10atts.getElements(); + + while (e.hasMoreElements()) { + PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement(); + CertAttrSet attr = p10a.getAttributeValue(); + + if (attr.getName().equals(ChallengePassword.NAME)) { + if (attr.get(ChallengePassword.PASSWORD) != null) { + req.put(AUTH_PASSWORD, + (String) attr.get(ChallengePassword.PASSWORD)); + req.put(ChallengePassword.NAME, + hashPassword( + (String) attr.get(ChallengePassword.PASSWORD))); + } + } + + if (attr.getName().equals(ExtensionsRequested.NAME)) { + + Enumeration<Extension> exts = ((ExtensionsRequested) attr).getExtensions().elements(); + while (exts.hasMoreElements()) { + Extension ext = exts.nextElement(); + + if (ext.getExtensionId().equals( + OIDMap.getOID(KeyUsageExtension.IDENT))) { + + kue = new KeyUsageExtension( + new Boolean(false), // noncritical + ext.getExtensionValue()); + } + + if (ext.getExtensionId().equals( + OIDMap.getOID(SubjectAlternativeNameExtension.IDENT))) { + DerOutputStream dos = new DerOutputStream(); + sane = new SubjectAlternativeNameExtension( + new Boolean(false), // noncritical + ext.getExtensionValue()); + + @SuppressWarnings("unchecked") + Vector<GeneralNameInterface> v = + (Vector<GeneralNameInterface>) sane.get(SubjectAlternativeNameExtension.SUBJECT_NAME); + + Enumeration<GeneralNameInterface> gne = v.elements(); + + while (gne.hasMoreElements()) { + GeneralNameInterface gni = (GeneralNameInterface) gne.nextElement(); + if (gni instanceof GeneralName) { + GeneralName genName = (GeneralName) gni; + + String gn = genName.toString(); + int colon = gn.indexOf(':'); + String gnType = gn.substring(0, colon).trim(); + String gnValue = gn.substring(colon + 1).trim(); + + authCreds.set(gnType, gnValue); + } + } + } + } + } + } + + if (authCreds != null) + req.put(AUTH_CREDS, authCreds); + + try { + if (sane == null) + sane = makeDefaultSubjectAltName(sanehash); + } catch (Exception sane_e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME", + sane_e.getMessage())); + } + + try { + if (mAppendDN != null && !mAppendDN.equals("")) { + + X500Name newSubject = new X500Name(subject.toString()); + subject = new X500Name(subject.toString().concat("," + mAppendDN)); + } + + } catch (Exception sne) { + log(ILogger.LL_INFO, "Unable to use appendDN parameter: " + mAppendDN + ". Error is " + sne.getMessage() + " Using unmodified subjectname"); + } + + if (subject != null) + req.put(SUBJECTNAME, subject); + + if (key == null || subject == null) { + // log + // throw new + // ERegistrationException(RegistrationResources.ERROR_MALFORMED_P10); + } + + certInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3)); - - certInfo.set(X509CertInfo.SUBJECT, + + certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(subject)); - - certInfo.set(X509CertInfo.KEY, + + certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); - - CertificateExtensions ext = new CertificateExtensions(); - - if (kue != null) { - ext.set(KeyUsageExtension.class.getSimpleName(), kue); - } - - // add subjectAltName extension, if present - if (sane != null) { - ext.set(SubjectAlternativeNameExtension.class.getSimpleName(), sane); - } - - certInfo.set(X509CertInfo.EXTENSIONS,ext); - - req.put(CERTINFO, certInfo); - } catch (Exception e) { - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - return ; - } // NEED TO FIX - } - - - private SubjectAlternativeNameExtension makeDefaultSubjectAltName(Hashtable<String, String> ht) { - - // if no subjectaltname extension was requested, we try to make it up - // from some of the elements of the subject name - - int itemCount = ht.size(); - GeneralNameInterface[] gn = new GeneralNameInterface[ht.size()]; - - itemCount = 0; - Enumeration<String> en = ht.keys(); - while (en.hasMoreElements()) { - String key = (String) en.nextElement(); - if (key.equals(SANE_DNSNAME)) { - gn[itemCount++] = new DNSName((String)ht.get(key)); - } - if (key.equals(SANE_IPADDRESS)) { - gn[itemCount++] = new IPAddressName((String)ht.get(key)); + + CertificateExtensions ext = new CertificateExtensions(); + + if (kue != null) { + ext.set(KeyUsageExtension.class.getSimpleName(), kue); + } + + // add subjectAltName extension, if present + if (sane != null) { + ext.set(SubjectAlternativeNameExtension.class.getSimpleName(), sane); + } + + certInfo.set(X509CertInfo.EXTENSIONS, ext); + + req.put(CERTINFO, certInfo); + } catch (Exception e) { + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + return; + } // NEED TO FIX + } + + private SubjectAlternativeNameExtension makeDefaultSubjectAltName(Hashtable<String, String> ht) { + + // if no subjectaltname extension was requested, we try to make it up + // from some of the elements of the subject name + + int itemCount = ht.size(); + GeneralNameInterface[] gn = new GeneralNameInterface[ht.size()]; + + itemCount = 0; + Enumeration<String> en = ht.keys(); + while (en.hasMoreElements()) { + String key = (String) en.nextElement(); + if (key.equals(SANE_DNSNAME)) { + gn[itemCount++] = new DNSName((String) ht.get(key)); + } + if (key.equals(SANE_IPADDRESS)) { + gn[itemCount++] = new IPAddressName((String) ht.get(key)); + } + } + + try { + return new SubjectAlternativeNameExtension(new GeneralNames(gn)); + } catch (Exception e) { + log(ILogger.LL_INFO, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME", + e.getMessage())); + return null; } } - try { - return new SubjectAlternativeNameExtension( new GeneralNames(gn) ); - } catch (Exception e) { - log(ILogger.LL_INFO, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME", - e.getMessage())); - return null; - } - } - - - - // Perform authentication - - /* - * if the authentication is set up for CEP, and the user provides - * some credential, an attempt is made to authenticate the user - * If this fails, this method will return true - * If it is sucessful, this method will return true and - * an authtoken will be in the request - * - * If authentication is not configured, this method will - * return false. The request will be processed in the usual - * way, but no authtoken will be in the request. - * - * In other word, this method returns true if the request - * should be aborted, false otherwise. - */ - - private boolean authenticateUser(CRSPKIMessage req) { - boolean authenticationFailed = true; - - if (mAuthManagerName == null) { - return false; - } - - String password = (String)req.get(AUTH_PASSWORD); - - AuthCredentials authCreds = (AuthCredentials)req.get(AUTH_CREDS); - - if (authCreds == null) { - authCreds = new AuthCredentials(); - } - - // authtoken starts as null - AuthToken token = null; - - if (password != null && !password.equals("")) { - try { - authCreds.set(AUTH_PASSWORD,password); - } catch (Exception e) {} - } - + // Perform authentication + + /* + * if the authentication is set up for CEP, and the user provides some + * credential, an attempt is made to authenticate the user If this fails, + * this method will return true If it is sucessful, this method will return + * true and an authtoken will be in the request + * + * If authentication is not configured, this method will return false. The + * request will be processed in the usual way, but no authtoken will be in + * the request. + * + * In other word, this method returns true if the request should be aborted, + * false otherwise. + */ - try { - token = (AuthToken)mAuthSubsystem.authenticate(authCreds,mAuthManagerName); - authCreds.delete(AUTH_PASSWORD); - // if we got here, the authenticate call must not have thrown - // an exception - authenticationFailed = false; - } - catch (EInvalidCredentials ex) { - // Invalid credentials - we must reject the request - authenticationFailed = true; - } - catch (EMissingCredential mc) { - // Misssing credential - we'll log, and process manually - authenticationFailed = false; - } - catch (EBaseException ex) { - // If there's some other error, we'll reject - // So, we just continue on, - AUTH_TOKEN will not be set. - } - - if (token != null) { - req.put(AUTH_TOKEN,token); - } - - return authenticationFailed; - } - - private boolean areFingerprintsEqual(IRequest req, Hashtable<String, byte[]> fingerprints) - { - - Hashtable<String, Object> old_fprints = req.getExtDataInHashtable(IRequest.FINGERPRINTS); - if (old_fprints == null) { return false; } - - byte[] old_md5 = CMS.AtoB((String) old_fprints.get("MD5")); - byte[] new_md5 = (byte[]) fingerprints.get("MD5"); - - if (old_md5.length != new_md5.length) return false; - - for (int i=0;i<old_md5.length; i++) { - if (old_md5[i] != new_md5[i]) return false; - } - return true; - } - - public X509CertImpl handlePKCSReq(HttpServletRequest httpReq, - IRequest cmsRequest, CRSPKIMessage req, - CRSPKIMessage crsResp, CryptoContext cx) - throws ServletException, + private boolean authenticateUser(CRSPKIMessage req) { + boolean authenticationFailed = true; + + if (mAuthManagerName == null) { + return false; + } + + String password = (String) req.get(AUTH_PASSWORD); + + AuthCredentials authCreds = (AuthCredentials) req.get(AUTH_CREDS); + + if (authCreds == null) { + authCreds = new AuthCredentials(); + } + + // authtoken starts as null + AuthToken token = null; + + if (password != null && !password.equals("")) { + try { + authCreds.set(AUTH_PASSWORD, password); + } catch (Exception e) { + } + } + + try { + token = (AuthToken) mAuthSubsystem.authenticate(authCreds, mAuthManagerName); + authCreds.delete(AUTH_PASSWORD); + // if we got here, the authenticate call must not have thrown + // an exception + authenticationFailed = false; + } catch (EInvalidCredentials ex) { + // Invalid credentials - we must reject the request + authenticationFailed = true; + } catch (EMissingCredential mc) { + // Misssing credential - we'll log, and process manually + authenticationFailed = false; + } catch (EBaseException ex) { + // If there's some other error, we'll reject + // So, we just continue on, - AUTH_TOKEN will not be set. + } + + if (token != null) { + req.put(AUTH_TOKEN, token); + } + + return authenticationFailed; + } + + private boolean areFingerprintsEqual(IRequest req, Hashtable<String, byte[]> fingerprints) { + + Hashtable<String, Object> old_fprints = req.getExtDataInHashtable(IRequest.FINGERPRINTS); + if (old_fprints == null) { + return false; + } + + byte[] old_md5 = CMS.AtoB((String) old_fprints.get("MD5")); + byte[] new_md5 = (byte[]) fingerprints.get("MD5"); + + if (old_md5.length != new_md5.length) + return false; + + for (int i = 0; i < old_md5.length; i++) { + if (old_md5[i] != new_md5[i]) + return false; + } + return true; + } + + public X509CertImpl handlePKCSReq(HttpServletRequest httpReq, + IRequest cmsRequest, CRSPKIMessage req, + CRSPKIMessage crsResp, CryptoContext cx) + throws ServletException, CryptoManager.NotInitializedException, CRSFailureException { - try { - unwrapPKCS10(req,cx); - Hashtable<String, byte[]> fingerprints = makeFingerPrints(req); - - if (cmsRequest != null) { - if (areFingerprintsEqual(cmsRequest, fingerprints)) { - CMS.debug("created response from request"); - return makeResponseFromRequest(req,crsResp,cmsRequest); - } - else { - CMS.debug("duplicated transaction id"); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_DUP_TRANS_ID")); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - return null; - } - } - - getDetailFromRequest(req,crsResp); - boolean authFailed = authenticateUser(req); - - if (authFailed) { - CMS.debug("authentication failed"); - log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_AUTH")); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badIdentity); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - - - // perform audit log - String auditMessage = CMS.getLogMessage( + try { + unwrapPKCS10(req, cx); + Hashtable<String, byte[]> fingerprints = makeFingerPrints(req); + + if (cmsRequest != null) { + if (areFingerprintsEqual(cmsRequest, fingerprints)) { + CMS.debug("created response from request"); + return makeResponseFromRequest(req, crsResp, cmsRequest); + } else { + CMS.debug("duplicated transaction id"); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_DUP_TRANS_ID")); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + return null; + } + } + + getDetailFromRequest(req, crsResp); + boolean authFailed = authenticateUser(req); + + if (authFailed) { + CMS.debug("authentication failed"); + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_AUTH")); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badIdentity); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + + // perform audit log + String auditMessage = CMS.getLogMessage( "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5", httpReq.getRemoteAddr(), ILogger.FAILURE, req.getTransactionID(), "CRSEnrollment", ILogger.SIGNED_AUDIT_EMPTY_VALUE); - ILogger signedAuditLogger = CMS.getSignedAuditLogger(); - if (signedAuditLogger != null) { - signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, auditMessage); - } - - return null; - } - else { - IRequest ireq = postRequest(httpReq, req,crsResp); - - - CMS.debug("created response"); - return makeResponseFromRequest(req,crsResp, ireq); - } - } catch (CryptoContext.CryptoContextException e) { - CMS.debug("failed to decrypt the request " + e); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_DECRYPT_PKCS10", - e.getMessage())); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - } catch (EBaseException e) { - CMS.debug("operation failure - " + e); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERNOLL_FAIL_NO_NEW_REQUEST_POSTED", - e.getMessage())); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_internalCAError); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - } - return null; - } - - -////// post the request - -/* - needed: - - token (authtoken) - certInfo - fingerprints x - req.transactionID - crsResp -*/ - -private IRequest postRequest(HttpServletRequest httpReq, CRSPKIMessage req, CRSPKIMessage crsResp) -throws EBaseException { - X500Name subject = (X500Name)req.get(SUBJECTNAME); - - if (mCreateEntry) { - if (subject == null) { - CMS.debug( "CRSEnrollment::postRequest() - subject is null!" ); - return null; - } - createEntry(subject.toString()); - } - - // use profile framework to handle SCEP - if (mProfileId != null) { - PKCS10 pkcs10data = req.getP10(); - String pkcs10blob = CMS.BtoA(pkcs10data.toByteArray()); - - // XXX authentication handling - CMS.debug("Found profile=" + mProfileId); - IProfile profile = mProfileSubsystem.getProfile(mProfileId); - if (profile == null) { - CMS.debug("profile " + mProfileId + " not found"); - return null; - } - IProfileContext ctx = profile.createContext(); - - IProfileAuthenticator authenticator = null; - try { - CMS.debug("Retrieving authenticator"); - authenticator = profile.getAuthenticator(); + ILogger signedAuditLogger = CMS.getSignedAuditLogger(); + if (signedAuditLogger != null) { + signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, + null, ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, auditMessage); + } + + return null; + } else { + IRequest ireq = postRequest(httpReq, req, crsResp); + + CMS.debug("created response"); + return makeResponseFromRequest(req, crsResp, ireq); + } + } catch (CryptoContext.CryptoContextException e) { + CMS.debug("failed to decrypt the request " + e); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_DECRYPT_PKCS10", + e.getMessage())); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + } catch (EBaseException e) { + CMS.debug("operation failure - " + e); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERNOLL_FAIL_NO_NEW_REQUEST_POSTED", + e.getMessage())); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_internalCAError); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + } + return null; + } + + // //// post the request + + /* + * needed: + * + * token (authtoken) certInfo fingerprints x req.transactionID crsResp + */ + + private IRequest postRequest(HttpServletRequest httpReq, CRSPKIMessage req, CRSPKIMessage crsResp) + throws EBaseException { + X500Name subject = (X500Name) req.get(SUBJECTNAME); + + if (mCreateEntry) { + if (subject == null) { + CMS.debug("CRSEnrollment::postRequest() - subject is null!"); + return null; + } + createEntry(subject.toString()); + } + + // use profile framework to handle SCEP + if (mProfileId != null) { + PKCS10 pkcs10data = req.getP10(); + String pkcs10blob = CMS.BtoA(pkcs10data.toByteArray()); + + // XXX authentication handling + CMS.debug("Found profile=" + mProfileId); + IProfile profile = mProfileSubsystem.getProfile(mProfileId); + if (profile == null) { + CMS.debug("profile " + mProfileId + " not found"); + return null; + } + IProfileContext ctx = profile.createContext(); + + IProfileAuthenticator authenticator = null; + try { + CMS.debug("Retrieving authenticator"); + authenticator = profile.getAuthenticator(); + if (authenticator == null) { + CMS.debug("No authenticator Found"); + } else { + CMS.debug("Got authenticator=" + authenticator.getClass().getName()); + } + } catch (EProfileException e) { + // authenticator not installed correctly + } + + IAuthToken authToken = null; + + // for ssl authentication; pass in servlet for retrieving + // ssl client certificates + SessionContext context = SessionContext.getContext(); + + // insert profile context so that input parameter can be retrieved + context.put("profileContext", ctx); + context.put("sslClientCertProvider", + new SSLClientCertProvider(httpReq)); + + String p10Password = getPasswordFromP10(pkcs10data); + AuthCredentials credentials = new AuthCredentials(); + credentials.set("UID", httpReq.getRemoteAddr()); + credentials.set("PWD", p10Password); + if (authenticator == null) { - CMS.debug("No authenticator Found"); + // XXX - to help caRouterCert to work, we need to + // add authentication to caRouterCert + authToken = new AuthToken(null); } else { - CMS.debug("Got authenticator=" + authenticator.getClass().getName()); + authToken = authenticate(credentials, authenticator, httpReq); } - } catch (EProfileException e) { - // authenticator not installed correctly - } - - IAuthToken authToken = null; - - // for ssl authentication; pass in servlet for retrieving - // ssl client certificates - SessionContext context = SessionContext.getContext(); - - - // insert profile context so that input parameter can be retrieved - context.put("profileContext", ctx); - context.put("sslClientCertProvider", - new SSLClientCertProvider(httpReq)); - - String p10Password = getPasswordFromP10(pkcs10data); - AuthCredentials credentials = new AuthCredentials(); - credentials.set("UID", httpReq.getRemoteAddr()); - credentials.set("PWD", p10Password); - - if (authenticator == null) { - // XXX - to help caRouterCert to work, we need to - // add authentication to caRouterCert - authToken = new AuthToken(null); - } else { - authToken = authenticate(credentials, authenticator, httpReq); - } - - IRequest reqs[] = null; - CMS.debug("CRSEnrollment: Creating profile requests"); - ctx.set(IEnrollProfile.CTX_CERT_REQUEST_TYPE, "pkcs10"); - ctx.set(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob); - Locale locale = Locale.getDefault(); - reqs = profile.createRequests(ctx, locale); - if (reqs == null) { - CMS.debug("CRSEnrollment: No request has been created"); - return null; - } else { - CMS.debug("CRSEnrollment: Request (" + reqs.length + ") have been created"); - } - // set transaction id - reqs[0].setSourceId(req.getTransactionID()); - reqs[0].setExtData("profile", "true"); - reqs[0].setExtData("profileId", mProfileId); - reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST_TYPE, IEnrollProfile.REQ_TYPE_PKCS10); - reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob); - reqs[0].setExtData("requestor_name", ""); - reqs[0].setExtData("requestor_email", ""); - reqs[0].setExtData("requestor_phone", ""); - reqs[0].setExtData("profileRemoteHost", httpReq.getRemoteHost()); - reqs[0].setExtData("profileRemoteAddr", httpReq.getRemoteAddr()); - reqs[0].setExtData("profileApprovedBy", profile.getApprovedBy()); - - CMS.debug("CRSEnrollment: Populating inputs"); - profile.populateInput(ctx, reqs[0]); - CMS.debug("CRSEnrollment: Populating requests"); - profile.populate(reqs[0]); - - CMS.debug("CRSEnrollment: Submitting request"); - profile.submit(authToken, reqs[0]); - CMS.debug("CRSEnrollment: Done submitting request"); - profile.getRequestQueue().markAsServiced(reqs[0]); - CMS.debug("CRSEnrollment: Request marked as serviced"); - - return reqs[0]; - - } - - IRequestQueue rq = ca.getRequestQueue(); - IRequest pkiReq = rq.newRequest(IRequest.ENROLLMENT_REQUEST); - - AuthToken token = (AuthToken) req.get(AUTH_TOKEN); - if (token != null) { - pkiReq.setExtData(IRequest.AUTH_TOKEN,token); - } - - pkiReq.setExtData(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE, IRequest.CEP_CERT); - X509CertInfo certInfo = (X509CertInfo) req.get(CERTINFO); - pkiReq.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { certInfo } ); - pkiReq.setExtData("cepsubstore", mSubstoreName); - - try { - String chpwd = (String)req.get(ChallengePassword.NAME); - if (chpwd != null) { - pkiReq.setExtData("challengePhrase", - chpwd ); - } - } catch (Exception pwex) { - } - - Hashtable<?, ?> fingerprints = (Hashtable<?, ?>)req.get(IRequest.FINGERPRINTS); - if (fingerprints.size() > 0) { - Hashtable<String, String> encodedPrints = new Hashtable<String, String>(fingerprints.size()); - Enumeration<?> e = fingerprints.keys(); - while (e.hasMoreElements()) { - String key = (String)e.nextElement(); - byte[] value = (byte[])fingerprints.get(key); - encodedPrints.put(key, CMS.BtoA(value)); - } - pkiReq.setExtData(IRequest.FINGERPRINTS, encodedPrints); - } - - pkiReq.setSourceId(req.getTransactionID()); - - rq.processRequest(pkiReq); - - crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); - - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + + IRequest reqs[] = null; + CMS.debug("CRSEnrollment: Creating profile requests"); + ctx.set(IEnrollProfile.CTX_CERT_REQUEST_TYPE, "pkcs10"); + ctx.set(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob); + Locale locale = Locale.getDefault(); + reqs = profile.createRequests(ctx, locale); + if (reqs == null) { + CMS.debug("CRSEnrollment: No request has been created"); + return null; + } else { + CMS.debug("CRSEnrollment: Request (" + reqs.length + ") have been created"); + } + // set transaction id + reqs[0].setSourceId(req.getTransactionID()); + reqs[0].setExtData("profile", "true"); + reqs[0].setExtData("profileId", mProfileId); + reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST_TYPE, IEnrollProfile.REQ_TYPE_PKCS10); + reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob); + reqs[0].setExtData("requestor_name", ""); + reqs[0].setExtData("requestor_email", ""); + reqs[0].setExtData("requestor_phone", ""); + reqs[0].setExtData("profileRemoteHost", httpReq.getRemoteHost()); + reqs[0].setExtData("profileRemoteAddr", httpReq.getRemoteAddr()); + reqs[0].setExtData("profileApprovedBy", profile.getApprovedBy()); + + CMS.debug("CRSEnrollment: Populating inputs"); + profile.populateInput(ctx, reqs[0]); + CMS.debug("CRSEnrollment: Populating requests"); + profile.populate(reqs[0]); + + CMS.debug("CRSEnrollment: Submitting request"); + profile.submit(authToken, reqs[0]); + CMS.debug("CRSEnrollment: Done submitting request"); + profile.getRequestQueue().markAsServiced(reqs[0]); + CMS.debug("CRSEnrollment: Request marked as serviced"); + + return reqs[0]; + + } + + IRequestQueue rq = ca.getRequestQueue(); + IRequest pkiReq = rq.newRequest(IRequest.ENROLLMENT_REQUEST); + + AuthToken token = (AuthToken) req.get(AUTH_TOKEN); + if (token != null) { + pkiReq.setExtData(IRequest.AUTH_TOKEN, token); + } + + pkiReq.setExtData(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE, IRequest.CEP_CERT); + X509CertInfo certInfo = (X509CertInfo) req.get(CERTINFO); + pkiReq.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { certInfo }); + pkiReq.setExtData("cepsubstore", mSubstoreName); + + try { + String chpwd = (String) req.get(ChallengePassword.NAME); + if (chpwd != null) { + pkiReq.setExtData("challengePhrase", + chpwd); + } + } catch (Exception pwex) { + } + + Hashtable<?, ?> fingerprints = (Hashtable<?, ?>) req.get(IRequest.FINGERPRINTS); + if (fingerprints.size() > 0) { + Hashtable<String, String> encodedPrints = new Hashtable<String, String>(fingerprints.size()); + Enumeration<?> e = fingerprints.keys(); + while (e.hasMoreElements()) { + String key = (String) e.nextElement(); + byte[] value = (byte[]) fingerprints.get(key); + encodedPrints.put(key, CMS.BtoA(value)); + } + pkiReq.setExtData(IRequest.FINGERPRINTS, encodedPrints); + } + + pkiReq.setSourceId(req.getTransactionID()); + + rq.processRequest(pkiReq); + + crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); + + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.ENROLLMENTFORMAT, new Object[] { - pkiReq.getRequestId(), - AuditFormat.FROMROUTER, - mAuthManagerName == null ? AuditFormat.NOAUTH : mAuthManagerName, - "pending", - subject , - ""} + pkiReq.getRequestId(), + AuditFormat.FROMROUTER, + mAuthManagerName == null ? AuditFormat.NOAUTH : mAuthManagerName, + "pending", + subject, + "" } ); - - return pkiReq; - } - + return pkiReq; + } - public Hashtable<String, byte[]> makeFingerPrints(CRSPKIMessage req) { + public Hashtable<String, byte[]> makeFingerPrints(CRSPKIMessage req) { Hashtable<String, byte[]> fingerprints = new Hashtable<String, byte[]>(); MessageDigest md; - String[] hashes = new String[] {"MD2", "MD5", "SHA1", "SHA256", "SHA512"}; - PKCS10 p10 = (PKCS10)req.getP10(); + String[] hashes = new String[] { "MD2", "MD5", "SHA1", "SHA256", "SHA512" }; + PKCS10 p10 = (PKCS10) req.getP10(); - for (int i=0;i<hashes.length;i++) { - try { - md = MessageDigest.getInstance(hashes[i]); - md.update(p10.getCertRequestInfo()); - fingerprints.put(hashes[i],md.digest()); - } - catch (NoSuchAlgorithmException nsa) {} + for (int i = 0; i < hashes.length; i++) { + try { + md = MessageDigest.getInstance(hashes[i]); + md.update(p10.getCertRequestInfo()); + fingerprints.put(hashes[i], md.digest()); + } catch (NoSuchAlgorithmException nsa) { + } } - if (fingerprints != null) { - req.put(IRequest.FINGERPRINTS,fingerprints); - } - return fingerprints; - } - - - // Take a look to see if the request was successful, and fill - // in the response message + if (fingerprints != null) { + req.put(IRequest.FINGERPRINTS, fingerprints); + } + return fingerprints; + } + // Take a look to see if the request was successful, and fill + // in the response message - private X509CertImpl makeResponseFromRequest(CRSPKIMessage crsReq, CRSPKIMessage crsResp, - IRequest pkiReq) - { + private X509CertImpl makeResponseFromRequest(CRSPKIMessage crsReq, CRSPKIMessage crsResp, + IRequest pkiReq) { - X509CertImpl issuedCert=null; + X509CertImpl issuedCert = null; RequestStatus status = pkiReq.getRequestStatus(); String profileId = pkiReq.getExtDataInString("profileId"); if (profileId != null) { - CMS.debug("CRSEnrollment: Found profile request"); - X509CertImpl cert = - pkiReq.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) { - CMS.debug("CRSEnrollment: No certificate has been found"); - } else { - CMS.debug("CRSEnrollment: Found certificate"); - } - crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); - return cert; + CMS.debug("CRSEnrollment: Found profile request"); + X509CertImpl cert = + pkiReq.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + if (cert == null) { + CMS.debug("CRSEnrollment: No certificate has been found"); + } else { + CMS.debug("CRSEnrollment: Found certificate"); + } + crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); + return cert; } - - if ( status.equals(RequestStatus.COMPLETE)) { + if (status.equals(RequestStatus.COMPLETE)) { Integer success = pkiReq.getExtDataInInteger(IRequest.RESULT); - if (success.equals(IRequest.RES_SUCCESS)) { // The cert was issued, lets send it back to the router X509CertImpl[] issuedCertBuf = - pkiReq.getExtDataInCertArray(IRequest.ISSUED_CERTS); + pkiReq.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (issuedCertBuf == null || issuedCertBuf.length == 0) { - // writeError("Internal Error: Bad operation",httpReq,httpResp); - CMS.debug( "CRSEnrollment::makeResponseFromRequest() - " + - "Bad operation" ); + // writeError("Internal Error: Bad operation",httpReq,httpResp); + CMS.debug("CRSEnrollment::makeResponseFromRequest() - " + + "Bad operation"); return null; } issuedCert = issuedCertBuf[0]; crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); - - } - else { // status is not 'success' - there must've been a problem - + + } else { // status is not 'success' - there must've been a problem + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badAlg); } - } - else if (status.equals(RequestStatus.REJECTED_STRING) || + } else if (status.equals(RequestStatus.REJECTED_STRING) || status.equals(RequestStatus.CANCELED_STRING)) { - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest); - } - else { // not complete + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest); + } else { // not complete crsResp.setPKIStatus(CRSPKIMessage.mStatus_PENDING); } return issuedCert; } + protected String hashPassword(String pwd) { + String salt = "lala123"; + byte[] pwdDigest = mSHADigest.digest((salt + pwd).getBytes()); + String b64E = com.netscape.osutil.OSUtil.BtoA(pwdDigest); + return "{SHA}" + b64E; + } + /** + * Make the CRSPKIMESSAGE response + */ + private void processCertRep(CryptoContext cx, + X509CertImpl issuedCert, + CRSPKIMessage crsResp, + CRSPKIMessage crsReq) + throws CRSFailureException { + byte[] msgdigest = null; + byte[] encryptedDesKey = null; + try { + if (issuedCert != null) { + SymmetricKey sk; + SymmetricKey skinternal; - protected String hashPassword(String pwd) { - String salt = "lala123"; - byte[] pwdDigest = mSHADigest.digest((salt+pwd).getBytes()); - String b64E = com.netscape.osutil.OSUtil.BtoA(pwdDigest); - return "{SHA}"+b64E; - } + KeyGenAlgorithm kga = KeyGenAlgorithm.DES; + EncryptionAlgorithm ea = EncryptionAlgorithm.DES_CBC; + if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) { + kga = KeyGenAlgorithm.DES3; + ea = EncryptionAlgorithm.DES3_CBC; + } + // 1. Make the Degenerated PKCS7 with the recipient's + // certificate in it + byte toBeEncrypted[] = + crsResp.makeSignedRep(1, // version + issuedCert.getEncoded() + ); + // 2. Encrypt the above byte array with a new random DES key - /** - * Make the CRSPKIMESSAGE response - */ + sk = cx.getDESKeyGenerator().generate(); + skinternal = cx.getInternalToken().getKeyGenerator(kga).clone(sk); - private void processCertRep(CryptoContext cx, - X509CertImpl issuedCert, - CRSPKIMessage crsResp, - CRSPKIMessage crsReq) - throws CRSFailureException { - byte[] msgdigest = null; - byte[] encryptedDesKey = null; - - try { - if (issuedCert != null) { - - SymmetricKey sk; - SymmetricKey skinternal; - - KeyGenAlgorithm kga = KeyGenAlgorithm.DES; - EncryptionAlgorithm ea = EncryptionAlgorithm.DES_CBC; - if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) { - kga = KeyGenAlgorithm.DES3; - ea = EncryptionAlgorithm.DES3_CBC; - } - - // 1. Make the Degenerated PKCS7 with the recipient's certificate in it - - byte toBeEncrypted[] = - crsResp.makeSignedRep(1, // version - issuedCert.getEncoded() - ); - - // 2. Encrypt the above byte array with a new random DES key - - sk = cx.getDESKeyGenerator().generate(); - - skinternal = cx.getInternalToken().getKeyGenerator(kga).clone(sk); - - byte[] padded = Cipher.pad(toBeEncrypted, ea.getBlockSize()); - - - // This should be changed to generate proper DES IV. - - Cipher cipher = cx.getInternalToken().getCipherContext(ea); - IVParameterSpec desIV = - new IVParameterSpec(new byte[]{ - (byte)0xff, (byte)0x00, - (byte)0xff, (byte)0x00, - (byte)0xff, (byte)0x00, - (byte)0xff, (byte)0x00 } ); - - cipher.initEncrypt(sk,desIV); - byte[] encryptedData = cipher.doFinal(padded); - - crsResp.makeEncryptedContentInfo(desIV.getIV(),encryptedData, mEncryptionAlgorithm); - - // 3. Extract the recipient's public key - - PublicKey rcpPK = crsReq.getSignerPublicKey(); - - - // 4. Encrypt the DES key with the public key - - // we have to move the key onto the interal token. - //skinternal = cx.getInternalKeyStorageToken().cloneKey(sk); - skinternal = cx.getInternalToken().cloneKey(sk); - - KeyWrapper kw = cx.getInternalKeyWrapper(); - kw.initWrap(rcpPK, null); - encryptedDesKey = kw.wrap(skinternal); - - crsResp.setRcpIssuerAndSerialNumber(crsReq.getSgnIssuerAndSerialNumber()); - crsResp.makeRecipientInfo(0, encryptedDesKey ); - - } - - - byte[] ed = crsResp.makeEnvelopedData(0); - - // 7. Make Digest of SignedData Content - MessageDigest md = MessageDigest.getInstance(mHashAlgorithm); - msgdigest = md.digest(ed); - - crsResp.setMsgDigest(msgdigest); - - } - - catch (Exception e) { - throw new CRSFailureException("Failed to create inner response to CEP message: "+e.getMessage()); - } - - - // 5. Make a RecipientInfo - - // The issuer name & serial number here, should be that of - // the EE's self-signed Certificate - // [I can get it from the req blob, but later, I should - // store the recipient's self-signed certificate with the request - // so I can get at it later. I need to do this to support - // 'PENDING'] - - - try { - - // 8. Make Authenticated Attributes - // we can just pull the transaction ID out of the request. - // Later, we will have to put it out of the Request queue, - // so we can support PENDING - crsResp.setTransactionID(crsReq.getTransactionID()); - // recipientNonce and SenderNonce have already been set - - crsResp.makeAuthenticatedAttributes(); - // crsResp.makeAuthenticatedAttributes_old(); - - - - // now package up the rest of the SignerInfo - { - byte[] signingcertbytes = cx.getSigningCert().getEncoded(); - - - Certificate.Template sgncert_t = new Certificate.Template(); - Certificate sgncert = - (Certificate) sgncert_t.decode(new ByteArrayInputStream(signingcertbytes)); - - IssuerAndSerialNumber sgniasn = - new IssuerAndSerialNumber(sgncert.getInfo().getIssuer(), + byte[] padded = Cipher.pad(toBeEncrypted, ea.getBlockSize()); + + // This should be changed to generate proper DES IV. + + Cipher cipher = cx.getInternalToken().getCipherContext(ea); + IVParameterSpec desIV = + new IVParameterSpec(new byte[] { + (byte) 0xff, (byte) 0x00, + (byte) 0xff, (byte) 0x00, + (byte) 0xff, (byte) 0x00, + (byte) 0xff, (byte) 0x00 }); + + cipher.initEncrypt(sk, desIV); + byte[] encryptedData = cipher.doFinal(padded); + + crsResp.makeEncryptedContentInfo(desIV.getIV(), encryptedData, mEncryptionAlgorithm); + + // 3. Extract the recipient's public key + + PublicKey rcpPK = crsReq.getSignerPublicKey(); + + // 4. Encrypt the DES key with the public key + + // we have to move the key onto the interal token. + // skinternal = cx.getInternalKeyStorageToken().cloneKey(sk); + skinternal = cx.getInternalToken().cloneKey(sk); + + KeyWrapper kw = cx.getInternalKeyWrapper(); + kw.initWrap(rcpPK, null); + encryptedDesKey = kw.wrap(skinternal); + + crsResp.setRcpIssuerAndSerialNumber(crsReq.getSgnIssuerAndSerialNumber()); + crsResp.makeRecipientInfo(0, encryptedDesKey); + + } + + byte[] ed = crsResp.makeEnvelopedData(0); + + // 7. Make Digest of SignedData Content + MessageDigest md = MessageDigest.getInstance(mHashAlgorithm); + msgdigest = md.digest(ed); + + crsResp.setMsgDigest(msgdigest); + + } + + catch (Exception e) { + throw new CRSFailureException("Failed to create inner response to CEP message: " + e.getMessage()); + } + + // 5. Make a RecipientInfo + + // The issuer name & serial number here, should be that of + // the EE's self-signed Certificate + // [I can get it from the req blob, but later, I should + // store the recipient's self-signed certificate with the request + // so I can get at it later. I need to do this to support + // 'PENDING'] + + try { + + // 8. Make Authenticated Attributes + // we can just pull the transaction ID out of the request. + // Later, we will have to put it out of the Request queue, + // so we can support PENDING + crsResp.setTransactionID(crsReq.getTransactionID()); + // recipientNonce and SenderNonce have already been set + + crsResp.makeAuthenticatedAttributes(); + // crsResp.makeAuthenticatedAttributes_old(); + + // now package up the rest of the SignerInfo + { + byte[] signingcertbytes = cx.getSigningCert().getEncoded(); + + Certificate.Template sgncert_t = new Certificate.Template(); + Certificate sgncert = + (Certificate) sgncert_t.decode(new ByteArrayInputStream(signingcertbytes)); + + IssuerAndSerialNumber sgniasn = + new IssuerAndSerialNumber(sgncert.getInfo().getIssuer(), sgncert.getInfo().getSerialNumber()); - - crsResp.setSgnIssuerAndSerialNumber(sgniasn); - - // 10. Make SignerInfo - crsResp.makeSignerInfo(1, cx.getPrivateKey(), mHashAlgorithm); - - // 11. Make SignedData - crsResp.makeSignedData(1, signingcertbytes, mHashAlgorithm); - - crsResp.debug(); - } - } - catch (Exception e) { - throw new CRSFailureException("Failed to create outer response to CEP request: "+e.getMessage()); - } - - - // if debugging, dump out the response into a file - - } - - - - class CryptoContext { - private CryptoManager cm; - private CryptoToken internalToken; - private CryptoToken keyStorageToken; - private CryptoToken internalKeyStorageToken; - private KeyGenerator DESkg; - private Enumeration<?> externalTokens = null; - private org.mozilla.jss.crypto.X509Certificate signingCert; - private org.mozilla.jss.crypto.PrivateKey signingCertPrivKey; - private int signingCertKeySize = 0; - - - class CryptoContextException extends Exception { - /** + + crsResp.setSgnIssuerAndSerialNumber(sgniasn); + + // 10. Make SignerInfo + crsResp.makeSignerInfo(1, cx.getPrivateKey(), mHashAlgorithm); + + // 11. Make SignedData + crsResp.makeSignedData(1, signingcertbytes, mHashAlgorithm); + + crsResp.debug(); + } + } catch (Exception e) { + throw new CRSFailureException("Failed to create outer response to CEP request: " + e.getMessage()); + } + + // if debugging, dump out the response into a file + + } + + class CryptoContext { + private CryptoManager cm; + private CryptoToken internalToken; + private CryptoToken keyStorageToken; + private CryptoToken internalKeyStorageToken; + private KeyGenerator DESkg; + private Enumeration<?> externalTokens = null; + private org.mozilla.jss.crypto.X509Certificate signingCert; + private org.mozilla.jss.crypto.PrivateKey signingCertPrivKey; + private int signingCertKeySize = 0; + + class CryptoContextException extends Exception { + /** * */ - private static final long serialVersionUID = -1124116326126256475L; - public CryptoContextException() { super(); } - public CryptoContextException(String s) { super(s); } - } + private static final long serialVersionUID = -1124116326126256475L; - public CryptoContext() - throws CryptoContextException - { - try { - KeyGenAlgorithm kga = KeyGenAlgorithm.DES; - if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) { - kga = KeyGenAlgorithm.DES3; - } - cm = CryptoManager.getInstance(); - internalToken = cm.getInternalCryptoToken(); - DESkg = internalToken.getKeyGenerator(kga); - if (mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) || - mTokenName.equalsIgnoreCase("Internal Key Storage Token") || - mTokenName.length() == 0) { - keyStorageToken = cm.getInternalKeyStorageToken(); - internalKeyStorageToken = keyStorageToken; - CMS.debug("CRSEnrollment: CryptoContext: internal token name: '"+mTokenName+"'"); - } else { - keyStorageToken = cm.getTokenByName(mTokenName); - internalKeyStorageToken = null; - } - if (!mUseCA && internalKeyStorageToken == null) { - PasswordCallback cb = CMS.getPasswordCallback(); - keyStorageToken.login(cb); // ONE_TIME by default. - } - signingCert = cm.findCertByNickname(mNickname); - signingCertPrivKey = cm.findPrivKeyByCert(signingCert); - byte[] encPubKeyInfo = signingCert.getPublicKey().getEncoded(); - SEQUENCE.Template outer = SEQUENCE.getTemplate(); - outer.addElement( ANY.getTemplate() ); // algid - outer.addElement( BIT_STRING.getTemplate() ); - SEQUENCE outerSeq = (SEQUENCE) ASN1Util.decode(outer, encPubKeyInfo); - BIT_STRING bs = (BIT_STRING) outerSeq.elementAt(1); - byte[] encPubKey = bs.getBits(); - if( bs.getPadCount() != 0) { - throw new CryptoContextException("Internal error: Invalid Public key. Not an integral number of bytes."); - } - SEQUENCE.Template inner = new SEQUENCE.Template(); - inner.addElement( INTEGER.getTemplate()); - inner.addElement( INTEGER.getTemplate()); - SEQUENCE pubKeySeq = (SEQUENCE) ASN1Util.decode(inner, encPubKey); - INTEGER modulus = (INTEGER) pubKeySeq.elementAt(0); - signingCertKeySize = modulus.bitLength(); - - try { - FileOutputStream fos = new FileOutputStream("pubkey.der"); - fos.write(signingCert.getPublicKey().getEncoded()); - fos.close(); - } catch (Exception e) {} - - } - catch (InvalidBERException e) { - throw new CryptoContextException("Internal Error: Bad internal Certificate Representation. Not a valid RSA-signed certificate"); - } - catch (CryptoManager.NotInitializedException e) { - throw new CryptoContextException("Crypto Manager not initialized"); - } - catch (NoSuchAlgorithmException e) { - throw new CryptoContextException("Cannot create DES key generator"); - } - catch (ObjectNotFoundException e) { - throw new CryptoContextException("Certificate not found: "+ca.getNickname()); - } - catch (TokenException e) { - throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage()); - } - catch (NoSuchTokenException e) { - throw new CryptoContextException("Crypto Token not found: "+e.getMessage()); - } - catch (IncorrectPasswordException e) { - throw new CryptoContextException("Incorrect Password."); - } - } - - - public KeyGenerator getDESKeyGenerator() { - return DESkg; - } + public CryptoContextException() { + super(); + } - public CryptoToken getInternalToken() { - return internalToken; - } + public CryptoContextException(String s) { + super(s); + } + } - public void setExternalTokens( Enumeration<?> tokens ) { - externalTokens = tokens; - } + public CryptoContext() + throws CryptoContextException { + try { + KeyGenAlgorithm kga = KeyGenAlgorithm.DES; + if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) { + kga = KeyGenAlgorithm.DES3; + } + cm = CryptoManager.getInstance(); + internalToken = cm.getInternalCryptoToken(); + DESkg = internalToken.getKeyGenerator(kga); + if (mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) || + mTokenName.equalsIgnoreCase("Internal Key Storage Token") || + mTokenName.length() == 0) { + keyStorageToken = cm.getInternalKeyStorageToken(); + internalKeyStorageToken = keyStorageToken; + CMS.debug("CRSEnrollment: CryptoContext: internal token name: '" + mTokenName + "'"); + } else { + keyStorageToken = cm.getTokenByName(mTokenName); + internalKeyStorageToken = null; + } + if (!mUseCA && internalKeyStorageToken == null) { + PasswordCallback cb = CMS.getPasswordCallback(); + keyStorageToken.login(cb); // ONE_TIME by default. + } + signingCert = cm.findCertByNickname(mNickname); + signingCertPrivKey = cm.findPrivKeyByCert(signingCert); + byte[] encPubKeyInfo = signingCert.getPublicKey().getEncoded(); + SEQUENCE.Template outer = SEQUENCE.getTemplate(); + outer.addElement(ANY.getTemplate()); // algid + outer.addElement(BIT_STRING.getTemplate()); + SEQUENCE outerSeq = (SEQUENCE) ASN1Util.decode(outer, encPubKeyInfo); + BIT_STRING bs = (BIT_STRING) outerSeq.elementAt(1); + byte[] encPubKey = bs.getBits(); + if (bs.getPadCount() != 0) { + throw new CryptoContextException("Internal error: Invalid Public key. Not an integral number of bytes."); + } + SEQUENCE.Template inner = new SEQUENCE.Template(); + inner.addElement(INTEGER.getTemplate()); + inner.addElement(INTEGER.getTemplate()); + SEQUENCE pubKeySeq = (SEQUENCE) ASN1Util.decode(inner, encPubKey); + INTEGER modulus = (INTEGER) pubKeySeq.elementAt(0); + signingCertKeySize = modulus.bitLength(); - public Enumeration<?> getExternalTokens() { - return externalTokens; - } + try { + FileOutputStream fos = new FileOutputStream("pubkey.der"); + fos.write(signingCert.getPublicKey().getEncoded()); + fos.close(); + } catch (Exception e) { + } - public CryptoToken getInternalKeyStorageToken() { - return internalKeyStorageToken; - } + } catch (InvalidBERException e) { + throw new CryptoContextException("Internal Error: Bad internal Certificate Representation. Not a valid RSA-signed certificate"); + } catch (CryptoManager.NotInitializedException e) { + throw new CryptoContextException("Crypto Manager not initialized"); + } catch (NoSuchAlgorithmException e) { + throw new CryptoContextException("Cannot create DES key generator"); + } catch (ObjectNotFoundException e) { + throw new CryptoContextException("Certificate not found: " + ca.getNickname()); + } catch (TokenException e) { + throw new CryptoContextException("Problem with Crypto Token: " + e.getMessage()); + } catch (NoSuchTokenException e) { + throw new CryptoContextException("Crypto Token not found: " + e.getMessage()); + } catch (IncorrectPasswordException e) { + throw new CryptoContextException("Incorrect Password."); + } + } - public CryptoToken getKeyStorageToken() { - return keyStorageToken; - } + public KeyGenerator getDESKeyGenerator() { + return DESkg; + } - public CryptoManager getCryptoManager() { - return cm; - } + public CryptoToken getInternalToken() { + return internalToken; + } - public KeyWrapper getKeyWrapper() - throws CryptoContextException { - try { - return signingCertPrivKey.getOwningToken().getKeyWrapper(KeyWrapAlgorithm.RSA); + public void setExternalTokens(Enumeration<?> tokens) { + externalTokens = tokens; } - catch (TokenException e) { - throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage()); + + public Enumeration<?> getExternalTokens() { + return externalTokens; } - catch (NoSuchAlgorithmException e) { - throw new CryptoContextException(e.getMessage()); + + public CryptoToken getInternalKeyStorageToken() { + return internalKeyStorageToken; } - } - public KeyWrapper getInternalKeyWrapper() - throws CryptoContextException { - try { - return getInternalToken().getKeyWrapper(KeyWrapAlgorithm.RSA); + public CryptoToken getKeyStorageToken() { + return keyStorageToken; } - catch (TokenException e) { - throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage()); + + public CryptoManager getCryptoManager() { + return cm; } - catch (NoSuchAlgorithmException e) { - throw new CryptoContextException(e.getMessage()); + + public KeyWrapper getKeyWrapper() + throws CryptoContextException { + try { + return signingCertPrivKey.getOwningToken().getKeyWrapper(KeyWrapAlgorithm.RSA); + } catch (TokenException e) { + throw new CryptoContextException("Problem with Crypto Token: " + e.getMessage()); + } catch (NoSuchAlgorithmException e) { + throw new CryptoContextException(e.getMessage()); + } } - } - public org.mozilla.jss.crypto.PrivateKey getPrivateKey() { - return signingCertPrivKey; - } + public KeyWrapper getInternalKeyWrapper() + throws CryptoContextException { + try { + return getInternalToken().getKeyWrapper(KeyWrapAlgorithm.RSA); + } catch (TokenException e) { + throw new CryptoContextException("Problem with Crypto Token: " + e.getMessage()); + } catch (NoSuchAlgorithmException e) { + throw new CryptoContextException(e.getMessage()); + } + } - public org.mozilla.jss.crypto.X509Certificate getSigningCert() { - return signingCert; - } - - } + public org.mozilla.jss.crypto.PrivateKey getPrivateKey() { + return signingCertPrivKey; + } + public org.mozilla.jss.crypto.X509Certificate getSigningCert() { + return signingCert; + } - /* General failure. The request/response cannot be processed. */ + } + /* General failure. The request/response cannot be processed. */ - class CRSFailureException extends Exception { - /** + class CRSFailureException extends Exception { + /** * */ - private static final long serialVersionUID = 1962741611501549051L; - public CRSFailureException() { super(); } - public CRSFailureException(String s) { super(s); } - } + private static final long serialVersionUID = 1962741611501549051L; - class CRSInvalidSignatureException extends Exception { - /** + public CRSFailureException() { + super(); + } + + public CRSFailureException(String s) { + super(s); + } + } + + class CRSInvalidSignatureException extends Exception { + /** * */ - private static final long serialVersionUID = 9096408193567657944L; - public CRSInvalidSignatureException() { super(); } - public CRSInvalidSignatureException(String s) { super(s); } - } + private static final long serialVersionUID = 9096408193567657944L; + + public CRSInvalidSignatureException() { + super(); + } - + public CRSInvalidSignatureException(String s) { + super(s); + } + } - class CRSPolicyException extends Exception { - /** + class CRSPolicyException extends Exception { + /** * */ - private static final long serialVersionUID = 5846593800658787396L; - public CRSPolicyException() { super(); } - public CRSPolicyException(String s) { super(s); } - } + private static final long serialVersionUID = 5846593800658787396L; -} + public CRSPolicyException() { + super(); + } + public CRSPolicyException(String s) { + super(s); + } + } + +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java index 49a591f0..79110442 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java @@ -29,115 +29,113 @@ import netscape.security.util.DerValue; import netscape.security.x509.CertAttrSet; /** - * Class for handling the decoding of a SCEP Challenge Password - * object. Currently this class cannot be used for encoding - * thus some fo the methods are unimplemented + * Class for handling the decoding of a SCEP Challenge Password object. + * Currently this class cannot be used for encoding thus some fo the methods are + * unimplemented */ public class ChallengePassword implements CertAttrSet { - public static final String NAME = "ChallengePassword"; - public static final String PASSWORD = "password"; - - private String cpw; - - - /** - * Get the password marshalled in this object - * @return the challenge password - */ - public String toString() { - return cpw; - } - - /** - * Create a ChallengePassword object - * @param stuff (must be of type byte[]) a DER-encoded by array following - * The ASN.1 template for ChallenegePassword specified in the SCEP - * documentation - * @throws IOException if the DER encoded byt array was malformed, or if it - * did not match the template - */ - - public ChallengePassword(Object stuff) - throws IOException { - - ByteArrayInputStream is = new ByteArrayInputStream((byte[])stuff); - try { - decode(is); - } catch (Exception e) { - throw new IOException(e.getMessage()); - } - - } - - /** - * Currently Unimplemented - */ - public void encode(OutputStream out) - throws CertificateException, IOException - { } - - public void decode(InputStream in) - throws CertificateException, IOException - { + public static final String NAME = "ChallengePassword"; + public static final String PASSWORD = "password"; + + private String cpw; + + /** + * Get the password marshalled in this object + * + * @return the challenge password + */ + public String toString() { + return cpw; + } + + /** + * Create a ChallengePassword object + * + * @param stuff (must be of type byte[]) a DER-encoded by array following + * The ASN.1 template for ChallenegePassword specified in the + * SCEP documentation + * @throws IOException if the DER encoded byt array was malformed, or if it + * did not match the template + */ + + public ChallengePassword(Object stuff) + throws IOException { + + ByteArrayInputStream is = new ByteArrayInputStream((byte[]) stuff); + try { + decode(is); + } catch (Exception e) { + throw new IOException(e.getMessage()); + } + + } + + /** + * Currently Unimplemented + */ + public void encode(OutputStream out) + throws CertificateException, IOException { + } + + public void decode(InputStream in) + throws CertificateException, IOException { DerValue derVal = new DerValue(in); construct(derVal); - + + } + + private void construct(DerValue derVal) throws IOException { + try { + cpw = derVal.getPrintableString(); + } catch (NullPointerException e) { + cpw = ""; + } + } + + /** + * Currently Unimplemented + */ + public void set(String name, Object obj) + throws CertificateException, IOException { } - private void construct(DerValue derVal) throws IOException { - try { - cpw = derVal.getPrintableString(); - } - catch (NullPointerException e) { - cpw = ""; - } - } - - - /** - * Currently Unimplemented - */ - public void set(String name, Object obj) - throws CertificateException, IOException - { } - - /** - * Get an attribute of this object. - * @param name the name of the attribute of this object to get. The only - * supported attribute is "password" - */ - public Object get(String name) - throws CertificateException, IOException - { + /** + * Get an attribute of this object. + * + * @param name the name of the attribute of this object to get. The only + * supported attribute is "password" + */ + public Object get(String name) + throws CertificateException, IOException { if (name.equalsIgnoreCase(PASSWORD)) { return cpw; - } - else { - throw new IOException("Attribute name not recognized by "+ + } else { + throw new IOException("Attribute name not recognized by " + "CertAttrSet: ChallengePassword"); } } - - /** - * Currently Unimplemented - */ - public void delete(String name) - throws CertificateException, IOException - { } - - /** - * @return an empty set of elements - */ - public Enumeration<String> getAttributeNames() - { return (new Vector<String>()).elements();} - - /** - * @return the String "ChallengePassword" - */ - public String getName() - { return NAME;} - - + + /** + * Currently Unimplemented + */ + public void delete(String name) + throws CertificateException, IOException { + } + + /** + * @return an empty set of elements + */ + public Enumeration<String> getAttributeNames() { + return (new Vector<String>()).elements(); + } + + /** + * @return the String "ChallengePassword" + */ + public String getName() { + return NAME; + } + } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java index 6f689b34..eb1433aa 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java @@ -30,51 +30,46 @@ import netscape.security.util.DerValue; import netscape.security.x509.CertAttrSet; import netscape.security.x509.Extension; - public class ExtensionsRequested implements CertAttrSet { + public static final String NAME = "EXTENSIONS_REQUESTED"; - public static final String NAME = "EXTENSIONS_REQUESTED"; - public static final String KUE_DIGITAL_SIGNATURE = "kue_digital_signature"; - public static final String KUE_KEY_ENCIPHERMENT = "kue_key_encipherment"; + public static final String KUE_KEY_ENCIPHERMENT = "kue_key_encipherment"; private String kue_digital_signature = "false"; - private String kue_key_encipherment = "false"; - + private String kue_key_encipherment = "false"; + private Vector<Extension> exts = new Vector<Extension>(); public ExtensionsRequested(Object stuff) throws IOException { ByteArrayInputStream is = new ByteArrayInputStream((byte[]) stuff); - + try { decode(is); - } - catch (Exception e) { + } catch (Exception e) { e.printStackTrace(); throw new IOException(e.getMessage()); } } - - public void encode(OutputStream out) - throws CertificateException, IOException - { } - - public void decode(InputStream in) - throws CertificateException, IOException - { + + public void encode(OutputStream out) + throws CertificateException, IOException { + } + + public void decode(InputStream in) + throws CertificateException, IOException { DerValue derVal = new DerValue(in); - + construct(derVal); } - + public void set(String name, Object obj) - throws CertificateException, IOException - { } - - public Object get(String name) - throws CertificateException, IOException - { + throws CertificateException, IOException { + } + + public Object get(String name) + throws CertificateException, IOException { if (name.equalsIgnoreCase(KUE_DIGITAL_SIGNATURE)) { return kue_digital_signature; } @@ -84,107 +79,83 @@ public class ExtensionsRequested implements CertAttrSet { throw new IOException("Unsupported attribute queried"); } - - public void delete(String name) - throws CertificateException, IOException - { + + public void delete(String name) + throws CertificateException, IOException { + } + + public Enumeration<String> getAttributeNames() { + return (new Vector<String>()).elements(); + } + + public String getName() { + return NAME; } - public Enumeration<String> getAttributeNames() - { return (new Vector<String>()).elements();} - - public String getName() - { return NAME;} - - - -/** - construct - expects this in the inputstream (from the router): - - 211 30 31: SEQUENCE { - 213 06 10: OBJECT IDENTIFIER '2 16 840 1 113733 1 9 8' - 225 31 17: SET { - 227 04 15: OCTET STRING, encapsulates { - 229 30 13: SEQUENCE { - 231 30 11: SEQUENCE { - 233 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) - 238 04 4: OCTET STRING - : 03 02 05 A0 - : } - : } - : } - - or this (from IRE client): - - 262 30 51: SEQUENCE { - 264 06 9: OBJECT IDENTIFIER extensionReq (1 2 840 113549 1 9 14) - 275 31 38: SET { - 277 30 36: SEQUENCE { - 279 30 34: SEQUENCE { - 281 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) - 286 04 27: OCTET STRING - : 30 19 87 04 D0 0C 3E 6F 81 03 61 61 61 82 0C 61 - : 61 61 2E 6D 63 6F 6D 2E 63 6F 6D - : } - : } - : } - : } - - - */ + /** + * construct - expects this in the inputstream (from the router): + * + * 211 30 31: SEQUENCE { 213 06 10: OBJECT IDENTIFIER '2 16 840 1 113733 1 9 + * 8' 225 31 17: SET { 227 04 15: OCTET STRING, encapsulates { 229 30 13: + * SEQUENCE { 231 30 11: SEQUENCE { 233 06 3: OBJECT IDENTIFIER keyUsage (2 + * 5 29 15) 238 04 4: OCTET STRING : 03 02 05 A0 : } : } : } + * + * or this (from IRE client): + * + * 262 30 51: SEQUENCE { 264 06 9: OBJECT IDENTIFIER extensionReq (1 2 840 + * 113549 1 9 14) 275 31 38: SET { 277 30 36: SEQUENCE { 279 30 34: SEQUENCE + * { 281 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) 286 04 27: OCTET + * STRING : 30 19 87 04 D0 0C 3E 6F 81 03 61 61 61 82 0C 61 : 61 61 2E 6D 63 + * 6F 6D 2E 63 6F 6D : } : } : } : } + */ private void construct(DerValue dv) throws IOException { - DerInputStream stream = null; - DerValue[] dvs; + DerInputStream stream = null; + DerValue[] dvs; - try { // try decoding as sequence first + try { // try decoding as sequence first - stream = dv.toDerInputStream(); + stream = dv.toDerInputStream(); - DerValue stream_dv = stream.getDerValue(); - stream.reset(); - + DerValue stream_dv = stream.getDerValue(); + stream.reset(); - dvs = stream.getSequence(2); - } - catch (IOException ioe) { - // if it failed, the outer sequence may be - // encapsulated in an octet string, as in the first - // example above + dvs = stream.getSequence(2); + } catch (IOException ioe) { + // if it failed, the outer sequence may be + // encapsulated in an octet string, as in the first + // example above - byte[] octet_string = dv.getOctetString(); + byte[] octet_string = dv.getOctetString(); - // Make a new input stream from the byte array, - // and re-parse it as a sequence. + // Make a new input stream from the byte array, + // and re-parse it as a sequence. - dv = new DerValue(octet_string); + dv = new DerValue(octet_string); - stream = dv.toDerInputStream(); - dvs = stream.getSequence(2); - } + stream = dv.toDerInputStream(); + dvs = stream.getSequence(2); + } - // now, the stream will be in the correct format - stream.reset(); + // now, the stream will be in the correct format + stream.reset(); - while (true) { - DerValue ext_dv=null; - try { - ext_dv = stream.getDerValue(); - } - catch (IOException ex) { - break; - } + while (true) { + DerValue ext_dv = null; + try { + ext_dv = stream.getDerValue(); + } catch (IOException ex) { + break; + } - Extension ext = new Extension(ext_dv); - exts.addElement(ext); - } + Extension ext = new Extension(ext_dv); + exts.addElement(ext); + } } - public Vector<Extension> getExtensions() { - return exts; - } + public Vector<Extension> getExtensions() { + return exts; + } } - - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java b/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java index 759238d9..3d0f788e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Enumeration; import java.util.Hashtable; @@ -25,11 +24,10 @@ import com.netscape.certsrv.authentication.IAuthCredentials; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; - /** * Authentication Credentials as input to the authMgr * <P> - * + * * @version $Revision$, $Date$ */ public class AuthCredentials implements IAuthCredentials { @@ -38,21 +36,23 @@ public class AuthCredentials implements IAuthCredentials { */ private static final long serialVersionUID = -5995164231849154265L; private Hashtable authCreds = null; - // Inserted by bskim + // Inserted by bskim private IArgBlock argblk = null; + // Insert end - + public AuthCredentials() { authCreds = new Hashtable(); } /** * sets a credential with credential name and the credential + * * @param name credential name * @param cred credential * @exception com.netscape.certsrv.base.EBaseException NullPointerException */ - public void set(String name, Object cred)throws EBaseException { + public void set(String name, Object cred) throws EBaseException { if (cred == null) { throw new EBaseException("AuthCredentials.set()"); } @@ -62,7 +62,8 @@ public class AuthCredentials implements IAuthCredentials { /** * returns the credential to which the specified name is mapped in this - * credential set + * credential set + * * @param name credential name * @return the named authentication credential */ @@ -71,9 +72,10 @@ public class AuthCredentials implements IAuthCredentials { } /** - * removes the name and its corresponding credential from this - * credential set. This method does nothing if the named - * credential is not in the credential set. + * removes the name and its corresponding credential from this credential + * set. This method does nothing if the named credential is not in the + * credential set. + * * @param name credential name */ public void delete(String name) { @@ -81,27 +83,27 @@ public class AuthCredentials implements IAuthCredentials { } /** - * returns an enumeration of the credentials in this credential - * set. Use the Enumeration methods on the returned object to - * fetch the elements sequentially. + * returns an enumeration of the credentials in this credential set. Use the + * Enumeration methods on the returned object to fetch the elements + * sequentially. + * * @return an enumeration of the values in this credential set * @see java.util.Enumeration */ public Enumeration getElements() { return (authCreds.elements()); } - + // Inserted by bskim public void setArgBlock(IArgBlock blk) { argblk = blk; return; - } + } // Insert end - + public IArgBlock getArgBlock() { return argblk; - } + } // Insert end } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java index 3fac4a63..9fbb04e0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -94,33 +93,33 @@ import com.netscape.certsrv.request.RequestStatus; /** * Utility CMCOutputTemplate - * + * * @version $ $, $Date$ */ public class CMCOutputTemplate { public CMCOutputTemplate() { } - public void createFullResponseWithFailedStatus(HttpServletResponse resp, - SEQUENCE bpids, int code, UTF8String s) { + public void createFullResponseWithFailedStatus(HttpServletResponse resp, + SEQUENCE bpids, int code, UTF8String s) { SEQUENCE controlSeq = new SEQUENCE(); SEQUENCE cmsSeq = new SEQUENCE(); SEQUENCE otherMsgSeq = new SEQUENCE(); int bpid = 1; - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(code), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(code), null); CMCStatusInfo cmcStatusInfo = new CMCStatusInfo( - new INTEGER(CMCStatusInfo.FAILED), - bpids, s, otherInfo); + new INTEGER(CMCStatusInfo.FAILED), + bpids, s, otherInfo); TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); try { ResponseBody respBody = new ResponseBody(controlSeq, - cmsSeq, otherMsgSeq); + cmsSeq, otherMsgSeq); SET certs = new SET(); ContentInfo contentInfo = getContentInfo(respBody, certs); @@ -137,13 +136,13 @@ public class CMCOutputTemplate { os.write(contentBytes); os.flush(); } catch (Exception e) { - CMS.debug("CMCOutputTemplate createFullResponseWithFailedStatus Exception: "+e.toString()); + CMS.debug("CMCOutputTemplate createFullResponseWithFailedStatus Exception: " + e.toString()); return; } } - public void createFullResponse(HttpServletResponse resp, IRequest []reqs, - String cert_request_type, int[] error_codes) { + public void createFullResponse(HttpServletResponse resp, IRequest[] reqs, + String cert_request_type, int[] error_codes) { SEQUENCE controlSeq = new SEQUENCE(); SEQUENCE cmsSeq = new SEQUENCE(); @@ -157,32 +156,32 @@ public class CMCOutputTemplate { SEQUENCE success_bpids = null; SEQUENCE failed_bpids = null; if (cert_request_type.equals("crmf") || - cert_request_type.equals("pkcs10")) { + cert_request_type.equals("pkcs10")) { String reqId = reqs[0].getRequestId().toString(); OtherInfo otherInfo = null; if (error_codes[0] == 2) { PendInfo pendInfo = new PendInfo(reqId, new Date()); otherInfo = new OtherInfo(OtherInfo.PEND, null, - pendInfo); + pendInfo); } else { - otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_REQUEST), null); + otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_REQUEST), null); } - + SEQUENCE bpids = new SEQUENCE(); bpids.addElement(new INTEGER(1)); CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, - bpids, (String)null, otherInfo); + bpids, (String) null, otherInfo); TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } else if (cert_request_type.equals("cmc")) { pending_bpids = new SEQUENCE(); success_bpids = new SEQUENCE(); failed_bpids = new SEQUENCE(); if (reqs != null) { - for (int i=0; i<reqs.length; i++) { + for (int i = 0; i < reqs.length; i++) { if (error_codes[i] == 0) { success_bpids.addElement(new INTEGER( reqs[i].getExtDataInBigInteger("bodyPartId"))); @@ -192,77 +191,77 @@ public class CMCOutputTemplate { } else { failed_bpids.addElement(new INTEGER( reqs[i].getExtDataInBigInteger("bodyPartId"))); - } + } } } TaggedAttribute tagattr = null; CMCStatusInfo cmcStatusInfo = null; - SEQUENCE identityBpids = (SEQUENCE)context.get("identityProof"); + SEQUENCE identityBpids = (SEQUENCE) context.get("identityProof"); if (identityBpids != null && identityBpids.size() > 0) { - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_IDENTITY), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_IDENTITY), null); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - identityBpids, (String)null, otherInfo); + identityBpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } - SEQUENCE POPLinkWitnessBpids = (SEQUENCE)context.get("POPLinkWitness"); + SEQUENCE POPLinkWitnessBpids = (SEQUENCE) context.get("POPLinkWitness"); if (POPLinkWitnessBpids != null && POPLinkWitnessBpids.size() > 0) { OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_REQUEST), null); + new INTEGER(OtherInfo.BAD_REQUEST), null); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - POPLinkWitnessBpids, (String)null, otherInfo); + POPLinkWitnessBpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } if (pending_bpids.size() > 0) { - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, - pending_bpids, (String)null, null); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, + pending_bpids, (String) null, null); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); - controlSeq.addElement(tagattr); - } + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + controlSeq.addElement(tagattr); + } if (success_bpids.size() > 0) { boolean confirmRequired = false; try { - confirmRequired = - CMS.getConfigStore().getBoolean("cmc.cert.confirmRequired", - false); - } catch (Exception e) { + confirmRequired = + CMS.getConfigStore().getBoolean("cmc.cert.confirmRequired", + false); + } catch (Exception e) { } if (confirmRequired) { CMS.debug("CMCOutputTemplate: confirmRequired in the request"); - cmcStatusInfo = - new CMCStatusInfo(CMCStatusInfo.CONFIRM_REQUIRED, - success_bpids, (String)null, null); + cmcStatusInfo = + new CMCStatusInfo(CMCStatusInfo.CONFIRM_REQUIRED, + success_bpids, (String) null, null); } else { - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, - success_bpids, (String)null, null); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, + success_bpids, (String) null, null); } tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); - controlSeq.addElement(tagattr); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + controlSeq.addElement(tagattr); } if (failed_bpids.size() > 0) { - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_REQUEST), null); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - failed_bpids, (String)null, otherInfo); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_REQUEST), null); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, + failed_bpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); - controlSeq.addElement(tagattr); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + controlSeq.addElement(tagattr); } } @@ -270,80 +269,80 @@ public class CMCOutputTemplate { try { // deal with controls - Integer nums = (Integer)(context.get("numOfControls")); + Integer nums = (Integer) (context.get("numOfControls")); if (nums != null && nums.intValue() > 0) { TaggedAttribute attr = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); + (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); if (attr != null) { try { processGetCertControl(attr, certs); } catch (EBaseException ee) { - CMS.debug("CMCOutputTemplate: "+ee.toString()); + CMS.debug("CMCOutputTemplate: " + ee.toString()); OtherInfo otherInfo1 = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_CERT_ID), null); + new INTEGER(OtherInfo.BAD_CERT_ID), null); SEQUENCE bpids1 = new SEQUENCE(); bpids1.addElement(attr.getBodyPartID()); CMCStatusInfo cmcStatusInfo1 = new CMCStatusInfo( - new INTEGER(CMCStatusInfo.FAILED), - bpids1, null, otherInfo1); + new INTEGER(CMCStatusInfo.FAILED), + bpids1, null, otherInfo1); TaggedAttribute tagattr1 = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo1); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo1); controlSeq.addElement(tagattr1); } } - attr = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_dataReturn)); + attr = + (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_dataReturn)); if (attr != null) bpid = processDataReturnControl(attr, controlSeq, bpid); attr = - (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_transactionId); + (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_transactionId); if (attr != null) bpid = processTransactionControl(attr, controlSeq, bpid); attr = - (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_senderNonce); + (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_senderNonce); if (attr != null) bpid = processSenderNonceControl(attr, controlSeq, bpid); attr = - (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_QueryPending); + (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_QueryPending); if (attr != null) - bpid = processQueryPendingControl(attr, controlSeq, bpid); + bpid = processQueryPendingControl(attr, controlSeq, bpid); - attr = - (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_idConfirmCertAcceptance); + attr = + (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_idConfirmCertAcceptance); - if (attr != null) + if (attr != null) bpid = processConfirmCertAcceptanceControl(attr, controlSeq, - bpid); + bpid); - attr = - (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_revokeRequest); + attr = + (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_revokeRequest); - if (attr != null) + if (attr != null) bpid = processRevokeRequestControl(attr, controlSeq, - bpid); + bpid); } if (success_bpids != null && success_bpids.size() > 0) { - for (int i=0; i<reqs.length; i++) { + for (int i = 0; i < reqs.length; i++) { if (error_codes[i] == 0) { - X509CertImpl impl = - (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT)); + X509CertImpl impl = + (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT)); byte[] bin = impl.getEncoded(); Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = (Certificate)certTemplate.decode( - new ByteArrayInputStream(bin)); + Certificate cert = (Certificate) certTemplate.decode( + new ByteArrayInputStream(bin)); certs.addElement(cert); } } } ResponseBody respBody = new ResponseBody(controlSeq, - cmsSeq, otherMsgSeq); + cmsSeq, otherMsgSeq); ContentInfo contentInfo = getContentInfo(respBody, certs); ByteArrayOutputStream fos = new ByteArrayOutputStream(); @@ -354,16 +353,16 @@ public class CMCOutputTemplate { resp.setContentType("application/pkcs7-mime"); resp.setContentLength(contentBytes.length); OutputStream os = resp.getOutputStream(); - os.write(contentBytes); + os.write(contentBytes); os.flush(); } catch (java.security.cert.CertificateEncodingException e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } catch (InvalidBERException e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } catch (IOException e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } catch (Exception e) { - CMS.debug("Exception: "+e.toString()); + CMS.debug("Exception: " + e.toString()); } } @@ -371,48 +370,46 @@ public class CMCOutputTemplate { try { ICertificateAuthority ca = null; // add CA cert chain - ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ca = (ICertificateAuthority) CMS.getSubsystem("ca"); CertificateChain certchains = ca.getCACertChain(); java.security.cert.X509Certificate[] chains = certchains.getChain(); - for (int i=0; i<chains.length; i++) { + for (int i = 0; i < chains.length; i++) { Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = (Certificate)certTemplate.decode( - new ByteArrayInputStream(chains[i].getEncoded())); + Certificate cert = (Certificate) certTemplate.decode( + new ByteArrayInputStream(chains[i].getEncoded())); certs.addElement(cert); } - + EncapsulatedContentInfo enContentInfo = new EncapsulatedContentInfo( - OBJECT_IDENTIFIER.id_cct_PKIResponse, respBody); + OBJECT_IDENTIFIER.id_cct_PKIResponse, respBody); org.mozilla.jss.crypto.X509Certificate x509CAcert = null; x509CAcert = ca.getCaX509Cert(); X509CertImpl caimpl = new X509CertImpl(x509CAcert.getEncoded()); - X500Name issuerName = (X500Name)caimpl.getIssuerDN(); + X500Name issuerName = (X500Name) caimpl.getIssuerDN(); byte[] issuerByte = issuerName.getEncoded(); - ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte); + ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte); Name issuer = (Name) Name.getTemplate().decode(istream); IssuerAndSerialNumber ias = new IssuerAndSerialNumber( - issuer, new INTEGER(x509CAcert.getSerialNumber().toString())); + issuer, new INTEGER(x509CAcert.getSerialNumber().toString())); SignerIdentifier si = new SignerIdentifier( - SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); + SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); // use CA instance's default signature and digest algorithm SignatureAlgorithm signAlg = ca.getDefaultSignatureAlgorithm(); org.mozilla.jss.crypto.PrivateKey privKey = - CryptoManager.getInstance().findPrivKeyByCert(x509CAcert); -/* - org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType(); - if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.RSA ) ) { - signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; - } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.DSA ) ) { - signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; - } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.EC ) ) { - signAlg = SignatureAlgorithm.ECSignatureWithSHA1Digest; - } else { - CMS.debug( "CMCOutputTemplate::getContentInfo() - " - + "signAlg is unsupported!" ); - return null; - } -*/ + CryptoManager.getInstance().findPrivKeyByCert(x509CAcert); + /* + * org.mozilla.jss.crypto.PrivateKey.Type keyType = + * privKey.getType(); if( keyType.equals( + * org.mozilla.jss.crypto.PrivateKey.RSA ) ) { signAlg = + * SignatureAlgorithm.RSASignatureWithSHA1Digest; } else if( + * keyType.equals( org.mozilla.jss.crypto.PrivateKey.DSA ) ) { + * signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; } else + * if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.EC ) ) { + * signAlg = SignatureAlgorithm.ECSignatureWithSHA1Digest; } else { + * CMS.debug( "CMCOutputTemplate::getContentInfo() - " + + * "signAlg is unsupported!" ); return null; } + */ DigestAlgorithm digestAlg = signAlg.getDigestAlg(); MessageDigest msgDigest = null; byte[] digest = null; @@ -425,9 +422,9 @@ public class CMCOutputTemplate { digest = msgDigest.digest(ostream.toByteArray()); SignerInfo signInfo = new - SignerInfo(si, null, null, - OBJECT_IDENTIFIER.id_cct_PKIResponse, - digest, signAlg, privKey); + SignerInfo(si, null, null, + OBJECT_IDENTIFIER.id_cct_PKIResponse, + digest, signAlg, privKey); SET signInfos = new SET(); signInfos.addElement(signInfo); @@ -436,30 +433,30 @@ public class CMCOutputTemplate { if (digestAlg != null) { AlgorithmIdentifier ai = new - AlgorithmIdentifier(digestAlg.toOID(), null); - + AlgorithmIdentifier(digestAlg.toOID(), null); + digestAlgs.addElement(ai); } SignedData signedData = new SignedData(digestAlgs, - enContentInfo, certs, null, signInfos); + enContentInfo, certs, null, signInfos); ContentInfo contentInfo = new ContentInfo(signedData); CMS.debug("CMCOutputTemplate::getContentInfo() - done"); return contentInfo; } catch (Exception e) { - CMS.debug("CMCOutputTemplate: Failed to create CMCContentInfo. Exception: "+e.toString()); + CMS.debug("CMCOutputTemplate: Failed to create CMCContentInfo. Exception: " + e.toString()); } - return null; + return null; } - public void createSimpleResponse(HttpServletResponse resp, IRequest []reqs) { + public void createSimpleResponse(HttpServletResponse resp, IRequest[] reqs) { SET certs = new SET(); SessionContext context = SessionContext.getContext(); try { - TaggedAttribute attr = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); + TaggedAttribute attr = + (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); processGetCertControl(attr, certs); - } catch (Exception e) { + } catch (Exception e) { CMS.debug("CMCOutputTemplate: No certificate is found."); } @@ -472,34 +469,34 @@ public class CMCOutputTemplate { try { if (reqs != null) { - for (int i=0; i<reqs.length; i++) { - X509CertImpl impl = - (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT)); + for (int i = 0; i < reqs.length; i++) { + X509CertImpl impl = + (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT)); byte[] bin = impl.getEncoded(); Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = - (Certificate)certTemplate.decode(new ByteArrayInputStream(bin)); + Certificate cert = + (Certificate) certTemplate.decode(new ByteArrayInputStream(bin)); certs.addElement(cert); } // Get CA certs - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); CertificateChain certchains = ca.getCACertChain(); java.security.cert.X509Certificate[] chains = certchains.getChain(); - for (int i=0; i<chains.length; i++) { + for (int i = 0; i < chains.length; i++) { Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = (Certificate)certTemplate.decode( - new ByteArrayInputStream(chains[i].getEncoded())); + Certificate cert = (Certificate) certTemplate.decode( + new ByteArrayInputStream(chains[i].getEncoded())); certs.addElement(cert); } } - + if (certs.size() == 0) return; SignedData signedData = new SignedData(digestAlgorithms, - enContentInfo, certs, null, signedInfos); + enContentInfo, certs, null, signedInfos); ContentInfo contentInfo = new ContentInfo(signedData); ByteArrayOutputStream fos = new ByteArrayOutputStream(); @@ -510,48 +507,48 @@ public class CMCOutputTemplate { resp.setContentType("application/pkcs7-mime"); resp.setContentLength(contentBytes.length); OutputStream os = resp.getOutputStream(); - os.write(contentBytes); + os.write(contentBytes); os.flush(); } catch (java.security.cert.CertificateEncodingException e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } catch (InvalidBERException e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } catch (IOException e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } } private int processConfirmCertAcceptanceControl( - TaggedAttribute attr, SEQUENCE controlSeq, int bpid) { + TaggedAttribute attr, SEQUENCE controlSeq, int bpid) { if (attr != null) { INTEGER bodyId = attr.getBodyPartID(); SEQUENCE seq = new SEQUENCE(); - seq.addElement(bodyId); + seq.addElement(bodyId); SET values = attr.getValues(); if (values != null && values.size() > 0) { try { - CMCCertId cmcCertId = - (CMCCertId)(ASN1Util.decode(CMCCertId.getTemplate(), - ASN1Util.encode(values.elementAt(0)))); - BigInteger serialno = (BigInteger)(cmcCertId.getSerial()); - SEQUENCE issuers = cmcCertId.getIssuer(); - //ANY issuer = (ANY)issuers.elementAt(0); - ANY issuer = - (ANY)(ASN1Util.decode(ANY.getTemplate(), - ASN1Util.encode(issuers.elementAt(0)))); + CMCCertId cmcCertId = + (CMCCertId) (ASN1Util.decode(CMCCertId.getTemplate(), + ASN1Util.encode(values.elementAt(0)))); + BigInteger serialno = (BigInteger) (cmcCertId.getSerial()); + SEQUENCE issuers = cmcCertId.getIssuer(); + // ANY issuer = (ANY)issuers.elementAt(0); + ANY issuer = + (ANY) (ASN1Util.decode(ANY.getTemplate(), + ASN1Util.encode(issuers.elementAt(0)))); byte[] b = issuer.getEncoded(); X500Name n = new X500Name(b); ICertificateAuthority ca = null; - ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ca = (ICertificateAuthority) CMS.getSubsystem("ca"); X500Name caName = ca.getX500Name(); boolean confirmAccepted = false; if (n.toString().equalsIgnoreCase(caName.toString())) { CMS.debug("CMCOutputTemplate: Issuer names are equal"); ICertificateRepository repository = - (ICertificateRepository)ca.getCertificateRepository(); + (ICertificateRepository) ca.getCertificateRepository(); X509CertImpl impl = null; try { - repository.getX509Certificate(serialno); + repository.getX509Certificate(serialno); } catch (EBaseException ee) { CMS.debug("CMCOutputTemplate: Certificate in the confirm acceptance control was not found"); } @@ -559,77 +556,77 @@ public class CMCOutputTemplate { CMCStatusInfo cmcStatusInfo = null; if (confirmAccepted) { CMS.debug("CMCOutputTemplate: Confirm Acceptance received. The certificate exists in the certificate repository."); - cmcStatusInfo = - new CMCStatusInfo(CMCStatusInfo.SUCCESS, seq, - (String)null, null); + cmcStatusInfo = + new CMCStatusInfo(CMCStatusInfo.SUCCESS, seq, + (String) null, null); } else { CMS.debug("CMCOutputTemplate: Confirm Acceptance received. The certificate does not exist in the certificate repository."); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_CERT_ID), null); - cmcStatusInfo = - new CMCStatusInfo(CMCStatusInfo.FAILED, seq, - (String)null, otherInfo); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_CERT_ID), null); + cmcStatusInfo = + new CMCStatusInfo(CMCStatusInfo.FAILED, seq, + (String) null, otherInfo); } TaggedAttribute statustagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); - controlSeq.addElement(statustagattr); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + controlSeq.addElement(statustagattr); } catch (Exception e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } - } + } } return bpid; } private void processGetCertControl(TaggedAttribute attr, SET certs) - throws InvalidBERException, java.security.cert.CertificateEncodingException, - IOException, EBaseException { + throws InvalidBERException, java.security.cert.CertificateEncodingException, + IOException, EBaseException { if (attr != null) { SET vals = attr.getValues(); if (vals.size() == 1) { GetCert getCert = - (GetCert)(ASN1Util.decode(GetCert.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); - BigInteger serialno = (BigInteger)(getCert.getSerialNumber()); - ANY issuer = (ANY)getCert.getIssuer(); + (GetCert) (ASN1Util.decode(GetCert.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); + BigInteger serialno = (BigInteger) (getCert.getSerialNumber()); + ANY issuer = (ANY) getCert.getIssuer(); byte b[] = issuer.getEncoded(); X500Name n = new X500Name(b); - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); X500Name caName = ca.getX500Name(); if (!n.toString().equalsIgnoreCase(caName.toString())) { CMS.debug("CMCOutputTemplate: Issuer names are equal in the GetCert Control"); throw new EBaseException("Certificate is not found"); } ICertificateRepository repository = - (ICertificateRepository)ca.getCertificateRepository(); + (ICertificateRepository) ca.getCertificateRepository(); X509CertImpl impl = repository.getX509Certificate(serialno); byte[] bin = impl.getEncoded(); Certificate.Template certTemplate = new Certificate.Template(); Certificate cert = - (Certificate)certTemplate.decode(new ByteArrayInputStream(bin)); + (Certificate) certTemplate.decode(new ByteArrayInputStream(bin)); certs.addElement(cert); } } } - + private int processQueryPendingControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) { + SEQUENCE controlSeq, int bpid) { if (attr != null) { SET values = attr.getValues(); - if (values != null && values.size() > 0) { + if (values != null && values.size() > 0) { SEQUENCE pending_bpids = new SEQUENCE(); SEQUENCE success_bpids = new SEQUENCE(); SEQUENCE failed_bpids = new SEQUENCE(); - for (int i=0; i<values.size(); i++) { + for (int i = 0; i < values.size(); i++) { try { INTEGER reqId = (INTEGER) - ASN1Util.decode(INTEGER.getTemplate(), - ASN1Util.encode(values.elementAt(i))); + ASN1Util.decode(INTEGER.getTemplate(), + ASN1Util.encode(values.elementAt(i))); String requestId = new String(reqId.toByteArray()); - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); IRequestQueue queue = ca.getRequestQueue(); IRequest r = queue.findRequest(new RequestId(requestId)); if (r != null) { @@ -649,43 +646,43 @@ public class CMCOutputTemplate { if (pending_bpids.size() > 0) { CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, - pending_bpids, (String)null, null); + pending_bpids, (String) null, null); TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } if (success_bpids.size() > 0) { CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, - pending_bpids, (String)null, null); + pending_bpids, (String) null, null); TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } if (failed_bpids.size() > 0) { CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - pending_bpids, (String)null, null); + pending_bpids, (String) null, null); TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } - } + } } return bpid; } - private int processTransactionControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) { + private int processTransactionControl(TaggedAttribute attr, + SEQUENCE controlSeq, int bpid) { if (attr != null) { SET transIds = attr.getValues(); if (transIds != null) { TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId, - transIds); + new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId, + transIds); controlSeq.addElement(tagattr); } } @@ -694,16 +691,16 @@ public class CMCOutputTemplate { } private int processSenderNonceControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) { + SEQUENCE controlSeq, int bpid) { if (attr != null) { SET sNonce = attr.getValues(); if (sNonce != null) { TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_recipientNonce, - sNonce); + new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_recipientNonce, + sNonce); controlSeq.addElement(tagattr); Date date = new Date(); - String salt = "lala123"+date.toString(); + String salt = "lala123" + date.toString(); byte[] dig; try { MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); @@ -714,8 +711,8 @@ public class CMCOutputTemplate { String b64E = CMS.BtoA(dig); tagattr = new TaggedAttribute( - new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce, - new OCTET_STRING(b64E.getBytes())); + new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce, + new OCTET_STRING(b64E.getBytes())); controlSeq.addElement(tagattr); } } @@ -723,29 +720,29 @@ public class CMCOutputTemplate { return bpid; } - private int processDataReturnControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) throws InvalidBERException { + private int processDataReturnControl(TaggedAttribute attr, + SEQUENCE controlSeq, int bpid) throws InvalidBERException { if (attr != null) { SET vals = attr.getValues(); - + if (vals.size() > 0) { - OCTET_STRING str = - (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + OCTET_STRING str = + (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_dataReturn, str); - controlSeq.addElement(tagattr); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_dataReturn, str); + controlSeq.addElement(tagattr); } - } + } return bpid; } - private int processRevokeRequestControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) throws InvalidBERException, EBaseException, - IOException { + private int processRevokeRequestControl(TaggedAttribute attr, + SEQUENCE controlSeq, int bpid) throws InvalidBERException, EBaseException, + IOException { boolean revoke = false; SessionContext context = SessionContext.getContext(); if (attr != null) { @@ -754,10 +751,10 @@ public class CMCOutputTemplate { SET vals = attr.getValues(); if (vals.size() > 0) { RevRequest revRequest = - (RevRequest)(ASN1Util.decode(new RevRequest.Template(), - ASN1Util.encode(vals.elementAt(0)))); + (RevRequest) (ASN1Util.decode(new RevRequest.Template(), + ASN1Util.encode(vals.elementAt(0)))); OCTET_STRING str = revRequest.getSharedSecret(); - INTEGER pid = attr.getBodyPartID(); + INTEGER pid = attr.getBodyPartID(); TaggedAttribute tagattr = null; INTEGER revokeCertSerial = revRequest.getSerialNumber(); BigInteger revokeSerial = new BigInteger(revokeCertSerial.toByteArray()); @@ -767,25 +764,25 @@ public class CMCOutputTemplate { needVerify = CMS.getConfigStore().getBoolean("cmc.revokeCert.verify", true); } catch (Exception e) { } - + if (needVerify) { - Integer num1 = (Integer)context.get("numOfOtherMsgs"); + Integer num1 = (Integer) context.get("numOfOtherMsgs"); int num = num1.intValue(); - for (int i=0; i<num; i++) { - OtherMsg data = (OtherMsg)context.get("otherMsg"+i); - INTEGER dpid = data.getBodyPartID(); + for (int i = 0; i < num; i++) { + OtherMsg data = (OtherMsg) context.get("otherMsg" + i); + INTEGER dpid = data.getBodyPartID(); if (pid.longValue() == dpid.longValue()) { - ANY msgValue = data.getOtherMsgValue(); - SignedData msgData = - (SignedData)msgValue.decodeWith(SignedData.getTemplate()); + ANY msgValue = data.getOtherMsgValue(); + SignedData msgData = + (SignedData) msgValue.decodeWith(SignedData.getTemplate()); if (!verifyRevRequestSignature(msgData)) { OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -794,7 +791,7 @@ public class CMCOutputTemplate { } revoke = true; - // check shared secret + // check shared secret } else { ISharedToken tokenClass = null; boolean sharedSecretFound = true; @@ -810,15 +807,15 @@ public class CMCOutputTemplate { } try { - tokenClass = (ISharedToken)Class.forName(name).newInstance(); + tokenClass = (ISharedToken) Class.forName(name).newInstance(); } catch (ClassNotFoundException e) { - CMS.debug("EnrollProfile: Failed to find class name: "+name); + CMS.debug("EnrollProfile: Failed to find class name: " + name); sharedSecretFound = false; } catch (InstantiationException e) { - CMS.debug("EnrollProfile: Failed to instantiate class: "+name); + CMS.debug("EnrollProfile: Failed to instantiate class: " + name); sharedSecretFound = false; } catch (IllegalAccessException e) { - CMS.debug("EnrollProfile: Illegal access: "+name); + CMS.debug("EnrollProfile: Illegal access: " + name); sharedSecretFound = false; } @@ -827,10 +824,10 @@ public class CMCOutputTemplate { OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -846,10 +843,10 @@ public class CMCOutputTemplate { OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -864,23 +861,23 @@ public class CMCOutputTemplate { OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } - } + } if (revoke) { - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); - ICertificateRepository repository = (ICertificateRepository)ca.getCertificateRepository(); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); + ICertificateRepository repository = (ICertificateRepository) ca.getCertificateRepository(); ICertRecord record = null; try { record = repository.readCertificateRecord(revokeSerial); } catch (EBaseException ee) { - CMS.debug("CMCOutputTemplate: Exception: "+ee.toString()); + CMS.debug("CMCOutputTemplate: Exception: " + ee.toString()); } if (record == null) { @@ -888,10 +885,10 @@ public class CMCOutputTemplate { OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_CERT_ID), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -901,10 +898,10 @@ public class CMCOutputTemplate { SEQUENCE success_bpids = new SEQUENCE(); success_bpids.addElement(attrbpid); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, - success_bpids, (String)null, null); + success_bpids, (String) null, null); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -928,7 +925,7 @@ public class CMCOutputTemplate { RevokedCertImpl revCertImpl = new RevokedCertImpl(impl.getSerialNumber(), CMS.getCurrentDate(), entryExtn); RevokedCertImpl[] revCertImpls = new RevokedCertImpl[1]; revCertImpls[0] = revCertImpl; - IRequestQueue queue = ca.getRequestQueue(); + IRequestQueue queue = ca.getRequestQueue(); IRequest revReq = queue.newRequest(IRequest.REVOCATION_REQUEST); revReq.setExtData(IRequest.CERT_INFO, revCertImpls); revReq.setExtData(IRequest.REVOKED_REASON, @@ -941,17 +938,17 @@ public class CMCOutputTemplate { RequestStatus stat = revReq.getRequestStatus(); if (stat == RequestStatus.COMPLETE) { Integer result = revReq.getExtDataInInteger(IRequest.RESULT); - CMS.debug("CMCOutputTemplate: revReq result = "+result); + CMS.debug("CMCOutputTemplate: revReq result = " + result); if (result.equals(IRequest.RES_ERROR)) { CMS.debug("CMCOutputTemplate: revReq exception: " + revReq.getExtDataInString(IRequest.ERROR)); OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_REQUEST), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -960,36 +957,36 @@ public class CMCOutputTemplate { ILogger logger = CMS.getLogger(); String initiative = AuditFormat.FROMUSER; logger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, new Object[] { - revReq.getRequestId(), initiative, "completed", - impl.getSubjectDN(), - impl.getSerialNumber().toString(16), - reason.toString()}); + AuditFormat.DOREVOKEFORMAT, new Object[] { + revReq.getRequestId(), initiative, "completed", + impl.getSubjectDN(), + impl.getSerialNumber().toString(16), + reason.toString() }); CMS.debug("CMCOutputTemplate: Certificate get revoked."); SEQUENCE success_bpids = new SEQUENCE(); success_bpids.addElement(attrbpid); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, - success_bpids, (String)null, null); + success_bpids, (String) null, null); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } else { OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } } } - return bpid; + return bpid; } private RevocationReason toRevocationReason(ENUMERATED n) { @@ -998,7 +995,7 @@ public class CMCOutputTemplate { return RevocationReason.UNSPECIFIED; else if (code == RevRequest.affiliationChanged.getValue()) return RevocationReason.AFFILIATION_CHANGED; - else if (code == RevRequest.cACompromise.getValue()) + else if (code == RevRequest.cACompromise.getValue()) return RevocationReason.CA_COMPROMISE; else if (code == RevRequest.certificateHold.getValue()) return RevocationReason.CERTIFICATE_HOLD; @@ -1022,33 +1019,33 @@ public class CMCOutputTemplate { EncapsulatedContentInfo ci = msgData.getContentInfo(); OCTET_STRING content = ci.getContent(); ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray()); - TaggedAttribute tattr = (TaggedAttribute)(new TaggedAttribute.Template()).decode(s); + TaggedAttribute tattr = (TaggedAttribute) (new TaggedAttribute.Template()).decode(s); SET values = tattr.getValues(); RevRequest revRequest = null; if (values != null && values.size() > 0) revRequest = - (RevRequest)(ASN1Util.decode(new RevRequest.Template(), - ASN1Util.encode(values.elementAt(0)))); + (RevRequest) (ASN1Util.decode(new RevRequest.Template(), + ASN1Util.encode(values.elementAt(0)))); SET dias = msgData.getDigestAlgorithmIdentifiers(); int numDig = dias.size(); Hashtable<String, byte[]> digs = new Hashtable<String, byte[]>(); - for (int i=0; i<numDig; i++) { + for (int i = 0; i < numDig; i++) { AlgorithmIdentifier dai = - (AlgorithmIdentifier) dias.elementAt(i); + (AlgorithmIdentifier) dias.elementAt(i); String name = - DigestAlgorithm.fromOID(dai.getOID()).toString(); + DigestAlgorithm.fromOID(dai.getOID()).toString(); MessageDigest md = - MessageDigest.getInstance(name); + MessageDigest.getInstance(name); byte[] digest = md.digest(content.toByteArray()); digs.put(name, digest); } SET sis = msgData.getSignerInfos(); - int numSis = sis.size(); - for (int i=0; i<numSis; i++) { + int numSis = sis.size(); + for (int i = 0; i < numSis; i++) { org.mozilla.jss.pkix.cms.SignerInfo si = - (org.mozilla.jss.pkix.cms.SignerInfo)sis.elementAt(i); + (org.mozilla.jss.pkix.cms.SignerInfo) sis.elementAt(i); String name = si.getDigestAlgorithm().toString(); byte[] digest = digs.get(name); if (digest == null) { @@ -1060,21 +1057,21 @@ public class CMCOutputTemplate { SignerIdentifier sid = si.getSignerIdentifier(); if (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) { org.mozilla.jss.pkix.cms.IssuerAndSerialNumber issuerAndSerialNumber = - sid.getIssuerAndSerialNumber(); + sid.getIssuerAndSerialNumber(); java.security.cert.X509Certificate cert = null; if (msgData.hasCertificates()) { SET certs = msgData.getCertificates(); int numCerts = certs.size(); - for (int j=0; j<numCerts; j++) { + for (int j = 0; j < numCerts; j++) { org.mozilla.jss.pkix.cert.Certificate certJss = - (Certificate) certs.elementAt(j); - org.mozilla.jss.pkix.cert.CertificateInfo certI = - certJss.getInfo(); + (Certificate) certs.elementAt(j); + org.mozilla.jss.pkix.cert.CertificateInfo certI = + certJss.getInfo(); Name issuer = certI.getIssuer(); byte[] issuerB = ASN1Util.encode(issuer); INTEGER sn = certI.getSerialNumber(); if (new String(issuerB).equalsIgnoreCase(new String(ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) && - sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { + sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { ByteArrayOutputStream os = new ByteArrayOutputStream(); certJss.encode(os); cert = new X509CertImpl(os.toByteArray()); @@ -1082,23 +1079,23 @@ public class CMCOutputTemplate { } } } - + if (cert != null) { PublicKey pbKey = cert.getPublicKey(); - String type = ((X509Key)pbKey).getAlgorithm(); + String type = ((X509Key) pbKey).getAlgorithm(); PrivateKey.Type kType = PrivateKey.RSA; if (type.equals("DSA")) kType = PrivateKey.DSA; - PK11PubKey pubK = PK11PubKey.fromRaw(kType, ((X509Key)pbKey).getKey()); + PK11PubKey pubK = PK11PubKey.fromRaw(kType, ((X509Key) pbKey).getKey()); si.verify(digest, ci.getContentType(), pubK); return true; } - } - } - + } + } + return false; } catch (Exception e) { - CMS.debug("CMCOutputTemplate: verifyRevRequestSignature. Exception: "+e.toString()); + CMS.debug("CMCOutputTemplate: verifyRevRequestSignature. Exception: " + e.toString()); return false; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java index 7f89297c..4d7c4cdd 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.io.File; import java.io.FileInputStream; import java.io.IOException; @@ -27,10 +26,9 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.logging.ILogger; - /** * CMSFile represents a file from the filesystem cached in memory - * + * * @version $Revision$, $Date$ */ public class CMSFile { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java index bf4c3cf6..1d1d3479 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.io.File; import java.io.IOException; import java.util.Enumeration; @@ -26,10 +25,9 @@ import java.util.Hashtable; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; - /** * CMSFileLoader - file cache. - * + * * @version $Revision$, $Date$ */ @@ -45,14 +43,14 @@ public class CMSFileLoader { // property to cache templates only public final String PROP_CACHE_TEMPLATES_ONLY = "cacheTemplatesOnly"; - // hash of files to their content. + // hash of files to their content. private Hashtable mLoadedFiles = new Hashtable(); - // max number of files + // max number of files private int mMaxSize = MAX_SIZE; // number of files to clear when max is reached. - private int mClearSize = CLEAR_SIZE; + private int mClearSize = CLEAR_SIZE; // whether to cache templates and forms only. private boolean mCacheTemplatesOnly = true; @@ -63,15 +61,15 @@ public class CMSFileLoader { public void init(IConfigStore config) throws EBaseException { mMaxSize = config.getInteger(PROP_MAX_SIZE, MAX_SIZE); mClearSize = config.getInteger(PROP_CLEAR_SIZE, CLEAR_SIZE); - mCacheTemplatesOnly = + mCacheTemplatesOnly = config.getBoolean(PROP_CACHE_TEMPLATES_ONLY, true); } // Changed by bskim - //public byte[] get(String absPath) throws EBaseException, IOException { - // File file = new File(absPath); - // return get(file); - //} + // public byte[] get(String absPath) throws EBaseException, IOException { + // File file = new File(absPath); + // return get(file); + // } public byte[] get(String absPath, String enc) throws EBaseException, IOException { File file = new File(absPath); @@ -81,19 +79,19 @@ public class CMSFileLoader { // Change end // Changed by bskim - //public byte[] get(File file) throws EBaseException, IOException { - // CMSFile cmsFile = getCMSFile(file); + // public byte[] get(File file) throws EBaseException, IOException { + // CMSFile cmsFile = getCMSFile(file); public byte[] get(File file, String enc) throws EBaseException, IOException { CMSFile cmsFile = getCMSFile(file, enc); - // Change end + // Change end return cmsFile.getContent(); } // Changed by bskim - //public CMSFile getCMSFile(File file) throws EBaseException, IOException { + // public CMSFile getCMSFile(File file) throws EBaseException, IOException { public CMSFile getCMSFile(File file, String enc) throws EBaseException, IOException { - // Change end + // Change end String absPath = file.getAbsolutePath(); long modified = file.lastModified(); CMSFile cmsFile = (CMSFile) mLoadedFiles.get(absPath); @@ -102,8 +100,8 @@ public class CMSFileLoader { // new file. if (cmsFile == null || modified != lastModified) { // Changed by bskim - //cmsFile = updateFile(absPath, file); - cmsFile = updateFile(absPath, file, enc); + // cmsFile = updateFile(absPath, file); + cmsFile = updateFile(absPath, file, enc); // Change end } cmsFile.setLastAccess(System.currentTimeMillis()); @@ -111,10 +109,10 @@ public class CMSFileLoader { } // Changed by bskim - //private CMSFile updateFile(String absPath, File file) - private CMSFile updateFile(String absPath, File file, String enc) - // Change end - throws EBaseException, IOException { + // private CMSFile updateFile(String absPath, File file) + private CMSFile updateFile(String absPath, File file, String enc) + // Change end + throws EBaseException, IOException { // clear if cache size exceeded. if (mLoadedFiles.size() >= mMaxSize) { clearSomeFiles(); @@ -125,24 +123,24 @@ public class CMSFileLoader { // check if file is a js template or plain template by its first String if (absPath.endsWith(CMSTemplate.SUFFIX)) { // Changed by bskim - //cmsFile = new CMSTemplate(file); + // cmsFile = new CMSTemplate(file); cmsFile = new CMSTemplate(file, enc); // End of Change } else { cmsFile = new CMSFile(file); } - mLoadedFiles.put(absPath, cmsFile); // replace old one if any. + mLoadedFiles.put(absPath, cmsFile); // replace old one if any. return cmsFile; } private synchronized void clearSomeFiles() { // recheck this in case some other thread has cleared it. - if (mLoadedFiles.size() < mMaxSize) + if (mLoadedFiles.size() < mMaxSize) return; - // remove the LRU files. - // XXX could be optimized more. + // remove the LRU files. + // XXX could be optimized more. Enumeration elements = mLoadedFiles.elements(); for (int i = mClearSize; i > 0; i--) { @@ -160,4 +158,3 @@ public class CMSFileLoader { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java index a76b1c75..c3854935 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java @@ -17,14 +17,12 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.ListResourceBundle; - /** * A class represents a resource bundle for cms gateway. * <P> - * + * * @version $Revision$, $Date$ * @see java.util.ListResourceBundle */ @@ -38,8 +36,7 @@ public class CMSGWResources extends ListResourceBundle { } /* - * Constants. The suffix represents the number of - * possible parameters. + * Constants. The suffix represents the number of possible parameters. */ static final Object[][] contents = {}; diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java index b5c6e3c7..8fa9471e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.io.File; import java.io.IOException; import java.security.cert.X509Certificate; @@ -41,10 +40,9 @@ import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.logging.ILogger; - /** * This class is to hold some general method for servlets. - * + * * @version $Revision$, $Date$ */ public class CMSGateway { @@ -52,8 +50,8 @@ public class CMSGateway { private final static String PROP_ENABLE_ADMIN_ENROLL = "enableAdminEnroll"; private final static String PROP_SERVER_XML = "server.xml"; - public static final String CERT_ATTR = - "javax.servlet.request.X509Certificate"; + public static final String CERT_ATTR = + "javax.servlet.request.X509Certificate"; protected static CMSFileLoader mFileLoader = new CMSFileLoader(); @@ -68,11 +66,11 @@ public class CMSGateway { mEnableFileServing = true; mConfig = CMS.getConfigStore().getSubStore(PROP_CMSGATEWAY); try { - mEnableAdminEnroll = + mEnableAdminEnroll = mConfig.getBoolean(PROP_ENABLE_ADMIN_ENROLL, false); } catch (EBaseException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_BAD_CONFIG_PARAM")); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_BAD_CONFIG_PARAM")); } } @@ -88,7 +86,7 @@ public class CMSGateway { httpReqHash.put(name, req.getParameter(name)); } - + String ip = req.getRemoteAddr(); if (ip != null) httpReqHash.put("clientHost", ip); @@ -99,11 +97,11 @@ public class CMSGateway { return mEnableAdminEnroll; } - public static void setEnableAdminEnroll(boolean enableAdminEnroll) - throws EBaseException { + public static void setEnableAdminEnroll(boolean enableAdminEnroll) + throws EBaseException { IConfigStore mainConfig = CMS.getConfigStore(); - //!!! Is it thread safe? xxxx + // !!! Is it thread safe? xxxx mEnableAdminEnroll = enableAdminEnroll; mConfig.putBoolean(PROP_ENABLE_ADMIN_ENROLL, enableAdminEnroll); mainConfig.commit(true); @@ -112,9 +110,9 @@ public class CMSGateway { public static void disableAdminEnroll() throws EBaseException { setEnableAdminEnroll(false); - /* need to do this in web.xml and restart ws - removeServlet("/ca/adminEnroll", "AdminEnroll"); - initGateway(); + /* + * need to do this in web.xml and restart ws + * removeServlet("/ca/adminEnroll", "AdminEnroll"); initGateway(); */ } @@ -123,14 +121,14 @@ public class CMSGateway { * manager. */ public static AuthCredentials getAuthCreds( - IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert) - throws EBaseException { + IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert) + throws EBaseException { // get credentials from http parameters. if (authMgr == null) - return null; + return null; String[] reqCreds = authMgr.getRequiredCreds(); AuthCredentials creds = new AuthCredentials(); - + if (clientCert instanceof java.security.cert.X509Certificate) { try { clientCert = new netscape.security.x509.X509CertImpl(clientCert.getEncoded()); @@ -144,8 +142,8 @@ public class CMSGateway { if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) { // cert could be null; - creds.set(reqCred, new X509Certificate[] { clientCert} - ); + creds.set(reqCred, new X509Certificate[] { clientCert } + ); } else { String value = argBlock.getValueAsString(reqCred); @@ -163,9 +161,9 @@ public class CMSGateway { protected final static String AUTHMGR_PARAM = "authenticator"; public static AuthToken checkAuthManager( - HttpServletRequest httpReq, IArgBlock httpParams, - X509Certificate cert, String authMgrName) - throws EBaseException { + HttpServletRequest httpReq, IArgBlock httpParams, + X509Certificate cert, String authMgrName) + throws EBaseException { IArgBlock httpArgs = httpParams; if (httpArgs == null) @@ -181,43 +179,43 @@ public class CMSGateway { } if (authMgrName == null || authMgrName.length() == 0) { - throw new EBaseException(CMS.getLogMessage("BASE_INTERNAL_ERROR_1", + throw new EBaseException(CMS.getLogMessage("BASE_INTERNAL_ERROR_1", CMS.getLogMessage("CMSGW_AUTH_MAN_EXPECTED"))); } - - IAuthManager authMgr = - authSub.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); + + IAuthManager authMgr = + authSub.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); authMgr = authSub.getAuthManager(authMgrName); if (authMgr == null) return null; - IAuthCredentials creds = - getAuthCreds(authMgr, CMS.createArgBlock(toHashtable(httpReq)), cert); + IAuthCredentials creds = + getAuthCreds(authMgr, CMS.createArgBlock(toHashtable(httpReq)), cert); AuthToken authToken = null; try { - authToken = (AuthToken) authMgr.authenticate(creds); + authToken = (AuthToken) authMgr.authenticate(creds); } catch (EBaseException e) { throw e; } catch (Exception e) { CMS.debug("CMSGateway: " + e); // catch all errors from authentication manager. - throw new ECMSGWException(CMS.getLogMessage("CMSGW_AUTH_ERROR_2", + throw new ECMSGWException(CMS.getLogMessage("CMSGW_AUTH_ERROR_2", e.toString(), e.getMessage())); } return authToken; } public static void renderTemplate( - String templateName, - HttpServletRequest req, - HttpServletResponse resp, - ServletConfig servletConfig, - CMSFileLoader fileLoader) - throws EBaseException, IOException { - CMSTemplate template = - getTemplate(templateName, req, - servletConfig, fileLoader, new Locale[1]); + String templateName, + HttpServletRequest req, + HttpServletResponse resp, + ServletConfig servletConfig, + CMSFileLoader fileLoader) + throws EBaseException, IOException { + CMSTemplate template = + getTemplate(templateName, req, + servletConfig, fileLoader, new Locale[1]); ServletOutputStream out = resp.getOutputStream(); template.renderOutput(out, new CMSTemplateParams(null, null)); @@ -240,8 +238,8 @@ public class CMSGateway { * @param locale array of at least one to be filled with locale found. */ public static File getLangFile( - HttpServletRequest req, File realpathFile, Locale[] locale) - throws IOException { + HttpServletRequest req, File realpathFile, Locale[] locale) + throws IOException { File file = null; String acceptLang = req.getHeader("accept-language"); @@ -258,7 +256,7 @@ public class CMSGateway { } String name = realpathFile.getName(); - if (name == null) { // filename should never be null. + if (name == null) { // filename should never be null. throw new IOException("file has no name"); } int i; @@ -287,8 +285,8 @@ public class CMSGateway { } String langfilepath = - parent + File.separatorChar + - lang + File.separatorChar + name; + parent + File.separatorChar + + lang + File.separatorChar + name; file = new File(langfilepath); if (file.exists()) { @@ -311,54 +309,54 @@ public class CMSGateway { } /** - * get a template + * get a template */ protected static CMSTemplate getTemplate( - String templateName, - HttpServletRequest httpReq, - ServletConfig servletConfig, - CMSFileLoader fileLoader, - Locale[] locale) - throws EBaseException, IOException { + String templateName, + HttpServletRequest httpReq, + ServletConfig servletConfig, + CMSFileLoader fileLoader, + Locale[] locale) + throws EBaseException, IOException { // this converts to system dependent file seperator char. if (servletConfig == null) { - CMS.debug( "CMSGateway:getTemplate() - servletConfig is null!" ); + CMS.debug("CMSGateway:getTemplate() - servletConfig is null!"); return null; } if (servletConfig.getServletContext() == null) { } if (templateName == null) { } - String realpath = - servletConfig.getServletContext().getRealPath("/" + templateName); + String realpath = + servletConfig.getServletContext().getRealPath("/" + templateName); File realpathFile = new File(realpath); - File templateFile = - getLangFile(httpReq, realpathFile, locale); - CMSTemplate template = - //(CMSTemplate)fileLoader.getCMSFile(templateFile); - (CMSTemplate) fileLoader.getCMSFile(templateFile, httpReq.getCharacterEncoding()); + File templateFile = + getLangFile(httpReq, realpathFile, locale); + CMSTemplate template = + // (CMSTemplate)fileLoader.getCMSFile(templateFile); + (CMSTemplate) fileLoader.getCMSFile(templateFile, httpReq.getCharacterEncoding()); return template; } /** - * Get the If-Modified-Since header and compare it to the millisecond - * epoch value passed in. If there is no header, or there is a problem - * parsing the value, or if the file has been modified this will return - * true, indicating the file has changed. - * + * Get the If-Modified-Since header and compare it to the millisecond epoch + * value passed in. If there is no header, or there is a problem parsing the + * value, or if the file has been modified this will return true, indicating + * the file has changed. + * * @param lastModified The time value in milliseconds past the epoch to - * compare the If-Modified-Since header to. + * compare the If-Modified-Since header to. */ public static boolean modifiedSince(HttpServletRequest req, long lastModified) { long ifModSinceStr; try { ifModSinceStr = req.getDateHeader("If-Modified-Since"); - }catch (IllegalArgumentException e) { + } catch (IllegalArgumentException e) { return true; } - + if (ifModSinceStr < 0) { return true; } @@ -371,4 +369,3 @@ public class CMSGateway { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java index ca5abf03..62276df1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java @@ -17,12 +17,9 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - - - /** - * handy class containing cms templates to load & fill. - * + * handy class containing cms templates to load & fill. + * * @version $Revision$, $Date$ */ public class CMSLoadTemplate { @@ -35,9 +32,9 @@ public class CMSLoadTemplate { } public CMSLoadTemplate( - String propName, String fillerPropName, - String templateName, ICMSTemplateFiller filler) { - + String propName, String fillerPropName, + String templateName, ICMSTemplateFiller filler) { + mPropName = propName; mFillerPropName = fillerPropName; mTemplateName = templateName; diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java index 27f1d3a5..53f9ac22 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Hashtable; import java.util.Vector; @@ -35,7 +34,7 @@ import com.netscape.certsrv.request.RequestStatus; /** * This represents a user request. - * + * * @version $Revision$, $Date$ */ public class CMSRequest { @@ -46,7 +45,8 @@ public class CMSRequest { public static final Integer SVC_PENDING = Integer.valueOf(4); public static final Integer REJECTED = Integer.valueOf(5); public static final Integer ERROR = Integer.valueOf(6); - public static final Integer EXCEPTION = Integer.valueOf(7); // unexpected error. + public static final Integer EXCEPTION = Integer.valueOf(7); // unexpected + // error. private static final String RESULT = "cmsRequestResult"; @@ -59,7 +59,7 @@ public class CMSRequest { // http headers & other info. private HttpServletRequest mHttpReq = null; - // http response. + // http response. private HttpServletResponse mHttpResp = null; // http servlet config. @@ -68,11 +68,11 @@ public class CMSRequest { // http servlet context. private ServletContext mServletContext = null; - // permanent request in request queue. + // permanent request in request queue. private IRequest mRequest = null; // whether request processed successfully - private Integer mStatus = SUCCESS; + private Integer mStatus = SUCCESS; // exception message containing error that occured. // note exception could also be thrown seperately. @@ -85,13 +85,13 @@ public class CMSRequest { Object mResult = null; Hashtable mResults = new Hashtable(); - /** + /** * Constructor */ public CMSRequest() { } - // set methods use by servlets. + // set methods use by servlets. /** * set the HTTP parameters @@ -115,46 +115,46 @@ public class CMSRequest { } /** - * set the HTTP Response object which is used to create the - * HTTP response which is sent back to the user + * set the HTTP Response object which is used to create the HTTP response + * which is sent back to the user */ public void setHttpResp(HttpServletResponse httpResp) { mHttpResp = httpResp; } /** - * set the servlet configuration. The servlet configuration is - * read from the WEB-APPS/web.xml file under the <servlet> - * XML definition. The parameters are delimited by init-param - * param-name/param-value options as described in the servlet - * documentation. + * set the servlet configuration. The servlet configuration is read from the + * WEB-APPS/web.xml file under the <servlet> XML definition. The + * parameters are delimited by init-param param-name/param-value options as + * described in the servlet documentation. */ public void setServletConfig(ServletConfig servletConfig) { mServletConfig = servletConfig; } - /* - * set the servlet context. the servletcontext has detail - * about the currently running request + /* + * set the servlet context. the servletcontext has detail about the + * currently running request */ public void setServletContext(ServletContext servletContext) { mServletContext = servletContext; } - /** - * Set request status. - * @param status request status. Allowed values are - * UNAUTHORIZED, SUCCESS, REJECTED, PENDING, ERROR, SVC_PENDING + /** + * Set request status. + * + * @param status request status. Allowed values are UNAUTHORIZED, SUCCESS, + * REJECTED, PENDING, ERROR, SVC_PENDING * @throws IllegalArgumentException if status is not one of the above values */ public void setStatus(Integer status) { - if ( !status.equals( UNAUTHORIZED ) && - !status.equals( SUCCESS ) && - !status.equals( REJECTED ) && - !status.equals( PENDING ) && - !status.equals( ERROR ) && - !status.equals( SVC_PENDING ) && - !status.equals( EXCEPTION ) ) { + if (!status.equals(UNAUTHORIZED) && + !status.equals(SUCCESS) && + !status.equals(REJECTED) && + !status.equals(PENDING) && + !status.equals(ERROR) && + !status.equals(SVC_PENDING) && + !status.equals(EXCEPTION)) { throw new IllegalArgumentException(CMS.getLogMessage("CMSGW_BAD_REQ_STATUS")); } mStatus = status; @@ -169,9 +169,9 @@ public class CMSRequest { } public void setErrorDescription(String descr) { - if (mErrorDescr == null) + if (mErrorDescr == null) mErrorDescr = new Vector(); - mErrorDescr.addElement(descr); + mErrorDescr.addElement(descr); } public void setResult(Object result) { @@ -235,7 +235,7 @@ public class CMSRequest { return reason; } - // handy routines for IRequest. + // handy routines for IRequest. public void setExtData(String type, String value) { if (mRequest != null) { @@ -251,7 +251,7 @@ public class CMSRequest { } } - // policy errors; set on rejection or possibly deferral. + // policy errors; set on rejection or possibly deferral. public Vector getPolicyMessages() { if (mRequest != null) { return mRequest.getExtDataInStringVector(IRequest.ERRORS); @@ -259,13 +259,13 @@ public class CMSRequest { return null; } - /** - * set default CMS status according to IRequest status. + /** + * set default CMS status according to IRequest status. */ public void setIRequestStatus() throws EBaseException { if (mRequest == null) { - EBaseException e = - new ECMSGWException(CMS.getLogMessage("CMSGW_MISSING_REQUEST")); + EBaseException e = + new ECMSGWException(CMS.getLogMessage("CMSGW_MISSING_REQUEST")); throw e; } @@ -277,11 +277,11 @@ public class CMSRequest { mStatus = CMSRequest.SUCCESS; return; } - // unexpected resulting request status. + // unexpected resulting request status. if (status == RequestStatus.REJECTED) { mStatus = CMSRequest.REJECTED; return; - } // pending or service pending. + } // pending or service pending. else if (status == RequestStatus.PENDING) { mStatus = CMSRequest.PENDING; return; @@ -292,8 +292,8 @@ public class CMSRequest { RequestId reqId = mRequest.getRequestId(); throw new ECMSGWException( - CMS.getLogMessage("CMSGW_UNEXPECTED_REQUEST_STATUS_2", - status.toString(), reqId.toString())); + CMS.getLogMessage("CMSGW_UNEXPECTED_REQUEST_STATUS_2", + status.toString(), reqId.toString())); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java index b90278fa..748b769e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; @@ -39,23 +38,21 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.logging.ILogger; - /** - * File templates. This implementation will take - * an HTML file with a special customer tag - * <CMS_TEMPLATE> and replace the tag with - * a series of javascript variable definitions - * (depending on the servlet) - * + * File templates. This implementation will take an HTML file with a special + * customer tag <CMS_TEMPLATE> and replace the tag with a series of + * javascript variable definitions (depending on the servlet) + * * @version $Revision$, $Date$ */ public class CMSTemplate extends CMSFile { public static final String SUFFIX = ".template"; - /*========================================================== - * variables - *==========================================================*/ + /* + * ========================================================== variables + * ========================================================== + */ /* private variables */ private String mTemplateFileName = ""; @@ -68,19 +65,21 @@ public class CMSTemplate extends CMSFile { public static final String TEMPLATE_TAG = "<CMS_TEMPLATE>"; /* Character set for i18n */ - + /* Will be set by CMSServlet.getTemplate() */ private String mCharset = null; - /*========================================================== - * constructors - *==========================================================*/ + /* + * ========================================================== constructors + * ========================================================== + */ /** * Constructor + * * @param file template file to load * @param charset character set - * @throws IOException if the there was an error opening the file + * @throws IOException if the there was an error opening the file */ public CMSTemplate(File file, String charset) throws IOException, EBaseException { mCharset = charset; @@ -89,8 +88,8 @@ public class CMSTemplate extends CMSFile { try { init(file); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_LOAD_TEMPLATE", mAbsPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_LOAD_TEMPLATE", mAbsPath, e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_LOADING_TEMPLATE")); } @@ -99,16 +98,17 @@ public class CMSTemplate extends CMSFile { mContent = content.getBytes(mCharset); } - /*========================================================== - * public methods - *==========================================================*/ + /* + * ========================================================== public methods + * ========================================================== + */ /* * - * Load the form from the file and setup the - * pre/post output buffer if it is a template - * file. Otherwise, only post output buffer is - * filled. + * Load the form from the file and setup the pre/post output buffer if it is + * a template file. Otherwise, only post output buffer is filled. + * * @param template the template file to load + * * @return true if successful */ public boolean init(File template) throws EBaseException, IOException { @@ -128,8 +128,9 @@ public class CMSTemplate extends CMSFile { mTimeStamp = now.getTime(); - /* if template file, find template tag substring and set - * pre/post output string + /* + * if template file, find template tag substring and set pre/post output + * string */ int location = content.indexOf(TEMPLATE_TAG); @@ -137,8 +138,8 @@ public class CMSTemplate extends CMSFile { log(ILogger.LL_FAILURE, CMS.getLogMessage( "CMSGW_TEMPLATE_MISSING", mAbsPath, TEMPLATE_TAG)); throw new ECMSGWException( - CMS.getLogMessage("CMSGW_MISSING_TEMPLATE_TAG_2", - TEMPLATE_TAG, mAbsPath)); + CMS.getLogMessage("CMSGW_MISSING_TEMPLATE_TAG_2", + TEMPLATE_TAG, mAbsPath)); } mPreOutput = content.substring(0, location); mPostOutput = content.substring(TEMPLATE_TAG.length() + location); @@ -146,16 +147,17 @@ public class CMSTemplate extends CMSFile { return true; } - /** - * Write a javascript representation of 'input' - * surrounded by SCRIPT tags to the outputstream + /** + * Write a javascript representation of 'input' surrounded by SCRIPT tags to + * the outputstream + * * @param rout the outputstream to write to * @param input the parameters to write */ public void renderOutput(OutputStream rout, CMSTemplateParams input) - throws IOException { + throws IOException { Enumeration<String> e = null; - Enumeration<IArgBlock> q = null; + Enumeration<IArgBlock> q = null; IArgBlock r = null; boolean headerBlock = false, fixedBlock = false, queryBlock = false; CMSTemplateParams data = (CMSTemplateParams) input; @@ -165,7 +167,7 @@ public class CMSTemplate extends CMSFile { http_out = new HTTPOutputStreamWriter(rout); else http_out = new HTTPOutputStreamWriter(rout, mCharset); - + try { templateLine out = new templateLine(); @@ -179,7 +181,7 @@ public class CMSTemplate extends CMSFile { out.println("var recordSet = new Array;"); out.println("var result = new Object();"); - // hack + // hack out.println("var httpParamsCount = 0;"); out.println("var httpHeadersCount = 0;"); out.println("var authTokenCount = 0;"); @@ -194,7 +196,7 @@ public class CMSTemplate extends CMSFile { e = r.elements(); while (e.hasMoreElements()) { headerBlock = true; - String n = e.nextElement(); + String n = e.nextElement(); Object v = r.getValue(n); out.println("header." + n + " = " + renderValue(v) + ";"); @@ -228,7 +230,7 @@ public class CMSTemplate extends CMSFile { out.println("record.SERVER_ATTRS = new Array;"); // Get a query record - r = q.nextElement(); + r = q.nextElement(); e = r.elements(); while (e.hasMoreElements()) { String n = e.nextElement(); @@ -241,11 +243,11 @@ public class CMSTemplate extends CMSFile { out.println("record.recordSet = recordSet;"); } - //if (headerBlock) + // if (headerBlock) out.println("result.header = header;"); - //if (fixedBlock) + // if (fixedBlock) out.println("result.fixed = fixed;"); - //if (queryBlock) + // if (queryBlock) out.println("result.recordSet = recordSet;"); out.println("</SCRIPT>"); out.println(mPostOutput); @@ -257,15 +259,14 @@ public class CMSTemplate extends CMSFile { } /** - * Ouput the pre-amble HTML Header including - * the pre-output buffer. - * + * Ouput the pre-amble HTML Header including the pre-output buffer. + * * @param out output stream specified * @return success or error */ public boolean outputProlog(PrintWriter out) { - //Debug.trace("FormCache:outputProlog"); + // Debug.trace("FormCache:outputProlog"); /* output pre-output buffer */ out.print(mPreOutput); @@ -279,9 +280,8 @@ public class CMSTemplate extends CMSFile { } /** - * Output the post HTML tags and post-output - * buffer. - * + * Output the post HTML tags and post-output buffer. + * * @param out output stream specified * @return success or error */ @@ -300,11 +300,12 @@ public class CMSTemplate extends CMSFile { return mAbsPath; } - // inherit getabspath, getContent, get last access and set last access + // inherit getabspath, getContent, get last access and set last access - /*========================================================== - * private methods - *==========================================================*/ + /* + * ========================================================== private + * methods========================================================== + */ /* load file into string */ private String loadFile(File template) throws IOException { @@ -313,7 +314,8 @@ public class CMSTemplate extends CMSFile { /* create input stream, can throw IOException */ FileInputStream inStream = new FileInputStream(template); - InputStreamReader inReader = new InputStreamReader(inStream, mCharset);; + InputStreamReader inReader = new InputStreamReader(inStream, mCharset); + ; BufferedReader in = new BufferedReader(inReader); StringBuffer buf = new StringBuffer(); String line; @@ -326,8 +328,8 @@ public class CMSTemplate extends CMSFile { in.close(); inStream.close(); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERR_CLOSE_TEMPL_FILE", mAbsPath, e.getMessage())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERR_CLOSE_TEMPL_FILE", mAbsPath, e.getMessage())); } return buf.toString(); } @@ -354,8 +356,8 @@ public class CMSTemplate extends CMSFile { } } else if (v instanceof BigInteger) { s = ((BigInteger) v).toString(10); - } else if (v instanceof Character && - ((Character) v).equals(Character.valueOf((char) 0))) { + } else if (v instanceof Character && + ((Character) v).equals(Character.valueOf((char) 0))) { s = "null"; } else { s = "\"" + v.toString() + "\""; @@ -365,10 +367,10 @@ public class CMSTemplate extends CMSFile { } /** - * Escape the contents of src string in preparation to be enclosed in - * double quotes as a JavaScript String Literal within an <script> - * portion of an HTML document. - * stevep - performance improvements - about 4 times faster than before. + * Escape the contents of src string in preparation to be enclosed in double + * quotes as a JavaScript String Literal within an <script> portion of an + * HTML document. stevep - performance improvements - about 4 times faster + * than before. */ public static String escapeJavaScriptString(String v) { int l = v.length(); @@ -381,25 +383,25 @@ public class CMSTemplate extends CMSFile { for (int i = 0; i < l; i++) { char c = in[i]; - if ((c > 0x23) && (c!= 0x5c) && (c!= 0x3c) && (c!= 0x3e)) { + if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e)) { out[j++] = c; continue; } - if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' || - in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' || - in[i+1] == '<' || in[i+1] == '>' || - in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) { - if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' && - (in[i+3] == 'c' || in[i+3] == 'e')) { + if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' || + in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' || + in[i + 1] == '<' || in[i + 1] == '>' || + in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) { + if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' && + (in[i + 3] == 'c' || in[i + 3] == 'e')) { out[j++] = '\\'; - out[j++] = in[i+1]; - out[j++] = in[i+2]; - out[j++] = in[i+3]; + out[j++] = in[i + 1]; + out[j++] = in[i + 2]; + out[j++] = in[i + 3]; i += 3; - } else { + } else { out[j++] = '\\'; - out[j++] = in[i+1]; + out[j++] = in[i + 1]; i++; } continue; @@ -457,9 +459,9 @@ public class CMSTemplate extends CMSFile { return new String(out, 0, j); } - /** - * Like escapeJavaScriptString(String s) but also escape '[' for - * HTML processing. + /** + * Like escapeJavaScriptString(String s) but also escape '[' for HTML + * processing. */ public static String escapeJavaScriptStringHTML(String v) { int l = v.length(); @@ -477,20 +479,20 @@ public class CMSTemplate extends CMSFile { continue; } - if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' || - in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' || - in[i+1] == '<' || in[i+1] == '>' || - in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) { - if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' && - (in[i+3] == 'c' || in[i+3] == 'e')) { + if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' || + in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' || + in[i + 1] == '<' || in[i + 1] == '>' || + in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) { + if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' && + (in[i + 3] == 'c' || in[i + 3] == 'e')) { out[j++] = '\\'; - out[j++] = in[i+1]; - out[j++] = in[i+2]; - out[j++] = in[i+3]; + out[j++] = in[i + 1]; + out[j++] = in[i + 2]; + out[j++] = in[i + 3]; i += 3; - } else { + } else { out[j++] = '\\'; - out[j++] = in[i+1]; + out[j++] = in[i + 1]; i++; } continue; @@ -551,25 +553,24 @@ public class CMSTemplate extends CMSFile { * for debugging, return contents that would've been outputed. */ public String getOutput(CMSTemplateParams input) - throws IOException { + throws IOException { debugOutputStream out = new debugOutputStream(); renderOutput(out, input); return out.toString(); } - private - class HTTPOutputStreamWriter extends OutputStreamWriter { + private class HTTPOutputStreamWriter extends OutputStreamWriter { public HTTPOutputStreamWriter(OutputStream out) - throws UnsupportedEncodingException { + throws UnsupportedEncodingException { super(out); } - + public HTTPOutputStreamWriter(OutputStream out, String enc) - throws UnsupportedEncodingException { + throws UnsupportedEncodingException { super(out, enc); } - + public void print(String s) throws IOException { write(s, 0, s.length()); flush(); @@ -577,9 +578,9 @@ public class CMSTemplate extends CMSFile { } } - private class templateLine { private StringBuffer s = new StringBuffer(); + void println(String p) { s.append('\n'); s.append(p); @@ -595,7 +596,6 @@ public class CMSTemplate extends CMSFile { } - private static class debugOutputStream extends ServletOutputStream { private StringWriter mStringWriter = new StringWriter(); @@ -604,7 +604,7 @@ public class CMSTemplate extends CMSFile { } public void write(int b) throws IOException { - mStringWriter.write(b); + mStringWriter.write(b); } public String toString() { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java index 4f8cfc2a..ce2c26c3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java @@ -17,16 +17,14 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Enumeration; import java.util.Vector; import com.netscape.certsrv.base.IArgBlock; - /** * Holds template parameters - * + * * @version $Revision$, $Date$ */ public class CMSTemplateParams { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java b/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java index 0cd1102d..e8b848f7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java @@ -17,14 +17,12 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import com.netscape.certsrv.base.EBaseException; - /** * A class represents a CMS gateway exception. * <P> - * + * * @version $Revision$, $Date$ */ public class ECMSGWException extends EBaseException { @@ -36,7 +34,7 @@ public class ECMSGWException extends EBaseException { /** * CA resource class name. */ - private static final String CMSGW_RESOURCES = CMSGWResources.class.getName(); + private static final String CMSGW_RESOURCES = CMSGWResources.class.getName(); /** * Constructs a CMS Gateway exception. diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java index 6debd2c7..b0032479 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java @@ -16,7 +16,6 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Enumeration; import java.util.Locale; @@ -27,10 +26,9 @@ import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; - /** - * Default error template filler - * + * Default error template filler + * * @version $Revision$, $Date$ */ public class GenErrorTemplateFiller implements ICMSTemplateFiller { @@ -38,14 +36,15 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. + * fill error details and description if any. + * * @param cmsReq the CMS Request. * @param authority the authority * @param locale the locale of template. * @param e unexpected error. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -53,21 +52,22 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller { if (cmsReq != null) { Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); } else { - CMS.debug( "GenErrorTemplateFiller::getTemplateParams() - " + - "cmsReq is null!" ); + CMS.debug("GenErrorTemplateFiller::getTemplateParams() - " + + "cmsReq is null!"); return null; } - - // error + + // error String ex = cmsReq.getError(); // Changed by beomsuk - /*if (ex == null) - ex = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR")); - fixed.set(ICMSTemplateFiller.ERROR, ex.toString(locale)); + /* + * if (ex == null) ex = new + * EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR")); + * fixed.set(ICMSTemplateFiller.ERROR, ex.toString(locale)); */ if ((ex == null) && (cmsReq.getReason() == null)) ex = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR")).toString(); @@ -75,9 +75,9 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller { fixed.set(ICMSTemplateFiller.ERROR, ex); else if (cmsReq.getReason() != null) fixed.set(ICMSTemplateFiller.ERROR, cmsReq.getReason()); - // Change end - - // error description if any. + // Change end + + // error description if any. Vector descr = cmsReq.getErrorDescr(); if (descr != null) { @@ -85,20 +85,19 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller { while (num.hasMoreElements()) { String elem = (String) num.nextElement(); - //System.out.println("Setting description "+elem.toString()); + // System.out.println("Setting description "+elem.toString()); IArgBlock argBlock = CMS.createArgBlock(); - argBlock.set(ICMSTemplateFiller.ERROR_DESCR, - elem); + argBlock.set(ICMSTemplateFiller.ERROR_DESCR, + elem); params.addRepeatRecord(argBlock); } } // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java index 15456865..c5a0d9a5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.OutputStream; @@ -59,10 +58,9 @@ import com.netscape.certsrv.ra.IRegistrationAuthority; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestId; - /** - * default Pending template filler - * + * default Pending template filler + * * @version $Revision$, $Date$ */ public class GenPendingTemplateFiller implements ICMSTemplateFiller { @@ -72,28 +70,29 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. + * fill error details and description if any. + * * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); - if( cmsReq == null ) { + if (cmsReq == null) { return null; } // request status if any. Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); - // request id + // request id IRequest req = cmsReq.getIRequest(); if (req != null) { @@ -109,17 +108,17 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { PendInfo pendInfo = new PendInfo(reqId.toString(), new Date()); OtherInfo otherInfo = new - OtherInfo(OtherInfo.PEND, null, pendInfo); + OtherInfo(OtherInfo.PEND, null, pendInfo); SEQUENCE bpids = new SEQUENCE(); String[] reqIdArray = - req.getExtDataInStringArray(IRequest.CMC_REQIDS); + req.getExtDataInStringArray(IRequest.CMC_REQIDS); for (int i = 0; i < reqIdArray.length; i++) { bpids.addElement(new INTEGER(reqIdArray[i])); } CMCStatusInfo cmcStatusInfo = new - CMCStatusInfo(CMCStatusInfo.PENDING, bpids, - (String) null, otherInfo); + CMCStatusInfo(CMCStatusInfo.PENDING, bpids, + (String) null, otherInfo); TaggedAttribute ta = new TaggedAttribute(new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, @@ -130,7 +129,7 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { // create recipientNonce // create responseInfo if regInfo exist String[] transIds = - req.getExtDataInStringArray(IRequest.CMC_TRANSID); + req.getExtDataInStringArray(IRequest.CMC_TRANSID); SET ids = new SET(); for (int i = 0; i < transIds.length; i++) { @@ -167,7 +166,7 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { dig = salt.getBytes(); } String b64E = CMS.BtoA(dig); - String[] newNonce = {b64E}; + String[] newNonce = { b64E }; ta = new TaggedAttribute(new INTEGER(bpid++), @@ -180,13 +179,13 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { SEQUENCE(), new SEQUENCE()); EncapsulatedContentInfo ci = new - EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse, - rb); + EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse, + rb); org.mozilla.jss.crypto.X509Certificate x509cert = null; if (authority instanceof ICertificateAuthority) { x509cert = ((ICertificateAuthority) authority).getCaX509Cert(); - }else if (authority instanceof IRegistrationAuthority) { + } else if (authority instanceof IRegistrationAuthority) { x509cert = ((IRegistrationAuthority) authority).getRACert(); } if (x509cert == null) @@ -194,12 +193,12 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { try { X509CertImpl cert = new X509CertImpl(x509cert.getEncoded()); ByteArrayInputStream issuer1 = new - ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded()); + ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded()); Name issuer = (Name) Name.getTemplate().decode(issuer1); IssuerAndSerialNumber ias = new - IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString())); + IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString())); SignerIdentifier si = new - SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); + SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); // SHA1 is the default digest Alg for now. DigestAlgorithm digestAlg = null; @@ -207,14 +206,14 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager.getInstance().findPrivKeyByCert(x509cert); org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType(); - if( keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA ) ) { + if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA)) { signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; - } else if( keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA ) ) { + } else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA)) { signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; } else { - CMS.debug( "GenPendingTemplateFiller::getTemplateParams() - " + CMS.debug("GenPendingTemplateFiller::getTemplateParams() - " + "keyType " + keyType.toString() - + " is unsupported!" ); + + " is unsupported!"); return null; } @@ -224,41 +223,41 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { try { SHADigest = MessageDigest.getInstance("SHA1"); digestAlg = DigestAlgorithm.SHA1; - + ByteArrayOutputStream ostream = new ByteArrayOutputStream(); rb.encode((OutputStream) ostream); digest = SHADigest.digest(ostream.toByteArray()); } catch (NoSuchAlgorithmException ex) { - //log("digest fail"); + // log("digest fail"); } SignerInfo signInfo = new - SignerInfo(si, null, null, - OBJECT_IDENTIFIER.id_cct_PKIResponse, - digest, signAlg, - privKey); + SignerInfo(si, null, null, + OBJECT_IDENTIFIER.id_cct_PKIResponse, + digest, signAlg, + privKey); SET signInfos = new SET(); signInfos.addElement(signInfo); - + SET digestAlgs = new SET(); if (digestAlg != null) { AlgorithmIdentifier ai = new - AlgorithmIdentifier(digestAlg.toOID(), - null); + AlgorithmIdentifier(digestAlg.toOID(), + null); digestAlgs.addElement(ai); } - + SignedData fResponse = new - SignedData(digestAlgs, ci, - null, null, signInfos); + SignedData(digestAlgs, ci, + null, null, signInfos); ContentInfo fullResponse = new - ContentInfo(ContentInfo.SIGNED_DATA, fResponse); + ContentInfo(ContentInfo.SIGNED_DATA, fResponse); ByteArrayOutputStream ostream = new - ByteArrayOutputStream(); + ByteArrayOutputStream(); fullResponse.encode((OutputStream) ostream); byte[] fr = ostream.toByteArray(); @@ -270,9 +269,9 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { } } // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } @@ -286,4 +285,3 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { return false; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java index 798b7f0d..d1396b79 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java @@ -16,7 +16,6 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Enumeration; import java.util.Locale; @@ -27,10 +26,9 @@ import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.request.IRequest; - /** - * default Service Pending template filler - * + * default Service Pending template filler + * * @version $Revision$, $Date$ */ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { @@ -46,7 +44,7 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { * @param e unexpected exception e. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -54,15 +52,15 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { if (cmsReq != null) { Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); } else { - CMS.debug( "GenRejectedTemplateFiller::getTemplateParams() - " + - "cmsReq is null!" ); + CMS.debug("GenRejectedTemplateFiller::getTemplateParams() - " + + "cmsReq is null!"); return null; } - // request id + // request id IRequest req = cmsReq.getIRequest(); if (req != null) { @@ -76,7 +74,7 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { while (msgs.hasMoreElements()) { String ex = (String) msgs.nextElement(); - IArgBlock messageArgBlock = CMS.createArgBlock(); + IArgBlock messageArgBlock = CMS.createArgBlock(); messageArgBlock.set(POLICY_MESSAGE, ex); params.addRepeatRecord(messageArgBlock); @@ -86,10 +84,9 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java index ff3d4f8c..67cad94f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java @@ -16,7 +16,6 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Locale; @@ -24,10 +23,9 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.IArgBlock; - /** - * default Success template filler - * + * default Success template filler + * * @version $Revision$, $Date$ */ public class GenSuccessTemplateFiller implements ICMSTemplateFiller { @@ -36,14 +34,15 @@ public class GenSuccessTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. + * fill error details and description if any. + * * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -51,15 +50,14 @@ public class GenSuccessTemplateFiller implements ICMSTemplateFiller { if (cmsReq != null) { Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); } - // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + // this authority + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java index d08b83a8..ec1b9777 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java @@ -16,7 +16,6 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Locale; @@ -25,10 +24,9 @@ import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.request.IRequest; - /** - * default Service Pending template filler - * + * default Service Pending template filler + * * @version $Revision$, $Date$ */ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller { @@ -38,14 +36,15 @@ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. + * fill error details and description if any. + * * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -72,10 +71,9 @@ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller { } // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java index befacf83..567b01d0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java @@ -16,7 +16,6 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Locale; @@ -24,10 +23,9 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.IArgBlock; - /** - * default Unauthorized template filler - * + * default Unauthorized template filler + * * @version $Revision$, $Date$ */ public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller { @@ -36,14 +34,15 @@ public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. + * fill error details and description if any. + * * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -51,19 +50,18 @@ public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller { if (cmsReq != null) { Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); } // set unauthorized error - fixed.set(ICMSTemplateFiller.ERROR, - new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED"))); + fixed.set(ICMSTemplateFiller.ERROR, + new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED"))); - // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + // this authority + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java index 1ae6ee45..757440b1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java @@ -16,7 +16,6 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Locale; @@ -25,10 +24,9 @@ import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; - /** - * default unexpected error template filler - * + * default unexpected error template filler + * * @version $Revision$, $Date$ */ public class GenUnexpectedErrorTemplateFiller implements ICMSTemplateFiller { @@ -37,41 +35,42 @@ public class GenUnexpectedErrorTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. + * fill error details and description if any. + * * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); - + // When an exception occurs the exit is non-local which probably // will leave the requestStatus value set to something other - // than CMSRequest.EXCEPTION, so force the requestStatus to - // EXCEPTION since it must be that if we're here. + // than CMSRequest.EXCEPTION, so force the requestStatus to + // EXCEPTION since it must be that if we're here. Integer sts = CMSRequest.EXCEPTION; - if (cmsReq != null) cmsReq.setStatus(sts); + if (cmsReq != null) + cmsReq.setStatus(sts); fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); // the unexpected error (exception) - if (e == null) + if (e == null) e = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR")); String errMsg = null; - if (e instanceof EBaseException) + if (e instanceof EBaseException) errMsg = ((EBaseException) e).toString(locale); - else + else errMsg = e.toString(); fixed.set(ICMSTemplateFiller.EXCEPTION, errMsg); // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java index ddd6f0a1..b8c84e7d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java @@ -17,35 +17,33 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Locale; import com.netscape.certsrv.authority.IAuthority; - /** * This interface represents a template filler. - * + * * @version $Revision$, $Date$ */ public interface ICMSTemplateFiller { - // common template variables. + // common template variables. public final static String ERROR = "errorDetails"; public final static String ERROR_DESCR = "errorDescription"; public final static String EXCEPTION = "unexpectedError"; - public static final String HOST = "host"; - public static final String PORT = "port"; - public static final String SCHEME = "scheme"; + public static final String HOST = "host"; + public static final String PORT = "port"; + public static final String SCHEME = "scheme"; - public static final String AUTHORITY = "authorityName"; + public static final String AUTHORITY = "authorityName"; - public static final String REQUEST_STATUS = "requestStatus"; + public static final String REQUEST_STATUS = "requestStatus"; - public static final String KEYREC_ID = "keyrecId"; - public static final String REQUEST_ID = "requestId"; + public static final String KEYREC_ID = "keyrecId"; + public static final String REQUEST_ID = "requestId"; public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e) - throws Exception; + CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e) + throws Exception; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java b/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java index 27ea5ec1..827f24f1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java @@ -17,10 +17,9 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - /** * This represents raw JS parameters. - * + * * @version $Revision$, $Date$ */ public interface IRawJS { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java index ce1a5082..23f962e5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Locale; import com.netscape.certsrv.apps.CMS; @@ -26,15 +25,13 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.base.ISubsystem; - /** - * A class represents a certificate server kernel. This - * kernel contains a list of resident subsystems such - * as logging, security, remote administration. Additional - * subsystems can be loaded into this kernel by specifying - * parameters in the configuration store. + * A class represents a certificate server kernel. This kernel contains a list + * of resident subsystems such as logging, security, remote administration. + * Additional subsystems can be loaded into this kernel by specifying parameters + * in the configuration store. * <P> - * + * * @version $Revision$, $Date$ */ public class IndexTemplateFiller implements ICMSTemplateFiller { @@ -53,7 +50,7 @@ public class IndexTemplateFiller implements ICMSTemplateFiller { } public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e) { + CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e) { IArgBlock header = CMS.createArgBlock(); IArgBlock ctx = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(header, ctx); @@ -103,11 +100,11 @@ public class IndexTemplateFiller implements ICMSTemplateFiller { count++; } // information about what is selected is provided - // from the caller. This parameter (selected) is used + // from the caller. This parameter (selected) is used // by header servlet try { - header.addStringValue("selected", - cmsReq.getHttpParams().getValueAsString("selected")); + header.addStringValue("selected", + cmsReq.getHttpParams().getValueAsString("selected")); } catch (EBaseException ex) { } header.addIntegerValue(OUT_TOTAL_COUNT, count); diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java b/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java index fb31fec1..f936e075 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java @@ -17,10 +17,9 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - /** * This represents raw JS parameters. - * + * * @version $Revision$, $Date$ */ public class RawJS implements IRawJS { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java b/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java index 580909cb..9c728c03 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.StringTokenizer; import javax.servlet.ServletConfig; @@ -28,10 +27,9 @@ import com.netscape.certsrv.authorization.IAuthzSubsystem; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; - /** * Utility class - * + * * @version $Revision$, $Date$ */ public class Utils { @@ -45,13 +43,13 @@ public class Utils { public final static String AUTHZ_MGR_BASIC = "BasicAclAuthz"; public final static String AUTHZ_MGR_LDAP = "DirAclAuthz"; - public static String initializeAuthz(ServletConfig sc, - IAuthzSubsystem authz, String id) throws ServletException { + public static String initializeAuthz(ServletConfig sc, + IAuthzSubsystem authz, String id) throws ServletException { String srcType = AUTHZ_SRC_LDAP; try { IConfigStore authzConfig = - CMS.getConfigStore().getSubStore(AUTHZ_CONFIG_STORE); + CMS.getConfigStore().getSubStore(AUTHZ_CONFIG_STORE); srcType = authzConfig.getString(AUTHZ_SRC_TYPE, AUTHZ_SRC_LDAP); } catch (EBaseException e) { @@ -64,7 +62,7 @@ public class Utils { CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", "")); aclMethod = sc.getInitParameter(PROP_AUTHZ_MGR); if (aclMethod != null && - aclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) { + aclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) { String aclInfo = sc.getInitParameter(PROP_ACL); if (aclInfo != null) { @@ -95,7 +93,7 @@ public class Utils { } public static void addACLInfo(IAuthzSubsystem authz, String aclMethod, - String aclInfo) throws EBaseException { + String aclInfo) throws EBaseException { StringTokenizer tokenizer = new StringTokenizer(aclInfo, "#"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java index b3809579..439b201a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.connector; - import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; @@ -58,12 +57,10 @@ import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; - /** - * Clone servlet - part of the Clone Authority (CLA) - * processes Revoked certs from its dependant clone CAs - * service request and return status. - * + * Clone servlet - part of the Clone Authority (CLA) processes Revoked certs + * from its dependant clone CAs service request and return status. + * * @version $Revision$, $Date$ */ public class CloneServlet extends CMSServlet { @@ -94,8 +91,8 @@ public class CloneServlet extends CMSServlet { mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } - public void service(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + public void service(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); if (!running_state) @@ -130,14 +127,14 @@ public class CloneServlet extends CMSServlet { IRequest r = null; IRequest reply = null; - // NOTE must read all bufer before redoing handshake for + // NOTE must read all bufer before redoing handshake for // ssl client auth for client auth to work. // get request method - method = req.getMethod(); + method = req.getMethod(); // get content length - len = req.getContentLength(); + len = req.getContentLength(); // get content, a base 64 encoded serialized request. if (len > 0) { @@ -159,16 +156,16 @@ public class CloneServlet extends CMSServlet { // force client auth handshake, validate clone CA (CCA) // and get CCA's Id. - // NOTE must do this after all contents are read for ssl - // redohandshake to work + // NOTE must do this after all contents are read for ssl + // redohandshake to work X509Certificate peerCert; try { peerCert = getPeerCert(req); - }catch (EBaseException e) { - mAuthority.log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT")); + } catch (EBaseException e) { + mAuthority.log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT")); resp.sendError(HttpServletResponse.SC_UNAUTHORIZED); return; } @@ -190,7 +187,7 @@ public class CloneServlet extends CMSServlet { CMS.debug("CloneServlet: about to authenticate"); token = authenticate(peerCert); // cfu maybe don't need CCA_Id, because the above check - // was good enough + // was good enough CCAUserId = token.getInString("userid"); CCA_Id = (String) peerCert.getSubjectDN().toString(); } catch (EInvalidCredentials e) { @@ -203,8 +200,8 @@ public class CloneServlet extends CMSServlet { return; } - mAuthority.log(ILogger.LL_INFO, - "Clone Certificate Authority authenticated: " + peerCert.getSubjectDN()); + mAuthority.log(ILogger.LL_INFO, + "Clone Certificate Authority authenticated: " + peerCert.getSubjectDN()); // authorize, any authenticated user are authorized AuthzToken authzToken = null; @@ -232,29 +229,29 @@ public class CloneServlet extends CMSServlet { } // now process CCA request - should just be posting revoked - // certs for now + // certs for now try { // decode request. CMS.debug("Cloneservlet: before decoding request, encodedreq= " + encodedreq); msg = (IPKIMessage) mReqEncoder.decode(encodedreq); - // process request + // process request CMS.debug("Cloneservlet: decoded request"); replymsg = processRequest(CCA_Id, CCAUserId, msg, token); } catch (IOException e) { e.printStackTrace(); - mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); resp.sendError(HttpServletResponse.SC_BAD_REQUEST); return; } catch (EBaseException e) { - mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; } - // encode reply + // encode reply String encodedrep = mReqEncoder.encode(replymsg); resp.setStatus(HttpServletResponse.SC_OK); @@ -271,46 +268,46 @@ public class CloneServlet extends CMSServlet { out.flush(); } - //cfu ++change this to just check the subject and signer + // cfu ++change this to just check the subject and signer protected IAuthToken authenticate( - X509Certificate peerCert) - throws EBaseException { + X509Certificate peerCert) + throws EBaseException { try { - // XXX using agent authentication now since we're only - // verifying that the cert belongs to a user in the db. - // XXX change this to ACL in the future. + // XXX using agent authentication now since we're only + // verifying that the cert belongs to a user in the db. + // XXX change this to ACL in the future. // build JAVA X509Certificate from peerCert. X509CertImpl cert = new X509CertImpl(peerCert.getEncoded()); AuthCredentials creds = new AuthCredentials(); - creds.set(IAuthManager.CRED_SSL_CLIENT_CERT, - new X509Certificate[] {cert} - ); + creds.set(IAuthManager.CRED_SSL_CLIENT_CERT, + new X509Certificate[] { cert } + ); - IAuthToken token = mAuthSubsystem.authenticate(creds, + IAuthToken token = mAuthSubsystem.authenticate(creds, IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); return token; } catch (CertificateException e) { - mAuthority.log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); + mAuthority.log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (EInvalidCredentials e) { - mAuthority.log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); + mAuthority.log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); throw e; } catch (EBaseException e) { - mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); throw e; } } protected IPKIMessage processRequest( - String source, String sourceUserId, IPKIMessage msg, IAuthToken token) - throws EBaseException { + String source, String sourceUserId, IPKIMessage msg, IAuthToken token) + throws EBaseException { IPKIMessage replymsg = null; IRequest r = null; IRequestQueue queue = mAuthority.getRequestQueue(); @@ -331,8 +328,8 @@ public class CloneServlet extends CMSServlet { mAuthority.log(ILogger.LL_FAILURE, errormsg); throw new EBaseException(errormsg); } else { - mAuthority.log(ILogger.LL_INFO, - "Found request " + thisreqid + " for " + srcid); + mAuthority.log(ILogger.LL_INFO, + "Found request " + thisreqid + " for " + srcid); replymsg = CMS.getHttpPKIMessage(); replymsg.fromRequest(thisreq); return replymsg; @@ -348,7 +345,7 @@ public class CloneServlet extends CMSServlet { // setting requestor type must come after copy contents. because // requestor is a regular attribute. thisreq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_RA); + IRequest.REQUESTOR_RA); mAuthority.log(ILogger.LL_INFO, "Processing remote request " + srcid); // Set this so that request's updateBy is recorded @@ -362,17 +359,17 @@ public class CloneServlet extends CMSServlet { replymsg = CMS.getHttpPKIMessage(); replymsg.fromRequest(thisreq); - //for audit log + // for audit log String agentID = sourceUserId; String initiative = AuditFormat.FROMRA + " trustedManagerID: " + - agentID + " remote reqID " + msg.getReqId(); + agentID + " remote reqID " + msg.getReqId(); String authMgr = AuditFormat.NOAUTH; if (token != null) { - authMgr = + authMgr = token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); } - + // Get the certificate info from the request X509CertInfo certInfo[] = thisreq.getExtDataInCertInfoArray(IRequest.CERT_INFO); @@ -380,36 +377,35 @@ public class CloneServlet extends CMSServlet { if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) { if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + thisreq.getRequestStatus(), + certInfo[i].get(X509CertInfo.SUBJECT), + "" } + ); + } + } else { + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, - AuditFormat.FORMAT, + AuditFormat.NODNFORMAT, new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - thisreq.getRequestStatus(), - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); - } - } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - thisreq.getRequestStatus()} - ); + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + thisreq.getRequestStatus() } + ); } } else { - if - (thisreq.getRequestType().equals(IRequest.CLA_CERT4CRL_REQUEST)) { + if (thisreq.getRequestType().equals(IRequest.CLA_CERT4CRL_REQUEST)) { Integer result = thisreq.getExtDataInInteger(IRequest.RESULT); if (result.equals(IRequest.RES_ERROR)) { @@ -420,155 +416,83 @@ public class CloneServlet extends CMSServlet { } } - /* cfu --- - if (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) { - // XXX make the repeat record. - // Get the certificate(s) from the request - X509CertImpl issuedCerts[] = - (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS); - // return potentially more than one certificates. - if (issuedCerts != null) { - for (int i = 0; i < issuedCerts.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId() , - initiative , - authMgr , - "completed", - issuedCerts[i].getSubjectDN() , - "cert issued serial number: 0x" + - issuedCerts[i].getSerialNumber().toString(16)} - ); - } - } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId() , - initiative , - authMgr , - "completed"} - ); - } - } else if (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) { - X509CertImpl[] certs = (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS); - X509CertImpl old_cert = certs[0]; - certs = (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS); - X509CertImpl renewed_cert = certs[0]; - if (old_cert != null && renewed_cert != null) { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - thisreq.getRequestId(), - initiative , - authMgr , - "completed", - old_cert.getSubjectDN() , - old_cert.getSerialNumber().toString(16) , - "new serial number: 0x" + - renewed_cert.getSerialNumber().toString(16)} - ); - } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId() , - initiative , - authMgr , - "completed with error"} - ); - } - } else if (thisreq.getRequestType().equals(IRequest.REVOCATION_REQUEST)) { - X509CertImpl[] oldCerts = (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS); - RevokedCertImpl crlentries[] = - (RevokedCertImpl[])thisreq.get(IRequest.REVOKED_CERTS); - CRLExtensions crlExts = crlentries[0].getExtensions(); - int reason = 0; - if (crlExts != null) { - Enumeration enum = crlExts.getElements(); - while(enum.hasMoreElements()){ - Extension ext = (Extension) enum.nextElement(); - if (ext instanceof CRLReasonExtension) { - reason = ((CRLReasonExtension)ext).getReason().toInt - (); - break; - } - } - } - - int count = oldCerts.length; - Integer result = (Integer)thisreq.get(IRequest.RESULT); - if (result.equals(IRequest.RES_ERROR)) { - EBaseException ex = (EBaseException)thisreq.get(IRequest.ERROR); - EBaseException[] svcErrors = - (EBaseException[])thisreq.get(IRequest.SVCERRORS); - if (svcErrors != null && svcErrors.length > 0) { - for (int i = 0; i < svcErrors.length; i++) { - EBaseException err = svcErrors[i]; - if (err != null) { - for (int j = 0; j < count; j++) { - if (oldCerts[j] != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - thisreq.getRequestId(), - initiative , - "completed with error: " + - err.toString() , - oldCerts[j].getSubjectDN() , - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); - } - } - } - } - } - } else { - // the success. - for (int j = 0; j < count; j++) { - if (oldCerts[j] != null) { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - thisreq.getRequestId(), - initiative , - "completed" , - oldCerts[j].getSubjectDN() , - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); - } - } - } - } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId() , - initiative , - authMgr , - "completed"} - ); - } - cfu */ + /* + * cfu --- if + * (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST + * )) { // XXX make the repeat record. // Get the certificate(s) + * from the request X509CertImpl issuedCerts[] = + * (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS); // return + * potentially more than one certificates. if (issuedCerts != + * null) { for (int i = 0; i < issuedCerts.length; i++) { + * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + * AuditFormat.LEVEL, AuditFormat.FORMAT, new Object[] { + * thisreq.getRequestType(), thisreq.getRequestId() , initiative + * , authMgr , "completed", issuedCerts[i].getSubjectDN() , + * "cert issued serial number: 0x" + + * issuedCerts[i].getSerialNumber().toString(16)} ); } } else { + * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + * AuditFormat.LEVEL, AuditFormat.NODNFORMAT, new Object[] { + * thisreq.getRequestType(), thisreq.getRequestId() , initiative + * , authMgr , "completed"} ); } } else if + * (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) { + * X509CertImpl[] certs = + * (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS); X509CertImpl + * old_cert = certs[0]; certs = + * (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS); + * X509CertImpl renewed_cert = certs[0]; if (old_cert != null && + * renewed_cert != null) { mLogger.log(ILogger.EV_AUDIT, + * ILogger.S_OTHER, AuditFormat.LEVEL, + * AuditFormat.RENEWALFORMAT, new Object[] { + * thisreq.getRequestId(), initiative , authMgr , "completed", + * old_cert.getSubjectDN() , + * old_cert.getSerialNumber().toString(16) , + * "new serial number: 0x" + + * renewed_cert.getSerialNumber().toString(16)} ); } else { + * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + * AuditFormat.LEVEL, AuditFormat.NODNFORMAT, new Object[] { + * thisreq.getRequestType(), thisreq.getRequestId() , initiative + * , authMgr , "completed with error"} ); } } else if + * (thisreq.getRequestType + * ().equals(IRequest.REVOCATION_REQUEST)) { X509CertImpl[] + * oldCerts = (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS); + * RevokedCertImpl crlentries[] = + * (RevokedCertImpl[])thisreq.get(IRequest.REVOKED_CERTS); + * CRLExtensions crlExts = crlentries[0].getExtensions(); int + * reason = 0; if (crlExts != null) { Enumeration enum = + * crlExts.getElements(); while(enum.hasMoreElements()){ + * Extension ext = (Extension) enum.nextElement(); if (ext + * instanceof CRLReasonExtension) { reason = + * ((CRLReasonExtension)ext).getReason().toInt (); break; } } } + * + * int count = oldCerts.length; Integer result = + * (Integer)thisreq.get(IRequest.RESULT); if + * (result.equals(IRequest.RES_ERROR)) { EBaseException ex = + * (EBaseException)thisreq.get(IRequest.ERROR); EBaseException[] + * svcErrors = + * (EBaseException[])thisreq.get(IRequest.SVCERRORS); if + * (svcErrors != null && svcErrors.length > 0) { for (int i = 0; + * i < svcErrors.length; i++) { EBaseException err = + * svcErrors[i]; if (err != null) { for (int j = 0; j < count; + * j++) { if (oldCerts[j] != null) { + * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + * AuditFormat.LEVEL, AuditFormat.DOREVOKEFORMAT, new Object[] { + * thisreq.getRequestId(), initiative , "completed with error: " + * + err.toString() , oldCerts[j].getSubjectDN() , + * oldCerts[j].getSerialNumber().toString(16), + * RevocationReason.fromInt(reason).toString()} ); } } } } } } + * else { // the success. for (int j = 0; j < count; j++) { if + * (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, + * ILogger.S_OTHER, AuditFormat.LEVEL, + * AuditFormat.DOREVOKEFORMAT, new Object[] { + * thisreq.getRequestId(), initiative , "completed" , + * oldCerts[j].getSubjectDN() , + * oldCerts[j].getSerialNumber().toString(16), + * RevocationReason.fromInt(reason).toString()} ); } } } } else + * { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + * AuditFormat.LEVEL, AuditFormat.NODNFORMAT, new Object[] { + * thisreq.getRequestType(), thisreq.getRequestId() , initiative + * , authMgr , "completed"} ); } cfu + */ } } catch (IOException e) { } catch (CertificateException e) { @@ -578,7 +502,7 @@ public class CloneServlet extends CMSServlet { } protected X509Certificate - getPeerCert(HttpServletRequest req) throws EBaseException { + getPeerCert(HttpServletRequest req) throws EBaseException { return getSSLClientCertificate(req); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java index 67956bd8..cc496bd6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java @@ -72,12 +72,10 @@ import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; - /** - * Connector servlet - * process requests from remote authority - - * service request or return status. - * + * Connector servlet process requests from remote authority - service request or + * return status. + * * @version $Revision$, $Date$ */ public class ConnectorServlet extends CMSServlet { @@ -96,13 +94,13 @@ public class ConnectorServlet extends CMSServlet { protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static String SIGNED_AUDIT_PROTECTION_METHOD_SSL = "ssl"; private final static String SIGNED_AUDIT_PROTECTION_METHOD_UNKNOWN = - "unknown"; + "unknown"; private final static String LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS = - "LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS_5"; + "LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS_5"; private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST = - "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; + "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; private final static byte EOL[] = { Character.LINE_SEPARATOR }; @@ -118,13 +116,13 @@ public class ConnectorServlet extends CMSServlet { mAuthority = (IAuthority) CMS.getSubsystem(authority); mReqEncoder = CMS.getHttpRequestEncoder(); - + mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } - public void service(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + public void service(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); @@ -163,14 +161,14 @@ public class ConnectorServlet extends CMSServlet { IRequest r = null; IRequest reply = null; - // NOTE must read all bufer before redoing handshake for + // NOTE must read all bufer before redoing handshake for // ssl client auth for client auth to work. // get request method - method = req.getMethod(); + method = req.getMethod(); // get content length - len = request.getContentLength(); + len = request.getContentLength(); // get content, a base 64 encoded serialized request. if (len > 0) { @@ -191,16 +189,16 @@ public class ConnectorServlet extends CMSServlet { } // force client auth handshake, validate RA and get RA's Id. - // NOTE must do this after all contents are read for ssl - // redohandshake to work + // NOTE must do this after all contents are read for ssl + // redohandshake to work X509Certificate peerCert; try { peerCert = getPeerCert(req); - }catch (EBaseException e) { - mAuthority.log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT")); + } catch (EBaseException e) { + mAuthority.log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT")); resp.sendError(HttpServletResponse.SC_UNAUTHORIZED); return; } @@ -211,7 +209,7 @@ public class ConnectorServlet extends CMSServlet { return; } - // authenticate RA + // authenticate RA String RA_Id = null; String raUserId = null; @@ -231,8 +229,8 @@ public class ConnectorServlet extends CMSServlet { return; } - mAuthority.log(ILogger.LL_INFO, - "Remote Authority authenticated: " + peerCert.getSubjectDN()); + mAuthority.log(ILogger.LL_INFO, + "Remote Authority authenticated: " + peerCert.getSubjectDN()); // authorize AuthzToken authzToken = null; @@ -265,20 +263,20 @@ public class ConnectorServlet extends CMSServlet { try { // decode request. msg = (IPKIMessage) mReqEncoder.decode(encodedreq); - // process request + // process request replymsg = processRequest(RA_Id, raUserId, msg, token); } catch (IOException e) { CMS.debug("ConnectorServlet: service " + e.toString()); CMS.debug(e); - mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); resp.sendError(HttpServletResponse.SC_BAD_REQUEST); return; } catch (EBaseException e) { CMS.debug("ConnectorServlet: service " + e.toString()); CMS.debug(e); - mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; } catch (Exception e) { @@ -288,7 +286,7 @@ public class ConnectorServlet extends CMSServlet { CMS.debug("ConnectorServlet: done processRequest"); - // encode reply + // encode reply try { String encodedrep = mReqEncoder.encode(replymsg); @@ -328,8 +326,8 @@ public class ConnectorServlet extends CMSServlet { try { info = request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); - // request.set(IEnrollProfile.REQUEST_SEQ_NUM, new Integer("0")); - CertificateX509Key certKey = (CertificateX509Key)info.get(X509CertInfo.KEY); + // request.set(IEnrollProfile.REQUEST_SEQ_NUM, new Integer("0")); + CertificateX509Key certKey = (CertificateX509Key) info.get(X509CertInfo.KEY); if (certKey != null) { byteStream = new ByteArrayOutputStream(); certKey.encode(byteStream); @@ -369,16 +367,16 @@ public class ConnectorServlet extends CMSServlet { certAlgOut.toByteArray()); } } catch (Exception e) { - CMS.debug("ConnectorServlet: profile normalization " + - e.toString()); + CMS.debug("ConnectorServlet: profile normalization " + + e.toString()); } String profileId = request.getExtDataInString("profileId"); IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem("profile"); + CMS.getSubsystem("profile"); IEnrollProfile profile = null; - // profile subsystem may not be available. In case of KRA for + // profile subsystem may not be available. In case of KRA for // example if (ps == null) { CMS.debug("ConnectorServlet: Profile Subsystem not found "); @@ -399,15 +397,15 @@ public class ConnectorServlet extends CMSServlet { /** * Process request * <P> - * + * * (Certificate Request - all "agent" profile cert requests made through a - * connector) + * connector) * <P> - * - * (Certificate Request Processed - all automated "agent" profile based - * cert acceptance made through a connector) + * + * (Certificate Request Processed - all automated "agent" profile based cert + * acceptance made through a connector) * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a * profile cert request is made (before approval process) @@ -417,6 +415,7 @@ public class ConnectorServlet extends CMSServlet { * inter-CIMC_Boundary data transfer is successful (this is used when data * does not need to be captured) * </ul> + * * @param source string containing source * @param sourceUserId string containing source user ID * @param msg PKI message @@ -425,8 +424,8 @@ public class ConnectorServlet extends CMSServlet { * @return PKI message */ protected IPKIMessage processRequest( - String source, String sourceUserId, IPKIMessage msg, IAuthToken token) - throws EBaseException { + String source, String sourceUserId, IPKIMessage msg, IAuthToken token) + throws EBaseException { String auditMessage = null; String auditSubjectID = sourceUserId; String auditProtectionMethod = SIGNED_AUDIT_PROTECTION_METHOD_SSL; @@ -477,12 +476,12 @@ public class ConnectorServlet extends CMSServlet { if (thisreq == null) { // strange case. String errormsg = "Cannot find request in request queue " + - thisreqid; + thisreqid; mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage( - "CMSGW_REQUEST_ID_NOT_FOUND_1", - thisreqid.toString())); + CMS.getLogMessage( + "CMSGW_REQUEST_ID_NOT_FOUND_1", + thisreqid.toString())); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -495,14 +494,14 @@ public class ConnectorServlet extends CMSServlet { audit(auditMessage); - // NOTE: The signed audit event - // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST - // does not yet matter at this point! + // NOTE: The signed audit event + // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST + // does not yet matter at this point! throw new EBaseException(errormsg); } else { - mAuthority.log(ILogger.LL_INFO, - "Found request " + thisreqid + " for " + srcid); + mAuthority.log(ILogger.LL_INFO, + "Found request " + thisreqid + " for " + srcid); replymsg = CMS.getHttpPKIMessage(); replymsg.fromRequest(thisreq); @@ -517,9 +516,9 @@ public class ConnectorServlet extends CMSServlet { audit(auditMessage); - // NOTE: The signed audit event - // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST - // does not yet matter at this point! + // NOTE: The signed audit event + // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST + // does not yet matter at this point! return replymsg; } @@ -527,77 +526,77 @@ public class ConnectorServlet extends CMSServlet { // if not found process request. thisreq = queue.newRequest(msg.getReqType()); - CMS.debug("ConnectorServlet: created requestId=" + - thisreq.getRequestId().toString()); + CMS.debug("ConnectorServlet: created requestId=" + + thisreq.getRequestId().toString()); thisreq.setSourceId(srcid); - // NOTE: For the following signed audit message, since we only - // care about the "msg.toRequest( thisreq );" command, and - // since this command does not throw an EBaseException - // (which is the only exception designated by this method), - // then this code does NOT need to be contained within its - // own special try/catch block. - msg.toRequest( thisreq ); + // NOTE: For the following signed audit message, since we only + // care about the "msg.toRequest( thisreq );" command, and + // since this command does not throw an EBaseException + // (which is the only exception designated by this method), + // then this code does NOT need to be contained within its + // own special try/catch block. + msg.toRequest(thisreq); - if( isProfileRequest( thisreq ) ) { + if (isProfileRequest(thisreq)) { X509CertInfo info = thisreq.getExtDataInCertInfo( - IEnrollProfile.REQUEST_CERTINFO ); + IEnrollProfile.REQUEST_CERTINFO); try { - CertificateSubjectName sn = ( CertificateSubjectName ) - info.get( X509CertInfo.SUBJECT ); + CertificateSubjectName sn = (CertificateSubjectName) + info.get(X509CertInfo.SUBJECT); // if the cert subject name is NOT MISSING, retrieve the // actual "auditCertificateSubjectName" and "normalize" // it - if( sn != null ) { + if (sn != null) { subject = sn.toString(); - if( subject != null ) { - // NOTE: This is ok even if the cert subject - // name is "" (empty)! + if (subject != null) { + // NOTE: This is ok even if the cert subject + // name is "" (empty)! auditCertificateSubjectName = subject.trim(); } } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditProfileID(), - auditCertificateSubjectName ); + LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditProfileID(), + auditCertificateSubjectName); - audit( auditMessage ); - } catch( CertificateException e ) { - CMS.debug( "ConnectorServlet: processRequest " - + e.toString() ); + audit(auditMessage); + } catch (CertificateException e) { + CMS.debug("ConnectorServlet: processRequest " + + e.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditProfileID(), - auditCertificateSubjectName ); + LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditProfileID(), + auditCertificateSubjectName); - audit( auditMessage ); - } catch( IOException e ) { - CMS.debug( "ConnectorServlet: processRequest " - + e.toString() ); + audit(auditMessage); + } catch (IOException e) { + CMS.debug("ConnectorServlet: processRequest " + + e.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditProfileID(), - auditCertificateSubjectName ); + LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditProfileID(), + auditCertificateSubjectName); - audit( auditMessage ); + audit(auditMessage); } } @@ -606,9 +605,9 @@ public class ConnectorServlet extends CMSServlet { // setting requestor type must come after copy contents. because // requestor is a regular attribute. thisreq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_RA); + IRequest.REQUESTOR_RA); mAuthority.log(ILogger.LL_INFO, "Processing remote request " + - srcid); + srcid); // Set this so that request's updateBy is recorded SessionContext s = SessionContext.getContext(); @@ -622,52 +621,52 @@ public class ConnectorServlet extends CMSServlet { } CMS.debug("ConnectorServlet: calling processRequest instance=" + - thisreq); + thisreq); if (isProfileRequest(thisreq)) { normalizeProfileRequest(thisreq); } try { - queue.processRequest( thisreq ); + queue.processRequest(thisreq); - if( isProfileRequest( thisreq ) ) { + if (isProfileRequest(thisreq)) { // reset the "auditInfoCertValue" - auditInfoCertValue = auditInfoCertValue( thisreq ); + auditInfoCertValue = auditInfoCertValue(thisreq); - if( auditInfoCertValue != null ) { - if( !( auditInfoCertValue.equals( - ILogger.SIGNED_AUDIT_EMPTY_VALUE ) ) ) { + if (auditInfoCertValue != null) { + if (!(auditInfoCertValue.equals( + ILogger.SIGNED_AUDIT_EMPTY_VALUE))) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue ); - - audit( auditMessage ); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue); + + audit(auditMessage); } } } - } catch( EBaseException eAudit1 ) { - if( isProfileRequest( thisreq ) ) { + } catch (EBaseException eAudit1) { + if (isProfileRequest(thisreq)) { // reset the "auditInfoCertValue" - auditInfoCertValue = auditInfoCertValue( thisreq ); + auditInfoCertValue = auditInfoCertValue(thisreq); - if( auditInfoCertValue != null ) { - if( !( auditInfoCertValue.equals( - ILogger.SIGNED_AUDIT_EMPTY_VALUE ) ) ) { + if (auditInfoCertValue != null) { + if (!(auditInfoCertValue.equals( + ILogger.SIGNED_AUDIT_EMPTY_VALUE))) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue ); - - audit( auditMessage ); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue); + + audit(auditMessage); } } } @@ -681,23 +680,23 @@ public class ConnectorServlet extends CMSServlet { replymsg.fromRequest(thisreq); CMS.debug("ConnectorServlet: replymsg.reqStatus=" + - replymsg.getReqStatus()); + replymsg.getReqStatus()); - //for audit log + // for audit log String agentID = sourceUserId; String initiative = AuditFormat.FROMRA + " trustedManagerID: " + - agentID + " remote reqID " + msg.getReqId(); + agentID + " remote reqID " + msg.getReqId(); String authMgr = AuditFormat.NOAUTH; if (token != null) { - authMgr = + authMgr = token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); } if (isProfileRequest(thisreq)) { // XXX audit log - CMS.debug("ConnectorServlet: done requestId=" + - thisreq.getRequestId().toString()); + CMS.debug("ConnectorServlet: done requestId=" + + thisreq.getRequestId().toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -710,9 +709,9 @@ public class ConnectorServlet extends CMSServlet { audit(auditMessage); - // NOTE: The signed audit event - // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST - // has already been logged at this point! + // NOTE: The signed audit event + // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST + // has already been logged at this point! return replymsg; } @@ -724,32 +723,32 @@ public class ConnectorServlet extends CMSServlet { if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) { if (x509Info != null) { for (int i = 0; i < x509Info.length; i++) { - mLogger.log(ILogger.EV_AUDIT, + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + thisreq.getRequestStatus(), + x509Info[i].get(X509CertInfo.SUBJECT), + "" } + ); + } + } else { + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, - AuditFormat.FORMAT, + AuditFormat.NODNFORMAT, new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - thisreq.getRequestStatus(), - x509Info[i].get(X509CertInfo.SUBJECT), - ""} - ); - } - } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - thisreq.getRequestStatus()} - ); + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + thisreq.getRequestStatus() } + ); } } else { if (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) { @@ -761,40 +760,40 @@ public class ConnectorServlet extends CMSServlet { x509Certs = thisreq.getExtDataInCertArray(IRequest.ISSUED_CERTS); - // return potentially more than one certificates. + // return potentially more than one certificates. if (x509Certs != null) { for (int i = 0; i < x509Certs.length; i++) { - mLogger.log(ILogger.EV_AUDIT, + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + "completed", + x509Certs[i].getSubjectDN(), + "cert issued serial number: 0x" + + x509Certs[i].getSerialNumber().toString(16) } + ); + } + } else { + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, - AuditFormat.FORMAT, + AuditFormat.NODNFORMAT, new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - "completed", - x509Certs[i].getSubjectDN(), - "cert issued serial number: 0x" + - x509Certs[i].getSerialNumber().toString(16)} - ); - } - } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - "completed"} - ); + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + "completed" } + ); } } else if (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) { X509CertImpl[] certs = - thisreq.getExtDataInCertArray(IRequest.OLD_CERTS); + thisreq.getExtDataInCertArray(IRequest.OLD_CERTS); X509CertImpl old_cert = certs[0]; certs = thisreq.getExtDataInCertArray(IRequest.ISSUED_CERTS); @@ -802,36 +801,36 @@ public class ConnectorServlet extends CMSServlet { if (old_cert != null && renewed_cert != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - thisreq.getRequestId(), - initiative, - authMgr, - "completed", - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "new serial number: 0x" + - renewed_cert.getSerialNumber().toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + thisreq.getRequestId(), + initiative, + authMgr, + "completed", + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "new serial number: 0x" + + renewed_cert.getSerialNumber().toString(16) } + ); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - "completed with error"} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + "completed with error" } + ); } } else if (thisreq.getRequestType().equals(IRequest.REVOCATION_REQUEST)) { Certificate[] oldCerts = - thisreq.getExtDataInCertArray(IRequest.OLD_CERTS); + thisreq.getExtDataInCertArray(IRequest.OLD_CERTS); RevokedCertImpl crlentries[] = - thisreq.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS); + thisreq.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS); CRLExtensions crlExts = crlentries[0].getExtensions(); int reason = 0; @@ -839,7 +838,7 @@ public class ConnectorServlet extends CMSServlet { Enumeration<Extension> enum1 = crlExts.getElements(); while (enum1.hasMoreElements()) { - Extension ext = enum1.nextElement(); + Extension ext = enum1.nextElement(); if (ext instanceof CRLReasonExtension) { reason = ((CRLReasonExtension) ext).getReason().toInt(); @@ -853,7 +852,7 @@ public class ConnectorServlet extends CMSServlet { if (result.equals(IRequest.RES_ERROR)) { String[] svcErrors = - thisreq.getExtDataInStringArray(IRequest.SVCERRORS); + thisreq.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { @@ -866,18 +865,18 @@ public class ConnectorServlet extends CMSServlet { X509CertImpl cert = (X509CertImpl) oldCerts[j]; mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - thisreq.getRequestId(), - initiative, - "completed with error: " + - err, - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + thisreq.getRequestId(), + initiative, + "completed with error: " + + err, + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -892,32 +891,32 @@ public class ConnectorServlet extends CMSServlet { X509CertImpl cert = (X509CertImpl) oldCerts[j]; mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - thisreq.getRequestId(), - initiative, - "completed", - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + thisreq.getRequestId(), + initiative, + "completed", + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } } } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - "completed"} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + "completed" } + ); } } @@ -974,9 +973,9 @@ public class ConnectorServlet extends CMSServlet { SessionContext.releaseContext(); } - // NOTE: The signed audit event - // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST - // has already been logged at this point! + // NOTE: The signed audit event + // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST + // has already been logged at this point! return replymsg; } catch (EBaseException e) { @@ -991,17 +990,17 @@ public class ConnectorServlet extends CMSServlet { audit(auditMessage); - // NOTE: The signed audit event - // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST - // has either already been logged, or - // does not yet matter at this point! + // NOTE: The signed audit event + // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST + // has either already been logged, or + // does not yet matter at this point! return replymsg; } } protected X509Certificate - getPeerCert(HttpServletRequest req) throws EBaseException { + getPeerCert(HttpServletRequest req) throws EBaseException { return getSSLClientCertificate(req); } @@ -1011,11 +1010,11 @@ public class ConnectorServlet extends CMSServlet { /** * Signed Audit Log - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to store messages to the signed audit log. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -1027,20 +1026,19 @@ public class ConnectorServlet extends CMSServlet { } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Profile ID - * - * This method is inherited by all extended "EnrollProfile"s, - * and is called to obtain the "ProfileID" for - * a signed audit log message. + * + * This method is inherited by all extended "EnrollProfile"s, and is called + * to obtain the "ProfileID" for a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message ProfileID */ protected String auditProfileID() { @@ -1062,11 +1060,11 @@ public class ConnectorServlet extends CMSServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param request a Request containing an X509CertImpl * @return cert string containing the certificate */ @@ -1122,4 +1120,3 @@ public class ConnectorServlet extends CMSServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java index 2a024c3a..7c5f1fea 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java @@ -40,17 +40,14 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; - - /** - * GenerateKeyPairServlet - * handles "server-side key pair generation" requests from the - * netkey RA. - * + * GenerateKeyPairServlet handles "server-side key pair generation" requests + * from the netkey RA. + * * @author Christina Fu (cfu) * @version $Revision$, $Date$ */ -//XXX add auditing later +// XXX add auditing later public class GenerateKeyPairServlet extends CMSServlet { /** @@ -68,7 +65,7 @@ public class GenerateKeyPairServlet extends CMSServlet { /** * Constructs GenerateKeyPair servlet. - * + * */ public GenerateKeyPairServlet() { super(); @@ -82,35 +79,29 @@ public class GenerateKeyPairServlet extends CMSServlet { if (authority != null) mAuthority = (IAuthority) CMS.getSubsystem(authority); - + mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } /** * Returns serlvet information. - * + * * @return name of this servlet */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /* - * processServerSideKeyGen - - * handles netkey DRM serverside keygen. - * netkey operations: - * 1. generate keypair (archive user priv key) - * 2. unwrap des key with transport key, then url decode it - * 3. wrap user priv key with des key - * 4. send the following to RA: - * * des key wrapped(user priv key) - * * user public key - * (note: RA should have kek-wrapped des key from TKS) - * * recovery blob (used for recovery) + * processServerSideKeyGen - handles netkey DRM serverside keygen. netkey + * operations: 1. generate keypair (archive user priv key) 2. unwrap des key + * with transport key, then url decode it 3. wrap user priv key with des key + * 4. send the following to RA: * des key wrapped(user priv key) * user + * public key (note: RA should have kek-wrapped des key from TKS) * recovery + * blob (used for recovery) */ private void processServerSideKeyGen(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException - { + HttpServletResponse resp) throws EBaseException { IRequestQueue queue = mAuthority.getRequestQueue(); IRequest thisreq = null; @@ -123,8 +114,8 @@ public class GenerateKeyPairServlet extends CMSServlet { String rCUID = req.getParameter("CUID"); String rUserid = req.getParameter("userid"); String rdesKeyString = req.getParameter("drm_trans_desKey"); - String rArchive = req.getParameter("archive"); - String rKeysize = req.getParameter("keysize"); + String rArchive = req.getParameter("archive"); + String rKeysize = req.getParameter("keysize"); if ((rCUID == null) || (rCUID.equals(""))) { CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: CUID"); @@ -136,19 +127,19 @@ public class GenerateKeyPairServlet extends CMSServlet { missingParam = true; } - if ((rKeysize == null) || (rKeysize.equals(""))) { - rKeysize = "1024"; // default to 1024 - } + if ((rKeysize == null) || (rKeysize.equals(""))) { + rKeysize = "1024"; // default to 1024 + } if ((rdesKeyString == null) || - (rdesKeyString.equals(""))) { + (rdesKeyString.equals(""))) { CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: DRM-transportKey-wrapped DES key"); missingParam = true; } if ((rArchive == null) || (rArchive.equals(""))) { CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing key archival flag 'archive' ,default to true"); - rArchive = "true"; + rArchive = "true"; } String selectedToken = null; @@ -160,17 +151,17 @@ public class GenerateKeyPairServlet extends CMSServlet { thisreq.setExtData(IRequest.NETKEY_ATTR_CUID, rCUID); thisreq.setExtData(IRequest.NETKEY_ATTR_USERID, rUserid); thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString); - thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive); - thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize); + thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive); + thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize); - queue.processRequest( thisreq ); + queue.processRequest(thisreq); Integer result = thisreq.getExtDataInInteger(IRequest.RESULT); if (result != null) { - // sighs! tps thinks 0 is good, and DRM thinks 1 is good - if (result.intValue() == 1) - status = "0"; - else - status = result.toString(); + // sighs! tps thinks 0 is good, and DRM thinks 1 is good + if (result.intValue() == 1) + status = "0"; + else + status = result.toString(); } else status = "7"; @@ -184,40 +175,39 @@ public class GenerateKeyPairServlet extends CMSServlet { String wrappedPrivKeyString = ""; String publicKeyString = ""; - if( thisreq == null ) { - CMS.debug( "GenerateKeyPairServlet::processServerSideKeyGen() - " - + "thisreq is null!" ); - throw new EBaseException( "thisreq is null" ); + if (thisreq == null) { + CMS.debug("GenerateKeyPairServlet::processServerSideKeyGen() - " + + "thisreq is null!"); + throw new EBaseException("thisreq is null"); } publicKeyString = thisreq.getExtDataInString("public_key"); wrappedPrivKeyString = thisreq.getExtDataInString("wrappedUserPrivate"); - String ivString = thisreq.getExtDataInString("iv_s"); + String ivString = thisreq.getExtDataInString("iv_s"); /* - if (selectedToken == null) - status = "4"; - */ - if (!status.equals("0")) - value = "status="+status; + * if (selectedToken == null) status = "4"; + */ + if (!status.equals("0")) + value = "status=" + status; else { StringBuffer sb = new StringBuffer(); sb.append("status=0&"); - sb.append("wrapped_priv_key="); - sb.append(wrappedPrivKeyString); - sb.append("&iv_param="); - sb.append(ivString); + sb.append("wrapped_priv_key="); + sb.append(wrappedPrivKeyString); + sb.append("&iv_param="); + sb.append(ivString); sb.append("&public_key="); - sb.append(publicKeyString); + sb.append(publicKeyString); value = sb.toString(); } - CMS.debug("processServerSideKeyGen:outputString.encode " +value); + CMS.debug("processServerSideKeyGen:outputString.encode " + value); - try{ + try { resp.setContentLength(value.length()); - CMS.debug("GenerateKeyPairServlet:outputString.length " +value.length()); + CMS.debug("GenerateKeyPairServlet:outputString.length " + value.length()); OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -227,20 +217,14 @@ public class GenerateKeyPairServlet extends CMSServlet { } } - - /* - - * For GenerateKeyPair: - * - * input: - * CUID=value0 - * trans-wrapped-desKey=value1 - * - * output: - * status=value0 - * publicKey=value1 - * desKey-wrapped-userPrivateKey=value2 - * proofOfArchival=value3 + /* + * + * For GenerateKeyPair: + * + * input: CUID=value0 trans-wrapped-desKey=value1 + * + * output: status=value0 publicKey=value1 + * desKey-wrapped-userPrivateKey=value2 proofOfArchival=value3 */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -258,7 +242,7 @@ public class GenerateKeyPairServlet extends CMSServlet { if (authzToken == null) { - try{ + try { resp.setContentType("text/html"); String value = "unauthorized="; CMS.debug("GenerateKeyPairServlet: Unauthorized"); @@ -268,7 +252,7 @@ public class GenerateKeyPairServlet extends CMSServlet { ooss.write(value.getBytes()); ooss.flush(); mRenderResult = false; - }catch (Exception e) { + } catch (Exception e) { CMS.debug("GenerateKeyPairServlet: " + e.toString()); } @@ -277,28 +261,28 @@ public class GenerateKeyPairServlet extends CMSServlet { } // begin Netkey serverSideKeyGen and archival - CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called"); - processServerSideKeyGen(req, resp); - return; + CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called"); + processServerSideKeyGen(req, resp); + return; // end Netkey functions } - /** XXX remember tocheck peer SSL cert and get RA id later - * + /** + * XXX remember tocheck peer SSL cert and get RA id later + * * Serves HTTP admin request. - * + * * @param req HTTP request * @param resp HTTP response */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); - super.service(req, resp); + super.service(req, resp); - } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java index fa454bd6..758fb423 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java @@ -39,16 +39,14 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; - /** - * TokenKeyRecoveryServlet - * handles "key recovery service" requests from the + * TokenKeyRecoveryServlet handles "key recovery service" requests from the * netkey TPS - * + * * @author Christina Fu (cfu) * @version $Revision$, $Date$ */ -//XXX add auditing later +// XXX add auditing later public class TokenKeyRecoveryServlet extends CMSServlet { /** @@ -65,7 +63,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { /** * Constructs TokenKeyRecovery servlet. - * + * */ public TokenKeyRecoveryServlet() { super(); @@ -79,25 +77,25 @@ public class TokenKeyRecoveryServlet extends CMSServlet { if (authority != null) mAuthority = (IAuthority) CMS.getSubsystem(authority); - + mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } /** * Returns serlvet information. - * + * * @return name of this servlet */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } - /** + /** * Process the HTTP request. - * + * * @param s The URL to decode */ - protected String URLdecode(String s) { + protected String URLdecode(String s) { if (s == null) return null; ByteArrayOutputStream out = new ByteArrayOutputStream(s.length()); @@ -117,39 +115,30 @@ public class TokenKeyRecoveryServlet extends CMSServlet { } } // end for return out.toString(); - } + } /* - * processTokenKeyRecovery - * handles netkey key recovery requests - * input params are: - * CUID - the CUID of the old token where the keys/certs were initially for - * userid - the userid that belongs to both the old token and the new token - * drm_trans_desKey - the des key generated for the NEW token - * wrapped with DRM transport key - * cert - the user cert corresponding to the key to be recovered - * - * operations: - * 1. unwrap des key with transport key, then url decode it - * 2. retrieve user private key - * 3. wrap user priv key with des key - * 4. send the following to RA: - * * des key wrapped(user priv key) - * (note: RA should have kek-wrapped des key from TKS) - * * recovery blob (used for recovery) - * - * output params are: - * status=value0 - * publicKey=value1 - * desKey-wrapped-userPrivateKey=value2 + * processTokenKeyRecovery handles netkey key recovery requests input params + * are: CUID - the CUID of the old token where the keys/certs were initially + * for userid - the userid that belongs to both the old token and the new + * token drm_trans_desKey - the des key generated for the NEW token wrapped + * with DRM transport key cert - the user cert corresponding to the key to + * be recovered + * + * operations: 1. unwrap des key with transport key, then url decode it 2. + * retrieve user private key 3. wrap user priv key with des key 4. send the + * following to RA: * des key wrapped(user priv key) (note: RA should have + * kek-wrapped des key from TKS) * recovery blob (used for recovery) + * + * output params are: status=value0 publicKey=value1 + * desKey-wrapped-userPrivateKey=value2 */ private void processTokenKeyRecovery(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException - { + HttpServletResponse resp) throws EBaseException { IRequestQueue queue = mAuthority.getRequestQueue(); IRequest thisreq = null; - - // IConfigStore sconfig = CMS.getConfigStore(); + + // IConfigStore sconfig = CMS.getConfigStore(); boolean missingParam = false; String status = "0"; @@ -158,7 +147,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { String rCUID = req.getParameter("CUID"); String rUserid = req.getParameter("userid"); String rdesKeyString = req.getParameter("drm_trans_desKey"); - String rCert = req.getParameter("cert"); + String rCert = req.getParameter("cert"); if ((rCUID == null) || (rCUID.equals(""))) { CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: CUID"); @@ -171,7 +160,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { } if ((rdesKeyString == null) || - (rdesKeyString.equals(""))) { + (rdesKeyString.equals(""))) { CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: DRM-transportKey-wrapped des key"); missingParam = true; } @@ -192,18 +181,18 @@ public class TokenKeyRecoveryServlet extends CMSServlet { thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString); thisreq.setExtData(IRequest.NETKEY_ATTR_USER_CERT, rCert); - //XXX auto process for netkey - queue.processRequest( thisreq ); - // IService svc = (IService) new TokenKeyRecoveryService(kra); - // svc.serviceRequest(thisreq); + // XXX auto process for netkey + queue.processRequest(thisreq); + // IService svc = (IService) new TokenKeyRecoveryService(kra); + // svc.serviceRequest(thisreq); Integer result = thisreq.getExtDataInInteger(IRequest.RESULT); if (result != null) { - // sighs! tps thinks 0 is good, and drm thinks 1 is good - if (result.intValue() == 1) - status ="0"; - else - status = result.toString(); + // sighs! tps thinks 0 is good, and drm thinks 1 is good + if (result.intValue() == 1) + status = "0"; + else + status = result.toString(); } else status = "7"; @@ -218,25 +207,25 @@ public class TokenKeyRecoveryServlet extends CMSServlet { String wrappedPrivKeyString = ""; String publicKeyString = ""; String ivString = ""; - /* if is RECOVERY_PROTOTYPE - String recoveryBlobString = ""; - - IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord"); - byte publicKey_b[] = kr.getPublicKeyData(); - - BigInteger serialNo = kr.getSerialNumber(); - - String serialNumberString = - com.netscape.cmsutil.util.Utils.SpecialEncode(serialNo.toByteArray()); - - recoveryBlobString = (String) - thisreq.get("recoveryBlob"); - */ - - if( thisreq == null ) { - CMS.debug( "TokenKeyRecoveryServlet::processTokenKeyRecovery() - " - + "thisreq is null!" ); - throw new EBaseException( "thisreq is null" ); + /* + * if is RECOVERY_PROTOTYPE String recoveryBlobString = ""; + * + * IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord"); byte + * publicKey_b[] = kr.getPublicKeyData(); + * + * BigInteger serialNo = kr.getSerialNumber(); + * + * String serialNumberString = + * com.netscape.cmsutil.util.Utils.SpecialEncode + * (serialNo.toByteArray()); + * + * recoveryBlobString = (String) thisreq.get("recoveryBlob"); + */ + + if (thisreq == null) { + CMS.debug("TokenKeyRecoveryServlet::processTokenKeyRecovery() - " + + "thisreq is null!"); + throw new EBaseException("thisreq is null"); } publicKeyString = thisreq.getExtDataInString("public_key"); @@ -244,11 +233,10 @@ public class TokenKeyRecoveryServlet extends CMSServlet { ivString = thisreq.getExtDataInString("iv_s"); /* - if (selectedToken == null) - status = "4"; - */ - if (!status.equals("0")) - value = "status="+status; + * if (selectedToken == null) status = "4"; + */ + if (!status.equals("0")) + value = "status=" + status; else { StringBuffer sb = new StringBuffer(); sb.append("status=0&"); @@ -259,13 +247,13 @@ public class TokenKeyRecoveryServlet extends CMSServlet { sb.append("&iv_param="); sb.append(ivString); value = sb.toString(); - + } - CMS.debug("ProcessTokenKeyRecovery:outputString.encode " +value); + CMS.debug("ProcessTokenKeyRecovery:outputString.encode " + value); - try{ + try { resp.setContentLength(value.length()); - CMS.debug("TokenKeyRecoveryServlet:outputString.length " +value.length()); + CMS.debug("TokenKeyRecoveryServlet:outputString.length " + value.length()); OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -275,19 +263,13 @@ public class TokenKeyRecoveryServlet extends CMSServlet { } } - - /* - * For TokenKeyRecovery - * - * input: - * CUID=value0 - * trans-wrapped-desKey=value1 - * - * output: - * status=value0 - * publicKey=value1 - * desKey-wrapped-userPrivateKey=value2 - * proofOfArchival=value3 + /* + * For TokenKeyRecovery + * + * input: CUID=value0 trans-wrapped-desKey=value1 + * + * output: status=value0 publicKey=value1 + * desKey-wrapped-userPrivateKey=value2 proofOfArchival=value3 */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -305,7 +287,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { if (authzToken == null) { - try{ + try { resp.setContentType("text/html"); String value = "unauthorized="; CMS.debug("TokenKeyRecoveryServlet: Unauthorized"); @@ -315,7 +297,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { ooss.write(value.getBytes()); ooss.flush(); mRenderResult = false; - }catch (Exception e) { + } catch (Exception e) { CMS.debug("TokenKeyRecoveryServlet: " + e.toString()); } @@ -324,28 +306,28 @@ public class TokenKeyRecoveryServlet extends CMSServlet { } // begin Netkey serverSideKeyGen and archival - CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called"); - processTokenKeyRecovery(req, resp); - return; + CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called"); + processTokenKeyRecovery(req, resp); + return; // end Netkey functions } - /** XXX remember to check peer SSL cert and get RA id later - * + /** + * XXX remember to check peer SSL cert and get RA id later + * * Serves HTTP admin request. - * + * * @param req HTTP request * @param resp HTTP response */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); - super.service(req, resp); + super.service(req, resp); - } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java index a2509287..8482e71b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.StringTokenizer; @@ -41,19 +40,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class AdminAuthenticatePanel extends WizardPanelBase { - public AdminAuthenticatePanel() {} + public AdminAuthenticatePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Admin Authentication"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Admin Authentication"); setId(id); @@ -62,24 +62,24 @@ public class AdminAuthenticatePanel extends WizardPanelBase { public boolean isSubPanel() { return true; } - + /** * Should we skip this panel for the configuration. */ public boolean shouldSkip() { CMS.debug("AdminAuthenticatePanel: should skip"); - + IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - + try { - String select = cs.getString("preop.subsystem.select",""); + String select = cs.getString("preop.subsystem.select", ""); if (select.equals("new")) { return true; } } catch (EBaseException e) { } - + return false; } @@ -103,15 +103,16 @@ public class AdminAuthenticatePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -125,12 +126,12 @@ public class AdminAuthenticatePanel extends WizardPanelBase { IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.master.admin.uid", ""); String type = config.getString("preop.subsystem.select", ""); if (type.equals("clone")) - context.put("uid", s); + context.put("uid", s); else context.put("uid", ""); } catch (Exception e) { @@ -170,7 +171,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase { cstype = toLowerCaseSubsystemType(cstype); if (subsystemtype.equals("clone")) { - CMS.debug("AdminAuthenticatePanel: this is the clone subsystem"); + CMS.debug("AdminAuthenticatePanel: this is the clone subsystem"); String uid = HttpInput.getUID(request, "uid"); if (uid == null) { context.put("errorString", "Uid is empty"); @@ -185,7 +186,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase { try { host = config.getString("preop.master.hostname"); } catch (Exception e) { - CMS.debug("AdminAuthenticatePanel update: "+e.toString()); + CMS.debug("AdminAuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing hostname for master"); throw new IOException("Missing hostname"); } @@ -193,7 +194,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase { try { httpsport = config.getInteger("preop.master.httpsadminport"); } catch (Exception e) { - CMS.debug("AdminAuthenticatePanel update: "+e.toString()); + CMS.debug("AdminAuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing port for master"); throw new IOException("Missing port"); } @@ -235,10 +236,10 @@ public class AdminAuthenticatePanel extends WizardPanelBase { c1.append("cloning."); c1.append(t1); c1.append(".pubkey.encoded"); - - if (s1.length()!=0) + + if (s1.length() != 0) s1.append(","); - + s1.append(cstype); s1.append("."); s1.append(t1); @@ -248,11 +249,11 @@ public class AdminAuthenticatePanel extends WizardPanelBase { c1.append(",preop.ca.hostname,preop.ca.httpport,preop.ca.httpsport,preop.ca.list,preop.ca.pkcs7,preop.ca.type"); } - String content = "uid="+uid+"&pwd="+pwd+"&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN"+c1.toString()+"&substores="+s1.toString(); + String content = "uid=" + uid + "&pwd=" + pwd + "&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" + c1.toString() + "&substores=" + s1.toString(); boolean success = updateConfigEntries(host, httpsport, true, - "/"+cstype+"/admin/"+cstype+"/getConfigEntries", content, config, - response); + "/" + cstype + "/admin/" + cstype + "/getConfigEntries", content, config, + response); try { config.commit(false); @@ -285,16 +286,15 @@ public class AdminAuthenticatePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, + Context context) { context.put("title", "Admin Authentication"); context.put("password", ""); context.put("panel", "admin/console/config/adminauthenticatepanel.vm"); } private boolean isCertdbCloned(HttpServletRequest request, - Context context) { + Context context) { IConfigStore config = CMS.getConfigStore(); String certList = ""; try { @@ -306,13 +306,13 @@ public class AdminAuthenticatePanel extends WizardPanelBase { String tokenname = config.getString("preop.module.token", ""); CryptoToken tok = cm.getTokenByName(tokenname); CryptoStore store = tok.getCryptoStore(); - String name1 = "preop.master."+token+".nickname"; + String name1 = "preop.master." + token + ".nickname"; String nickname = config.getString(name1, ""); if (!tokenname.equals("Internal Key Storage Token") && - !tokenname.equals("internal")) - nickname = tokenname+":"+nickname; + !tokenname.equals("internal")) + nickname = tokenname + ":" + nickname; - CMS.debug("AdminAuthenticatePanel isCertdbCloned: "+nickname); + CMS.debug("AdminAuthenticatePanel isCertdbCloned: " + nickname); X509Certificate cert = cm.findCertByNickname(nickname); if (cert == null) return false; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java index 78bb9485..c865741c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.File; @@ -70,13 +69,14 @@ public class AdminPanel extends WizardPanelBase { private static final String ADMIN_UID = "admin"; private final static String CERT_TAG = "admin"; - public AdminPanel() {} + public AdminPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Administrator"); } @@ -101,27 +101,37 @@ public class AdminPanel extends WizardPanelBase { } else { return true; } - } catch (Exception e) {} + } catch (Exception e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - - Descriptor emailDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + + Descriptor emailDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ null, /* no default parameter */ "Email address for an administrator"); set.add("admin_email", emailDesc); - Descriptor pwdDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + Descriptor pwdDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ null, /* no default parameter */ "Administrator's password"); set.add("pwd", pwdDesc); - Descriptor pwdAgainDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + Descriptor pwdAgainDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ null, /* no default parameter */ "Administrator's password again"); @@ -152,7 +162,8 @@ public class AdminPanel extends WizardPanelBase { try { type = cs.getString("preop.ca.type", ""); subsystemtype = cs.getString("cs.type", ""); - } catch (Exception e) {} + } catch (Exception e) { + } if (isPanelDone()) { try { @@ -161,11 +172,12 @@ public class AdminPanel extends WizardPanelBase { context.put("admin_pwd", ""); context.put("admin_pwd_again", ""); context.put("admin_uid", cs.getString("preop.admin.uid")); - } catch (Exception e) {} + } catch (Exception e) { + } } else { String def_admin_name = ""; try { - def_admin_name = cs.getString("cs.type") + " Administrator of Instance " + cs.getString("instanceId"); + def_admin_name = cs.getString("cs.type") + " Administrator of Instance " + cs.getString("instanceId"); } catch (EBaseException e) { } context.put("admin_name", def_admin_name); @@ -176,7 +188,7 @@ public class AdminPanel extends WizardPanelBase { } ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); - if (ca == null) { + if (ca == null) { context.put("ca", "false"); } else { context.put("ca", "true"); @@ -186,13 +198,14 @@ public class AdminPanel extends WizardPanelBase { String domainname = ""; try { domainname = cs.getString("securitydomain.name", ""); - } catch (EBaseException e1) {} + } catch (EBaseException e1) { + } context.put("securityDomain", domainname); context.put("title", "Administrator"); context.put("panel", "admin/console/config/adminpanel.vm"); context.put("errorString", ""); context.put("info", info); - + } /** @@ -200,8 +213,7 @@ public class AdminPanel extends WizardPanelBase { */ public void validate(HttpServletRequest request, HttpServletResponse response, - Context context) throws IOException - { + Context context) throws IOException { String pwd = HttpInput.getPassword(request, "__pwd"); String pwd_again = HttpInput.getPassword(request, "__admin_password_again"); String email = HttpInput.getEmail(request, "email"); @@ -256,13 +268,14 @@ public class AdminPanel extends WizardPanelBase { try { type = config.getString(PRE_CA_TYPE, ""); subsystemtype = config.getString("cs.type", ""); - security_domain_type = config.getString("securitydomain.select",""); + security_domain_type = config.getString("securitydomain.select", ""); selected_hierarchy = config.getString("preop.hierarchy.select", ""); - } catch (Exception e) {} + } catch (Exception e) { + } ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); - if (ca == null) { + if (ca == null) { context.put("ca", "false"); } else { context.put("ca", "true"); @@ -286,13 +299,13 @@ public class AdminPanel extends WizardPanelBase { throw e; } - // REMINDER: This panel is NOT used by "clones" - if( ca != null ) { - if( selected_hierarchy.equals( "root" ) ) { - CMS.debug( "AdminPanel update: " + // REMINDER: This panel is NOT used by "clones" + if (ca != null) { + if (selected_hierarchy.equals("root")) { + CMS.debug("AdminPanel update: " + "Root CA subsystem"); } else { - CMS.debug( "AdminPanel update: " + CMS.debug("AdminPanel update: " + "Subordinate CA subsystem"); } @@ -309,10 +322,10 @@ public class AdminPanel extends WizardPanelBase { String ca_hostname = null; int ca_port = -1; - // REMINDER: This panel is NOT used by "clones" - CMS.debug( "AdminPanel update: " + // REMINDER: This panel is NOT used by "clones" + CMS.debug("AdminPanel update: " + subsystemtype - + " subsystem" ); + + " subsystem"); if (type.equals("sdca")) { try { @@ -339,10 +352,11 @@ public class AdminPanel extends WizardPanelBase { try { config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } context.put("updateStatus", "success"); - + } private void createAdmin(HttpServletRequest request) throws IOException { @@ -459,13 +473,15 @@ public class AdminPanel extends WizardPanelBase { try { sd_hostname = config.getString("securitydomain.host", ""); sd_port = config.getInteger("securitydomain.httpseeport"); - } catch (Exception e) {} + } catch (Exception e) { + } String profileId = HttpInput.getID(request, "profileId"); if (profileId == null) { try { profileId = config.getString("preop.admincert.profile", "caAdminCert"); - } catch (Exception e) {} + } catch (Exception e) { + } } String cert_request_type = HttpInput.getID(request, "cert_request_type"); @@ -474,7 +490,7 @@ public class AdminPanel extends WizardPanelBase { String session_id = CMS.getConfigSDSessionId(); String subjectDN = HttpInput.getString(request, "subject"); - String content = "profileId="+profileId+"&cert_request_type="+cert_request_type+"&cert_request="+cert_request+"&xmlOutput=true&sessionID="+session_id+"&subject="+subjectDN; + String content = "profileId=" + profileId + "&cert_request_type=" + cert_request_type + "&cert_request=" + cert_request + "&xmlOutput=true&sessionID=" + session_id + "&subject=" + subjectDN; HttpClient httpclient = new HttpClient(); String c = null; @@ -497,7 +513,7 @@ public class AdminPanel extends WizardPanelBase { c = httpresponse.getContent(); CMS.debug("AdminPanel submitRequest: content=" + c); - + // retrieve the request Id ad admin certificate if (c != null) { try { @@ -508,15 +524,15 @@ public class AdminPanel extends WizardPanelBase { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "AdminPanel::submitRequest() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("AdminPanel::submitRequest() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); CMS.debug("AdminPanel update: status=" + status); if (status.equals("2")) { - //relogin to the security domain + // relogin to the security domain reloginSecurityDomain(response); return; } else if (!status.equals("0")) { @@ -525,7 +541,7 @@ public class AdminPanel extends WizardPanelBase { context.put("errorString", error); throw new IOException(error); } - + IConfigStore cs = CMS.getConfigStore(); String id = parser.getValue("Id"); @@ -539,7 +555,7 @@ public class AdminPanel extends WizardPanelBase { + File.separator + "admin.b64"; cs.putString("preop.admincert.b64", dir); - PrintStream ps = new PrintStream(new FileOutputStream(dir)); + PrintStream ps = new PrintStream(new FileOutputStream(dir)); ps.println(b64); ps.flush(); @@ -564,9 +580,9 @@ public class AdminPanel extends WizardPanelBase { String cert_request_type = HttpInput.getID(request, "cert_request_type"); IConfigStore cs = CMS.getConfigStore(); - if( cs == null ) { - CMS.debug( "AdminPanel::createAdminCertificate() - cs is null!" ); - throw new IOException( "cs is null" ); + if (cs == null) { + CMS.debug("AdminPanel::createAdminCertificate() - cs is null!"); + throw new IOException("cs is null"); } String subject = ""; @@ -582,10 +598,10 @@ public class AdminPanel extends WizardPanelBase { "AdminPanel createAdminCertificate: Exception=" + e.toString()); } - // this request is from IE. The VBScript has problem of generating - // certificate request if the subject name has E and UID components. - // For now, we always hardcoded the subject DN to be cn=NAME in - // the IE browser. + // this request is from IE. The VBScript has problem of generating + // certificate request if the subject name has E and UID components. + // For now, we always hardcoded the subject DN to be cn=NAME in + // the IE browser. } else if (cert_request_type.equals("pkcs10")) { try { byte[] b = CMS.AtoB(cert_request); @@ -594,33 +610,33 @@ public class AdminPanel extends WizardPanelBase { x509key = pkcs10.getSubjectPublicKeyInfo(); } catch (Exception e) { CMS.debug("AdminPanel createAdminCertificate: Exception=" - + e.toString()); + + e.toString()); } } - if( x509key == null ) { - CMS.debug( "AdminPanel::createAdminCertificate() - x509key is null!" ); - throw new IOException( "x509key is null" ); + if (x509key == null) { + CMS.debug("AdminPanel::createAdminCertificate() - x509key is null!"); + throw new IOException("x509key is null"); } try { cs.putString(PCERT_PREFIX + CERT_TAG + ".dn", subject); String caType = cs.getString(PCERT_PREFIX + CERT_TAG + ".type", "local"); X509CertImpl impl = CertUtil.createLocalCert(cs, x509key, - PCERT_PREFIX, CERT_TAG, caType, context); + PCERT_PREFIX, CERT_TAG, caType, context); // update the locally created request for renewal - CertUtil.updateLocalRequest(cs, CERT_TAG, cert_request,cert_request_type, subject); + CertUtil.updateLocalRequest(cs, CERT_TAG, cert_request, cert_request_type, subject); ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); if (ca != null) { createPKCS7(impl); } cs.putString("preop.admincert.serialno.0", - impl.getSerialNumber().toString(16)); + impl.getSerialNumber().toString(16)); } catch (Exception e) { CMS.debug("AdminPanel createAdminCertificate: Exception=" - + e.toString()); + + e.toString()); } } @@ -640,8 +656,9 @@ public class AdminPanel extends WizardPanelBase { try { type = cs.getString("preop.ca.type", ""); - } catch (Exception e) {} - if (ca == null && type.equals("otherca")) { + } catch (Exception e) { + } + if (ca == null && type.equals("otherca")) { info = "Since you do not join the Redhat CA network, the administrator's certificate will not be generated automatically."; } context.put("info", info); @@ -655,7 +672,7 @@ public class AdminPanel extends WizardPanelBase { public boolean shouldSkip() { try { IConfigStore c = CMS.getConfigStore(); - String s = c.getString("preop.subsystem.select",null); + String s = c.getString("preop.subsystem.select", null); if (s != null && s.equals("clone")) { return true; } @@ -665,11 +682,10 @@ public class AdminPanel extends WizardPanelBase { return false; } - private void createPKCS7(X509CertImpl cert) { try { IConfigStore cs = CMS.getConfigStore(); - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); CertificateChain cachain = ca.getCACertChain(); X509Certificate[] cacerts = cachain.getChain(); X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; @@ -681,7 +697,7 @@ public class AdminPanel extends WizardPanelBase { userChain[0] = cert; PKCS7 p7 = new PKCS7(new AlgorithmId[0], - new ContentInfo(new byte[0]), userChain, new SignerInfo[0]); + new ContentInfo(new byte[0]), userChain, new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); p7.encodeSignedData(bos); @@ -689,7 +705,7 @@ public class AdminPanel extends WizardPanelBase { String p7Str = CMS.BtoA(p7Bytes); cs.putString("preop.admincert.pkcs7", CryptoUtil.normalizeCertStr(p7Str)); } catch (Exception e) { - CMS.debug("AdminPanel createPKCS7: Failed to create pkcs7 file. Exception: "+e.toString()); + CMS.debug("AdminPanel createPKCS7: Failed to create pkcs7 file. Exception: " + e.toString()); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java index a62b22b7..4e2ab363 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -36,19 +35,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class AgentAuthenticatePanel extends WizardPanelBase { - public AgentAuthenticatePanel() {} + public AgentAuthenticatePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Agent Authentication"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Agent Authentication"); setId(id); @@ -57,18 +57,18 @@ public class AgentAuthenticatePanel extends WizardPanelBase { public boolean isSubPanel() { return true; } - + /** * Should we skip this panel for the configuration. */ public boolean shouldSkip() { CMS.debug("DisplayCertChainPanel: should skip"); - + IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - + try { - String select = cs.getString("securitydomain.select",""); + String select = cs.getString("securitydomain.select", ""); if (select.equals("new")) { return true; } @@ -78,7 +78,7 @@ public class AgentAuthenticatePanel extends WizardPanelBase { return true; } catch (EBaseException e) { } - + return false; } @@ -96,15 +96,16 @@ public class AgentAuthenticatePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -118,14 +119,14 @@ public class AgentAuthenticatePanel extends WizardPanelBase { IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.ca.agent.uid", ""); String type = config.getString("preop.hierarchy.select", ""); if (type.equals("root")) context.put("uid", ""); else - context.put("uid", s); + context.put("uid", s); } catch (Exception e) { CMS.debug(e.toString()); } @@ -143,8 +144,7 @@ public class AgentAuthenticatePanel extends WizardPanelBase { */ public void validate(HttpServletRequest request, HttpServletResponse response, - Context context) throws IOException - { + Context context) throws IOException { } /** @@ -182,34 +182,34 @@ public class AgentAuthenticatePanel extends WizardPanelBase { try { host = config.getString("preop.ca.hostname"); } catch (Exception e) { - CMS.debug("AgentAuthenticatePanel update: "+e.toString()); + CMS.debug("AgentAuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing hostname"); throw new IOException("Missing hostname"); } - + try { httpsport = config.getInteger("preop.ca.httpsport"); } catch (Exception e) { - CMS.debug("AgentAuthenticatePanel update: "+e.toString()); + CMS.debug("AgentAuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing port"); throw new IOException("Missing port"); } -/* - // Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from - // web.xml as part of CC interface review - boolean authenticated = authenticate(host, httpsport, true, - "/ca/ee/ca/checkIdentity", "uid="+uid+"&pwd="+pwd); - - if (!authenticated) { - context.put("errorString", "Wrong user id or password"); - throw new IOException("Wrong user id or password"); - } -*/ + /* + * // Bugzilla Bug #583825 - CC: Obsolete servlets to be removed + * from // web.xml as part of CC interface review boolean + * authenticated = authenticate(host, httpsport, true, + * "/ca/ee/ca/checkIdentity", "uid="+uid+"&pwd="+pwd); + * + * if (!authenticated) { context.put("errorString", + * "Wrong user id or password"); throw new + * IOException("Wrong user id or password"); } + */ try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } } @@ -217,9 +217,8 @@ public class AgentAuthenticatePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, + Context context) { context.put("password", ""); context.put("title", "Agent Authentication"); context.put("panel", "admin/console/config/agentauthenticatepanel.vm"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java index ceab1d8d..6700b931 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -36,19 +35,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class AuthenticatePanel extends WizardPanelBase { - public AuthenticatePanel() {} + public AuthenticatePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Authentication"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Authentication"); setId(id); @@ -62,21 +62,22 @@ public class AuthenticatePanel extends WizardPanelBase { public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { - String s = cs.getString("preop.ca.agent.uid",""); + String s = cs.getString("preop.ca.agent.uid", ""); if (s == null || s.equals("")) { return false; } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -90,14 +91,14 @@ public class AuthenticatePanel extends WizardPanelBase { IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.ca.agent.uid", ""); String type = config.getString("preop.hierarchy.select", ""); if (type.equals("root")) context.put("uid", ""); else - context.put("uid", s); + context.put("uid", s); } catch (Exception e) { CMS.debug(e.toString()); } @@ -151,30 +152,31 @@ public class AuthenticatePanel extends WizardPanelBase { try { host = config.getString("preop.ca.hostname"); } catch (Exception e) { - CMS.debug("AuthenticatePanel update: "+e.toString()); + CMS.debug("AuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing hostname"); throw new IOException("Missing hostname"); } - + try { httpsport = config.getInteger("preop.ca.httpsport"); } catch (Exception e) { - CMS.debug("AuthenticatePanel update: "+e.toString()); + CMS.debug("AuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing port"); throw new IOException("Missing port"); } - boolean authenticated = authenticate(host, httpsport, true, - "/ca/ee/ca/configSubsystem", "uid="+uid+"&pwd="+pwd); + boolean authenticated = authenticate(host, httpsport, true, + "/ca/ee/ca/configSubsystem", "uid=" + uid + "&pwd=" + pwd); - if (!authenticated) { - context.put("errorString", "Wrong user id or password"); - throw new IOException("Wrong user id or password"); - } + if (!authenticated) { + context.put("errorString", "Wrong user id or password"); + throw new IOException("Wrong user id or password"); + } try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } } @@ -182,9 +184,8 @@ public class AuthenticatePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, + Context context) { context.put("password", ""); context.put("panel", "admin/console/config/authenticatepanel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java index 77977808..d7f35540 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayOutputStream; import java.io.CharConversionException; import java.io.IOException; @@ -71,19 +70,20 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class BackupKeyCertPanel extends WizardPanelBase { - public BackupKeyCertPanel() {} + public BackupKeyCertPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Export Keys and Certificates"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Export Keys and Certificates"); setId(id); @@ -105,11 +105,11 @@ public class BackupKeyCertPanel extends WizardPanelBase { try { String s = cs.getString("preop.module.token", ""); - if (s.equals("Internal Key Storage Token")) + if (s.equals("Internal Key Storage Token")) return false; } catch (Exception e) { } - + return true; } @@ -122,15 +122,16 @@ public class BackupKeyCertPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -170,7 +171,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { String select = HttpInput.getID(request, "choice"); if (select.equals("backupkey")) { String pwd = request.getParameter("__pwd"); @@ -219,9 +220,8 @@ public class BackupKeyCertPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, + Context context) { String select = ""; try { select = HttpInput.getID(request, "choice"); @@ -242,8 +242,8 @@ public class BackupKeyCertPanel extends WizardPanelBase { context.put("panel", "admin/console/config/backupkeycertpanel.vm"); } - public void backupKeysCerts(HttpServletRequest request) - throws IOException { + public void backupKeysCerts(HttpServletRequest request) + throws IOException { CMS.debug("BackupKeyCertPanel backupKeysCerts: start"); IConfigStore cs = CMS.getConfigStore(); String certlist = ""; @@ -257,9 +257,9 @@ public class BackupKeyCertPanel extends WizardPanelBase { try { cm = CryptoManager.getInstance(); } catch (Exception e) { - CMS.debug( "BackupKeyCertPanel::backupKeysCerts() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("BackupKeyCertPanel::backupKeysCerts() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String pwd = request.getParameter("__pwd"); @@ -273,12 +273,12 @@ public class BackupKeyCertPanel extends WizardPanelBase { String nickname = ""; String modname = ""; try { - nickname = cs.getString("preop.cert."+t+".nickname"); + nickname = cs.getString("preop.cert." + t + ".nickname"); modname = cs.getString("preop.module.token"); } catch (Exception e) { } if (!modname.equals("Internal Key Storage Token")) - nickname = modname+":"+nickname; + nickname = modname + ":" + nickname; X509Certificate x509cert = null; byte localKeyId[] = null; @@ -288,7 +288,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { } catch (IOException e) { throw e; } catch (Exception e) { - CMS.debug("BackupKeyCertPanel: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel: Exception=" + e.toString()); throw new IOException("Failed to create pkcs12 file."); } @@ -296,22 +296,22 @@ public class BackupKeyCertPanel extends WizardPanelBase { PrivateKey pkey = cm.findPrivKeyByCert(x509cert); addKeyBag(pkey, x509cert, pass, localKeyId, encSafeContents); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel: Exception=" + e.toString()); throw new IOException("Failed to create pkcs12 file."); } - } //while loop - + } // while loop + X509Certificate[] cacerts = cm.getCACerts(); - for (int i=0; i<cacerts.length; i++) { - //String nickname = cacerts[i].getSubjectDN().toString(); + for (int i = 0; i < cacerts.length; i++) { + // String nickname = cacerts[i].getSubjectDN().toString(); String nickname = null; try { byte[] localKeyId = addCertBag(cacerts[i], nickname, safeContents); } catch (IOException e) { throw e; } catch (Exception e) { - CMS.debug("BackupKeyCertPanel backKeysCerts: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel backKeysCerts: Exception=" + e.toString()); throw new IOException("Failed to create pkcs12 file."); } } @@ -319,9 +319,9 @@ public class BackupKeyCertPanel extends WizardPanelBase { try { AuthenticatedSafes authSafes = new AuthenticatedSafes(); authSafes.addSafeContents(safeContents); - authSafes.addSafeContents(encSafeContents); + authSafes.addSafeContents(encSafeContents); PFX pfx = new PFX(authSafes); - pfx.computeMacData(pass, null, 5); + pfx.computeMacData(pass, null, 5); ByteArrayOutputStream bos = new ByteArrayOutputStream(); pfx.encode(bos); byte[] output = bos.toByteArray(); @@ -329,13 +329,13 @@ public class BackupKeyCertPanel extends WizardPanelBase { pass.clear(); cs.commit(false); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel backupKeysCerts: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel backupKeysCerts: Exception=" + e.toString()); } } private void addKeyBag(PrivateKey pkey, X509Certificate x509cert, - Password pass, byte[] localKeyId, SEQUENCE safeContents) - throws IOException { + Password pass, byte[] localKeyId, SEQUENCE safeContents) + throws IOException { try { PasswordConverter passConverter = new PasswordConverter(); @@ -344,23 +344,23 @@ public class BackupKeyCertPanel extends WizardPanelBase { byte[] priData = getEncodedKey(pkey); PrivateKeyInfo pki = (PrivateKeyInfo) - ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData); + ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData); ASN1Value key = EncryptedPrivateKeyInfo.createPBE( - PBEAlgorithm.PBE_SHA1_DES3_CBC, - pass, salt, 1, passConverter, pki); + PBEAlgorithm.PBE_SHA1_DES3_CBC, + pass, salt, 1, passConverter, pki); SET keyAttrs = createBagAttrs( - x509cert.getSubjectDN().toString(), localKeyId); - SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG, - key, keyAttrs); + x509cert.getSubjectDN().toString(), localKeyId); + SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG, + key, keyAttrs); safeContents.addElement(keyBag); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel getKeyBag: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel getKeyBag: Exception=" + e.toString()); throw new IOException("Failed to create pk12 file."); } } - private byte[] addCertBag(X509Certificate x509cert, String nickname, - SEQUENCE safeContents) throws IOException { + private byte[] addCertBag(X509Certificate x509cert, String nickname, + SEQUENCE safeContents) throws IOException { byte[] localKeyId = null; try { ASN1Value cert = new OCTET_STRING(x509cert.getEncoded()); @@ -369,10 +369,10 @@ public class BackupKeyCertPanel extends WizardPanelBase { if (nickname != null) certAttrs = createBagAttrs(nickname, localKeyId); SafeBag certBag = new SafeBag(SafeBag.CERT_BAG, - new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs); + new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs); safeContents.addElement(certBag); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel addCertBag: "+e.toString()); + CMS.debug("BackupKeyCertPanel addCertBag: " + e.toString()); throw new IOException("Failed to create pk12 file."); } @@ -386,7 +386,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3); SymmetricKey sk = kg.generate(); KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); - byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; + byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; IVParameterSpec param = new IVParameterSpec(iv); wrapper.initWrap(sk, param); byte[] enckey = wrapper.wrap(pkey); @@ -395,14 +395,14 @@ public class BackupKeyCertPanel extends WizardPanelBase { byte[] recovered = c.doFinal(enckey); return recovered; } catch (Exception e) { - CMS.debug("BackupKeyCertPanel getEncodedKey: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel getEncodedKey: Exception=" + e.toString()); } return null; } - private byte[] createLocalKeyId(X509Certificate cert) - throws IOException { + private byte[] createLocalKeyId(X509Certificate cert) + throws IOException { try { // SHA1 hash of the X509Cert der encoding byte certDer[] = cert.getEncoded(); @@ -412,16 +412,16 @@ public class BackupKeyCertPanel extends WizardPanelBase { md.update(certDer); return md.digest(); } catch (CertificateEncodingException e) { - CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: "+e.toString()); + CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: " + e.toString()); throw new IOException("Failed to encode certificate."); } catch (NoSuchAlgorithmException e) { - CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: "+e.toString()); + CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: " + e.toString()); throw new IOException("No such algorithm supported."); } } private SET createBagAttrs(String nickName, byte localKeyId[]) - throws IOException { + throws IOException { try { SET attrs = new SET(); SEQUENCE nickNameAttr = new SEQUENCE(); @@ -442,7 +442,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { attrs.addElement(localKeyAttr); return attrs; } catch (CharConversionException e) { - CMS.debug("BackupKeyCertPanel createBagAttrs: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel createBagAttrs: Exception=" + e.toString()); throw new IOException("Failed to create PKCS12 file."); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java index 01d06631..46371017 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Enumeration; @@ -30,7 +29,6 @@ import org.apache.velocity.servlet.VelocityServlet; import com.netscape.certsrv.apps.CMS; - public class BaseServlet extends VelocityServlet { /** @@ -53,7 +51,8 @@ public class BaseServlet extends VelocityServlet { if (pin == null) { try { response.sendRedirect("login"); - } catch (IOException e) {} + } catch (IOException e) { + } return false; } return true; @@ -66,29 +65,29 @@ public class BaseServlet extends VelocityServlet { while (paramNames.hasMoreElements()) { String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( pn.startsWith("__") || - pn.endsWith("password") || - pn.endsWith("passwd") || - pn.endsWith("pwd") || - pn.equalsIgnoreCase("admin_password_again") || - pn.equalsIgnoreCase("directoryManagerPwd") || - pn.equalsIgnoreCase("bindpassword") || - pn.equalsIgnoreCase("bindpwd") || - pn.equalsIgnoreCase("passwd") || - pn.equalsIgnoreCase("password") || - pn.equalsIgnoreCase("pin") || - pn.equalsIgnoreCase("pwd") || - pn.equalsIgnoreCase("pwdagain") || - pn.equalsIgnoreCase("uPasswd") ) { - CMS.debug("BaseServlet::service() param name='" + pn + - "' value='(sensitive)'" ); + if (pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("BaseServlet::service() param name='" + pn + + "' value='(sensitive)'"); } else { - CMS.debug("BaseServlet::service() param name='" + pn + - "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("BaseServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java index 33a0ff69..f48f4d2f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.net.URL; import java.util.StringTokenizer; @@ -39,19 +38,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class CAInfoPanel extends WizardPanelBase { - public CAInfoPanel() {} + public CAInfoPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("CA Information"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("CA Information"); setId(id); @@ -82,14 +82,15 @@ public class CAInfoPanel extends WizardPanelBase { } else { return true; } - } catch (Exception e) {} + } catch (Exception e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + return set; } @@ -118,15 +119,18 @@ public class CAInfoPanel extends WizardPanelBase { try { hostname = cs.getString("preop.ca.hostname"); - } catch (Exception e) {} + } catch (Exception e) { + } try { httpport = cs.getString("preop.ca.httpport"); - } catch (Exception e) {} + } catch (Exception e) { + } try { httpsport = cs.getString("preop.ca.httpsport"); - } catch (Exception e) {} + } catch (Exception e) { + } if (type.equals("sdca")) { context.put("check_sdca", "checked"); @@ -143,12 +147,11 @@ public class CAInfoPanel extends WizardPanelBase { String cstype = "CA"; String portType = "SecurePort"; -/* - try { - cstype = cs.getString("cs.type", ""); - } catch (EBaseException e) {} -*/ - + /* + * try { cstype = cs.getString("cs.type", ""); } catch (EBaseException + * e) {} + */ + CMS.debug("CAInfoPanel: Ready to get url"); Vector v = getUrlListFromSecurityDomain(cs, cstype, portType); v.addElement("External CA"); @@ -163,12 +166,13 @@ public class CAInfoPanel extends WizardPanelBase { list.append(","); } } - + try { cs.putString("preop.ca.list", list.toString()); cs.commit(false); - } catch (Exception e) {} - + } catch (Exception e) { + } + context.put("urls", v); context.put("sdcaHostname", hostname); @@ -196,11 +200,9 @@ public class CAInfoPanel extends WizardPanelBase { Context context) throws IOException { /* - String select = request.getParameter("choice"); - if (select == null) { - CMS.debug("CAInfoPanel: choice not found"); - throw new IOException("choice not found"); - } + * String select = request.getParameter("choice"); if (select == null) { + * CMS.debug("CAInfoPanel: choice not found"); throw new + * IOException("choice not found"); } */ IConfigStore config = CMS.getConfigStore(); @@ -213,25 +215,26 @@ public class CAInfoPanel extends WizardPanelBase { String select = null; String index = request.getParameter("urls"); - String url = ""; + String url = ""; if (index.startsWith("http")) { - // user may submit url directlry - url = index; + // user may submit url directlry + url = index; } else { - try { - int x = Integer.parseInt(index); - String list = config.getString("preop.ca.list", ""); - StringTokenizer tokenizer = new StringTokenizer(list, ","); - int counter = 0; - - while (tokenizer.hasMoreTokens()) { - url = tokenizer.nextToken(); - if (counter == x) { - break; + try { + int x = Integer.parseInt(index); + String list = config.getString("preop.ca.list", ""); + StringTokenizer tokenizer = new StringTokenizer(list, ","); + int counter = 0; + + while (tokenizer.hasMoreTokens()) { + url = tokenizer.nextToken(); + if (counter == x) { + break; + } + counter++; } - counter++; + } catch (Exception e) { } - } catch (Exception e) {} } URL urlx = null; @@ -240,7 +243,7 @@ public class CAInfoPanel extends WizardPanelBase { select = "otherca"; config.putString("preop.ca.pkcs7", ""); config.putInteger("preop.ca.certchain.size", 0); - } else { + } else { select = "sdca"; // parse URL (CA1 - https://...) @@ -272,7 +275,8 @@ public class CAInfoPanel extends WizardPanelBase { try { config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } } private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException { @@ -301,9 +305,9 @@ public class CAInfoPanel extends WizardPanelBase { config.putString("preop.ca.hostname", hostname); config.putString("preop.ca.httpsport", httpsPortStr); ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChainUsingSecureEEPort( config, "ca", hostname, + updateCertChainUsingSecureEEPort(config, "ca", hostname, httpsport, true, context, - certApprovalCallback ); + certApprovalCallback); } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java index fb8c2d9c..0aedded8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java @@ -17,9 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - - - public class Cert { private String mNickname = ""; private String mTokenname = ""; @@ -116,8 +113,8 @@ public class Cert { } public String escapeForHTML(String s) { - s = s.replaceAll("\"", """); - return s; + s = s.replaceAll("\"", """); + return s; } public String getEscapedDN() { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java index 30bcc78d..119dead0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; import java.util.StringTokenizer; @@ -42,19 +41,20 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class CertPrettyPrintPanel extends WizardPanelBase { private Vector mCerts = null; - public CertPrettyPrintPanel() {} + public CertPrettyPrintPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Certificates"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Certificates"); setId(id); @@ -63,7 +63,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase { public PropertySet getUsage() { // expects no input from client PropertySet set = new PropertySet(); - + return set; } @@ -83,7 +83,8 @@ public class CertPrettyPrintPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -153,7 +154,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase { } catch (Exception e) { CMS.debug( "CertPrettyPrintPanel: display() certTag " + certTag - + " Exception caught: " + e.toString()); + + " Exception caught: " + e.toString()); } } } catch (Exception e) { @@ -192,7 +193,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase { config.commit(false); } catch (EBaseException e) { CMS.debug( - "CertPrettyPrintPanel: update() Exception caught at config commit: " + "CertPrettyPrintPanel: update() Exception caught at config commit: " + e.toString()); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java index 5e783b1a..d8710c08 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.math.BigInteger; import java.security.Principal; @@ -58,35 +57,39 @@ public class CertRequestPanel extends WizardPanelBase { private Vector mCerts = null; private WizardServlet mServlet = null; - public CertRequestPanel() {} + public CertRequestPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Requests & Certificates"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Requests and Certificates"); mServlet = servlet; setId(id); } - // XXX how do you do this? There could be multiple certs. + // XXX how do you do this? There could be multiple certs. public PropertySet getUsage() { PropertySet set = new PropertySet(); - - Descriptor certDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + + Descriptor certDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ null, /* no default parameters */ null); set.add("cert", certDesc); - + return set; } @@ -95,13 +98,13 @@ public class CertRequestPanel extends WizardPanelBase { */ public boolean showApplyButton() { if (isPanelDone()) - return false; + return false; else - return true; + return true; } - private boolean findCertificate(String tokenname, String nickname) - throws IOException { + private boolean findCertificate(String tokenname, String nickname) + throws IOException { IConfigStore cs = CMS.getConfigStore(); CryptoManager cm = null; try { @@ -114,7 +117,7 @@ public class CertRequestPanel extends WizardPanelBase { boolean hardware = false; if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) { hardware = true; - fullnickname = tokenname+":"+nickname; + fullnickname = tokenname + ":" + nickname; } try { @@ -126,16 +129,16 @@ public class CertRequestPanel extends WizardPanelBase { return true; } catch (Exception ee) { if (hardware) { - CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: "+ fullnickname +" has been found on HSM. Please remove it before proceeding."); - throw new IOException("The certificate with the same nickname: "+ fullnickname +" has been found on HSM. Please remove it before proceeding."); + CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: " + fullnickname + " has been found on HSM. Please remove it before proceeding."); + throw new IOException("The certificate with the same nickname: " + fullnickname + " has been found on HSM. Please remove it before proceeding."); } return true; } } catch (IOException e) { - CMS.debug("CertRequestPanel findCertificate: throw exception:"+e.toString()); + CMS.debug("CertRequestPanel findCertificate: throw exception:" + e.toString()); throw e; } catch (Exception e) { - CMS.debug("CertRequestPanel findCertificate: Exception="+e.toString()); + CMS.debug("CertRequestPanel findCertificate: Exception=" + e.toString()); return false; } } @@ -148,13 +151,13 @@ public class CertRequestPanel extends WizardPanelBase { try { select = cs.getString("preop.subsystem.select", ""); list = cs.getString("preop.cert.list", ""); - tokenname = cs.getString("preop.module.token", ""); + tokenname = cs.getString("preop.module.token", ""); } catch (Exception e) { } ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( - ICertificateAuthority.ID); - + ICertificateAuthority.ID); + if (ca != null) { CMS.debug("CertRequestPanel cleanup: get certificate repository"); BigInteger beginS = null; @@ -176,27 +179,26 @@ public class CertRequestPanel extends WizardPanelBase { try { cr.removeCertRecords(beginS, endS); } catch (Exception e) { - CMS.debug("CertRequestPanel cleanUp exception in removing all objects: "+e.toString()); + CMS.debug("CertRequestPanel cleanUp exception in removing all objects: " + e.toString()); } - + try { - cr.resetSerialNumber(new BigInteger(beginNum,16)); + cr.resetSerialNumber(new BigInteger(beginNum, 16)); } catch (Exception e) { - CMS.debug("CertRequestPanel cleanUp exception in resetting serial number: "+e.toString()); + CMS.debug("CertRequestPanel cleanUp exception in resetting serial number: " + e.toString()); } } } - StringTokenizer st = new StringTokenizer(list, ","); String nickname = ""; boolean enable = false; while (st.hasMoreTokens()) { String t = st.nextToken(); - + try { - enable = cs.getBoolean(PCERT_PREFIX+t+".enable", true); - nickname = cs.getString(PCERT_PREFIX +t+".nickname", ""); + enable = cs.getBoolean(PCERT_PREFIX + t + ".enable", true); + nickname = cs.getString(PCERT_PREFIX + t + ".nickname", ""); } catch (Exception e) { } @@ -208,10 +210,10 @@ public class CertRequestPanel extends WizardPanelBase { if (findCertificate(tokenname, nickname)) { try { - CMS.debug("CertRequestPanel cleanup: deleting certificate ("+nickname+")."); - deleteCert(tokenname, nickname); + CMS.debug("CertRequestPanel cleanup: deleting certificate (" + nickname + ")."); + deleteCert(tokenname, nickname); } catch (Exception e) { - CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" +nickname+"). Exception: " +e.toString()); + CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" + nickname + "). Exception: " + e.toString()); } } } @@ -235,7 +237,8 @@ public class CertRequestPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -254,19 +257,19 @@ public class CertRequestPanel extends WizardPanelBase { CMS.debug( "CertRequestPanel getCert: certTag=" + certTag - + " cert=" + certs); - //get and set formated cert - if (!certs.startsWith("...")) { + + " cert=" + certs); + // get and set formated cert + if (!certs.startsWith("...")) { certf = CryptoUtil.certFormat(certs); } cert.setCert(certf); - //get and set cert pretty print + // get and set cert pretty print byte[] certb = CryptoUtil.base64Decode(certs); CertPrettyPrint pp = new CertPrettyPrint(certb); cert.setCertpp(pp.toString(Locale.getDefault())); } else { - CMS.debug( "CertRequestPanel::getCert() - cert is null!" ); + CMS.debug("CertRequestPanel::getCert() - cert is null!"); return; } String userfriendlyname = config.getString( @@ -285,18 +288,16 @@ public class CertRequestPanel extends WizardPanelBase { } public X509Key getECCX509Key(IConfigStore config, String certTag) - throws Exception - { + throws Exception { X509Key pubk = null; String pubKeyEncoded = config.getString( PCERT_PREFIX + certTag + ".pubkey.encoded"); - pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded)); + pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded)); return pubk; } public X509Key getRSAX509Key(IConfigStore config, String certTag) - throws Exception - { + throws Exception { X509Key pubk = null; String pubKeyModulus = config.getString( @@ -305,7 +306,7 @@ public class CertRequestPanel extends WizardPanelBase { PCERT_PREFIX + certTag + ".pubkey.exponent"); pubk = CryptoUtil.getPublicX509Key( CryptoUtil.string2byte(pubKeyModulus), - CryptoUtil.string2byte(pubKeyPublicExponent)); + CryptoUtil.string2byte(pubKeyPublicExponent)); return pubk; } @@ -323,8 +324,8 @@ public class CertRequestPanel extends WizardPanelBase { } else if (pubKeyType.equals("ecc")) { pubk = getECCX509Key(config, certTag); } else { - CMS.debug( "CertRequestPanel::handleCertRequest() - " - + "pubKeyType " + pubKeyType + " is unsupported!" ); + CMS.debug("CertRequestPanel::handleCertRequest() - " + + "pubKeyType " + pubKeyType + " is unsupported!"); return; } @@ -341,7 +342,7 @@ public class CertRequestPanel extends WizardPanelBase { PCERT_PREFIX + certTag + ".privkey.id"); CMS.debug("CertRequestPanel: privKeyID=" + privKeyID); byte[] keyIDb = CryptoUtil.string2byte(privKeyID); - + PrivateKey privk = CryptoUtil.findPrivateKeyFromID(keyIDb); if (privk != null) { @@ -349,7 +350,7 @@ public class CertRequestPanel extends WizardPanelBase { } else { CMS.debug("CertRequestPanel: error getting private key null"); } - + // construct cert request String caDN = config.getString(PCERT_PREFIX + certTag + ".dn"); @@ -361,7 +362,7 @@ public class CertRequestPanel extends WizardPanelBase { byte[] certReqb = certReq.toByteArray(); String certReqs = CryptoUtil.base64Encode(certReqb); String certReqf = CryptoUtil.reqFormat(certReqs); - + String subsystem = config.getString( PCERT_PREFIX + certTag + ".subsystem"); config.putString(subsystem + "." + certTag + ".certreq", certReqs); @@ -410,7 +411,7 @@ public class CertRequestPanel extends WizardPanelBase { PCERT_PREFIX + certTag + ".type"); c.setType(type); - boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true); c.setEnable(enable); getCert(config, context, certTag, c); @@ -458,7 +459,7 @@ public class CertRequestPanel extends WizardPanelBase { if (issuerDN.equals(subjectDN)) return true; } catch (Exception e) { - CMS.debug("CertRequestPanel findBootstrapServerCert Exception="+e.toString()); + CMS.debug("CertRequestPanel findBootstrapServerCert Exception=" + e.toString()); } return false; @@ -472,7 +473,7 @@ public class CertRequestPanel extends WizardPanelBase { deleteCert("Internal Key Storage Token", nickname); } catch (Exception e) { - CMS.debug("CertRequestPanel deleteBootstrapServerCert Exception="+e.toString()); + CMS.debug("CertRequestPanel deleteBootstrapServerCert Exception=" + e.toString()); } } @@ -502,7 +503,7 @@ public class CertRequestPanel extends WizardPanelBase { String tokenname = ""; try { - tokenname = config.getString("preop.module.token", ""); + tokenname = config.getString("preop.module.token", ""); } catch (Exception e) { } @@ -510,11 +511,11 @@ public class CertRequestPanel extends WizardPanelBase { Cert cert = (Cert) c.nextElement(); String certTag = cert.getCertTag(); String subsystem = cert.getSubsystem(); - boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true); if (!enable) continue; - if (hasErr) + if (hasErr) continue; String nickname = cert.getNickname(); @@ -522,7 +523,8 @@ public class CertRequestPanel extends WizardPanelBase { CMS.debug( "CertRequestPanel: update() for cert tag " + cert.getCertTag()); - // String b64 = config.getString(CERT_PREFIX+ certTag +".cert", ""); + // String b64 = config.getString(CERT_PREFIX+ certTag +".cert", + // ""); String b64 = HttpInput.getCert(request, certTag); if (cert.getType().equals("local") @@ -533,20 +535,20 @@ public class CertRequestPanel extends WizardPanelBase { PCERT_PREFIX + certTag + ".keytype"); X509Key x509key = null; if (pubKeyType.equals("rsa")) { - x509key = getRSAX509Key(config, certTag); + x509key = getRSAX509Key(config, certTag); } else if (pubKeyType.equals("ecc")) { - x509key = getECCX509Key(config, certTag); + x509key = getECCX509Key(config, certTag); } - + if (findCertificate(tokenname, nickname)) { if (!certTag.equals("sslserver")) - continue; + continue; } - X509CertImpl impl = CertUtil.createLocalCert(config, x509key, + X509CertImpl impl = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, cert.getType(), context); if (impl != null) { - byte[] certb = impl.getEncoded(); + byte[] certb = impl.getEncoded(); String certs = CryptoUtil.base64Encode(certb); cert.setCert(certs); @@ -574,13 +576,13 @@ public class CertRequestPanel extends WizardPanelBase { + certTag + " Exception: " + ee.toString()); CMS.debug("ok"); -// hasErr = true; + // hasErr = true; } } } else if (cert.getType().equals("remote")) { if (b64 != null && b64.length() > 0 && !b64.startsWith("...")) { - String b64chain = HttpInput.getCertChain(request, certTag+"_cc"); + String b64chain = HttpInput.getCertChain(request, certTag + "_cc"); CMS.debug( "CertRequestPanel: in update() process remote...import cert"); @@ -590,11 +592,11 @@ public class CertRequestPanel extends WizardPanelBase { try { if (certTag.equals("sslserver") && findBootstrapServerCert()) deleteBootstrapServerCert(); - if (findCertificate(tokenname, nickname)) { - deleteCert(tokenname, nickname); + if (findCertificate(tokenname, nickname)) { + deleteCert(tokenname, nickname); } } catch (Exception e) { - CMS.debug("CertRequestPanel update (remote): deleteCert Exception="+e.toString()); + CMS.debug("CertRequestPanel update (remote): deleteCert Exception=" + e.toString()); } input = CryptoUtil.stripCertBrackets(input.trim()); String certs = CryptoUtil.normalizeCertStr(input); @@ -619,21 +621,21 @@ public class CertRequestPanel extends WizardPanelBase { leaf = certchains[certchains.length - 1]; } - if( leaf == null ) { - CMS.debug( "CertRequestPanel::update() - " - + "leaf is null!" ); - throw new IOException( "leaf is null" ); + if (leaf == null) { + CMS.debug("CertRequestPanel::update() - " + + "leaf is null!"); + throw new IOException("leaf is null"); } - if (/*(certchains.length <= 1) &&*/ - (b64chain != null && b64chain.length() != 0)) { - CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " + b64chain); - try { - CryptoUtil.importCertificateChain( - CryptoUtil.normalizeCertAndReq(b64chain)); - } catch (Exception e) { - CMS.debug("CertRequestPanel: importCertChain: Exception: "+e.toString()); - } + if (/* (certchains.length <= 1) && */ + (b64chain != null && b64chain.length() != 0)) { + CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " + b64chain); + try { + CryptoUtil.importCertificateChain( + CryptoUtil.normalizeCertAndReq(b64chain)); + } catch (Exception e) { + CMS.debug("CertRequestPanel: importCertChain: Exception: " + e.toString()); + } } InternalCertificate icert = (InternalCertificate) leaf; @@ -651,17 +653,17 @@ public class CertRequestPanel extends WizardPanelBase { + certTag + " Exception: " + ee.toString()); CMS.debug("ok"); -// hasErr=true; + // hasErr=true; } } else { CMS.debug("CertRequestPanel: in update() input null"); hasErr = true; } } else { - CMS.debug("CertRequestPanel: in update() b64 not set"); - hasErr=true; + CMS.debug("CertRequestPanel: in update() b64 not set"); + hasErr = true; } - + } else { b64 = CryptoUtil.stripCertBrackets(b64.trim()); String certs = CryptoUtil.normalizeCertStr(b64); @@ -671,10 +673,10 @@ public class CertRequestPanel extends WizardPanelBase { if (certTag.equals("sslserver") && findBootstrapServerCert()) deleteBootstrapServerCert(); if (findCertificate(tokenname, nickname)) { - deleteCert(tokenname, nickname); + deleteCert(tokenname, nickname); } } catch (Exception ee) { - CMS.debug("CertRequestPanel update: deleteCert Exception="+ee.toString()); + CMS.debug("CertRequestPanel update: deleteCert Exception=" + ee.toString()); } try { @@ -683,12 +685,13 @@ public class CertRequestPanel extends WizardPanelBase { else CryptoUtil.importUserCertificate(impl, nickname, false); } catch (Exception ee) { - CMS.debug("CertRequestPanel: Failed to import user certificate."+ee.toString()); - hasErr=true; + CMS.debug("CertRequestPanel: Failed to import user certificate." + ee.toString()); + hasErr = true; } } - //update requests in request queue for local certs to allow renewal + // update requests in request queue for local certs to allow + // renewal if ((cert.getType().equals("local")) || (cert.getType().equals("selfsign"))) { CertUtil.updateLocalRequest(config, certTag, cert.getRequest(), "pkcs10", null); } @@ -696,16 +699,16 @@ public class CertRequestPanel extends WizardPanelBase { if (certTag.equals("signing") && subsystem.equals("ca")) { String NickName = nickname; if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) - NickName = tokenname+ ":"+ nickname; + NickName = tokenname + ":" + nickname; - CMS.debug("CertRequestPanel update: set trust on CA signing cert "+NickName); + CMS.debug("CertRequestPanel update: set trust on CA signing cert " + NickName); CryptoUtil.trustCertByNickname(NickName); CMS.reinit(ICertificateAuthority.ID); - } - } //while loop + } + } // while loop if (hasErr == false) { - config.putBoolean("preop.CertRequestPanel.done", true); + config.putBoolean("preop.CertRequestPanel.done", true); } config.commit(false); } catch (Exception e) { @@ -713,7 +716,7 @@ public class CertRequestPanel extends WizardPanelBase { System.err.println("Exception caught: " + e.toString()); } - //reset the attribute of the user certificate to u,u,u + // reset the attribute of the user certificate to u,u,u String certlist = ""; try { certlist = config.getString("preop.cert.list", ""); @@ -723,13 +726,13 @@ public class CertRequestPanel extends WizardPanelBase { String tag = tokenizer.nextToken(); if (tag.equals("signing")) continue; - String nickname = config.getString("preop.cert."+tag+".nickname", ""); + String nickname = config.getString("preop.cert." + tag + ".nickname", ""); String tokenname = config.getString("preop.module.token", ""); if (!tokenname.equals("Internal Key Storage Token")) - nickname = tokenname+":"+nickname; + nickname = tokenname + ":" + nickname; X509Certificate c = cm.findCertByNickname(nickname); if (c instanceof InternalCertificate) { - InternalCertificate ic = (InternalCertificate)c; + InternalCertificate ic = (InternalCertificate) c; ic.setSSLTrust(InternalCertificate.USER); ic.setEmailTrust(InternalCertificate.USER); if (tag.equals("audit_signing")) { @@ -738,10 +741,10 @@ public class CertRequestPanel extends WizardPanelBase { ic.setObjectSigningTrust(InternalCertificate.USER); } } - } + } } catch (Exception e) { } - if (!hasErr) { + if (!hasErr) { context.put("updateStatus", "success"); } else { context.put("updateStatus", "failure"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java index 3725149d..dc81d3e4 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java @@ -64,13 +64,12 @@ import com.netscape.cmsutil.http.HttpResponse; import com.netscape.cmsutil.http.JssSSLSocketFactory; import com.netscape.cmsutil.xml.XMLObject; - public class CertUtil { static final int LINE_COUNT = 76; - public static X509CertImpl createRemoteCert(String hostname, - int port, String content, HttpServletResponse response, WizardPanelBase panel) - throws IOException { + public static X509CertImpl createRemoteCert(String hostname, + int port, String content, HttpServletResponse response, WizardPanelBase panel) + throws IOException { HttpClient httpclient = new HttpClient(); String c = null; CMS.debug("CertUtil createRemoteCert: content " + content); @@ -104,15 +103,15 @@ public class CertUtil { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "CertUtil::createRemoteCert() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("CertUtil::createRemoteCert() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); CMS.debug("CertUtil createRemoteCert: status=" + status); if (status.equals("2")) { - //relogin to the security domain + // relogin to the security domain panel.reloginSecurityDomain(response); return null; } else if (!status.equals("0")) { @@ -136,7 +135,7 @@ public class CertUtil { return null; } - public static String getPKCS10(IConfigStore config, String prefix, + public static String getPKCS10(IConfigStore config, String prefix, Cert certObj, Context context) throws IOException { String certTag = certObj.getCertTag(); @@ -147,29 +146,29 @@ public class CertUtil { String algorithm = config.getString( prefix + certTag + ".keyalgorithm"); if (pubKeyType.equals("rsa")) { - String pubKeyModulus = config.getString( - prefix + certTag + ".pubkey.modulus"); - String pubKeyPublicExponent = config.getString( - prefix + certTag + ".pubkey.exponent"); - pubk = CryptoUtil.getPublicX509Key( - CryptoUtil.string2byte(pubKeyModulus), - CryptoUtil.string2byte(pubKeyPublicExponent)); + String pubKeyModulus = config.getString( + prefix + certTag + ".pubkey.modulus"); + String pubKeyPublicExponent = config.getString( + prefix + certTag + ".pubkey.exponent"); + pubk = CryptoUtil.getPublicX509Key( + CryptoUtil.string2byte(pubKeyModulus), + CryptoUtil.string2byte(pubKeyPublicExponent)); } else if (pubKeyType.equals("ecc")) { - String pubKeyEncoded = config.getString( + String pubKeyEncoded = config.getString( prefix + certTag + ".pubkey.encoded"); - pubk = CryptoUtil.getPublicX509ECCKey( - CryptoUtil.string2byte(pubKeyEncoded)); + pubk = CryptoUtil.getPublicX509ECCKey( + CryptoUtil.string2byte(pubKeyEncoded)); } else { - CMS.debug( "CertRequestPanel::getPKCS10() - " - + "public key type is unsupported!" ); - throw new IOException( "public key type is unsupported" ); + CMS.debug("CertRequestPanel::getPKCS10() - " + + "public key type is unsupported!"); + throw new IOException("public key type is unsupported"); } if (pubk != null) { CMS.debug("CertRequestPanel: got public key"); } else { CMS.debug("CertRequestPanel: error getting public key null"); - throw new IOException( "public key is null" ); + throw new IOException("public key is null"); } // get private key String privKeyID = config.getString(prefix + certTag + ".privkey.id"); @@ -201,15 +200,14 @@ public class CertUtil { } } - -/* - * create requests so renewal can work on these initial certs - */ + /* + * create requests so renewal can work on these initial certs + */ public static IRequest createLocalRequest(IRequestQueue queue, String serialNum, X509CertInfo info) throws EBaseException { -// RequestId rid = new RequestId(serialNum); + // RequestId rid = new RequestId(serialNum); // just need a request, no need to get into a queue -// IRequest r = new EnrollmentRequest(rid); - CMS.debug("CertUtil: createLocalRequest for serial: "+ serialNum); + // IRequest r = new EnrollmentRequest(rid); + CMS.debug("CertUtil: createLocalRequest for serial: " + serialNum); IRequest req = queue.newRequest("enrollment"); CMS.debug("certUtil: newRequest called"); req.setExtData("profile", "true"); @@ -224,7 +222,7 @@ public class CertUtil { req.setExtData("requestor_phone", ""); req.setExtData("profileRemoteHost", ""); req.setExtData("profileRemoteAddr", ""); - req.setExtData("requestnotes",""); + req.setExtData("requestnotes", ""); req.setExtData("isencryptioncert", "false"); req.setExtData("profileapprovedby", "system"); @@ -235,13 +233,12 @@ public class CertUtil { return req; } -/** - * update local cert request with the actual request - * called from CertRequestPanel.java - */ - public static void updateLocalRequest(IConfigStore config, String certTag, String certReq, String reqType, String subjectName) - { - try { + /** + * update local cert request with the actual request called from + * CertRequestPanel.java + */ + public static void updateLocalRequest(IConfigStore config, String certTag, String certReq, String reqType, String subjectName) { + try { CMS.debug("Updating local request... certTag=" + certTag); RequestId rid = new RequestId(config.getString("preop.cert." + certTag + ".reqId")); @@ -262,54 +259,56 @@ public class CertUtil { } queue.updateRequest(req); } else { - CMS.debug("CertUtil:updateLocalRequest - request queue = null"); + CMS.debug("CertUtil:updateLocalRequest - request queue = null"); } } catch (Exception e) { CMS.debug("CertUtil:updateLocalRequest - Exception:" + e.toString()); } } -/** - * reads from the admin cert profile caAdminCert.profile and takes the first - * entry in the list of allowed algorithms. Users that wish a different algorithm - * can specify it in the profile using default.params.signingAlg - */ + /** + * reads from the admin cert profile caAdminCert.profile and takes the first + * entry in the list of allowed algorithms. Users that wish a different + * algorithm can specify it in the profile using default.params.signingAlg + */ public static String getAdminProfileAlgorithm(IConfigStore config) { String algorithm = "SHA256withRSA"; try { - String caSigningKeyType = config.getString("preop.cert.signing.keytype","rsa"); + String caSigningKeyType = config.getString("preop.cert.signing.keytype", "rsa"); String pfile = config.getString("profile.caAdminCert.config"); FileInputStream fis = new FileInputStream(pfile); DataInputStream in = new DataInputStream(fis); BufferedReader br = new BufferedReader(new InputStreamReader(in)); - String strLine; - while ((strLine = br.readLine()) != null) { - String marker2 = "default.params.signingAlg="; - int indx = strLine.indexOf(marker2); - if (indx != -1) { - String alg = strLine.substring(indx + marker2.length()); - if ((alg.length() > 0) && (!alg.equals("-"))) { - algorithm = alg; - break; - }; - }; - - String marker = "signingAlgsAllowed="; - indx = strLine.indexOf(marker); - if (indx != -1) { - String[] algs = strLine.substring(indx + marker.length()).split(","); - for (int i=0; i<algs.length; i++) { - if ((caSigningKeyType.equals("rsa") && (algs[i].indexOf("RSA") != -1)) || - (caSigningKeyType.equals("ecc") && (algs[i].indexOf("EC" ) != -1)) ) { - algorithm = algs[i]; - break; - } - } - } - } - in.close(); + String strLine; + while ((strLine = br.readLine()) != null) { + String marker2 = "default.params.signingAlg="; + int indx = strLine.indexOf(marker2); + if (indx != -1) { + String alg = strLine.substring(indx + marker2.length()); + if ((alg.length() > 0) && (!alg.equals("-"))) { + algorithm = alg; + break; + } + ; + } + ; + + String marker = "signingAlgsAllowed="; + indx = strLine.indexOf(marker); + if (indx != -1) { + String[] algs = strLine.substring(indx + marker.length()).split(","); + for (int i = 0; i < algs.length; i++) { + if ((caSigningKeyType.equals("rsa") && (algs[i].indexOf("RSA") != -1)) || + (caSigningKeyType.equals("ecc") && (algs[i].indexOf("EC") != -1))) { + algorithm = algs[i]; + break; + } + } + } + } + in.close(); } catch (Exception e) { CMS.debug("getAdminProfleAlgorithm: exception: " + e); } @@ -324,14 +323,15 @@ public class CertUtil { try { profile = config.getString(prefix + certTag + ".profile"); - } catch (Exception e) {} + } catch (Exception e) { + } X509CertImpl cert = null; ICertificateAuthority ca = null; ICertificateRepository cr = null; RequestId reqId = null; String profileId = null; - IRequestQueue queue = null; + IRequestQueue queue = null; IRequest req = null; try { @@ -355,7 +355,7 @@ public class CertUtil { CMS.debug("Creating local certificate... dn=" + dn); info = CryptoUtil.createX509CertInfo(x509key, serialNo.intValue(), dn, dn, date, date, keyAlgorithm); - } else { + } else { String issuerdn = config.getString("preop.cert.signing.dn", ""); CMS.debug("Creating local certificate... issuerdn=" + issuerdn); CMS.debug("Creating local certificate... dn=" + dn); @@ -375,7 +375,7 @@ public class CertUtil { queue = ca.getRequestQueue(); if (queue != null) { req = createLocalRequest(queue, serialNo.toString(), info); - CMS.debug("CertUtil profile name= "+profile); + CMS.debug("CertUtil profile name= " + profile); req.setExtData("req_key", x509key.toString()); // store original profile id in cert request @@ -387,7 +387,7 @@ public class CertUtil { String name = profile.substring(0, idx); req.setExtData("origprofileid", name); } - + // store mapped profile ID for use in renewal profileId = processor.getProfileIDMapping(); req.setExtData("profileid", profileId); @@ -399,7 +399,7 @@ public class CertUtil { CMS.debug("certUtil: requestQueue null"); } } catch (Exception e) { - CMS.debug("Creating local request exception:"+e.toString()); + CMS.debug("Creating local request exception:" + e.toString()); } processor.populate(info); @@ -410,36 +410,36 @@ public class CertUtil { PrivateKey caPrik = CryptoUtil.findPrivateKeyFromID( keyIDb); - if( caPrik == null ) { - CMS.debug( "CertUtil::createSelfSignedCert() - " - + "CA private key is null!" ); - throw new IOException( "CA private key is null" ); + if (caPrik == null) { + CMS.debug("CertUtil::createSelfSignedCert() - " + + "CA private key is null!"); + throw new IOException("CA private key is null"); } else { CMS.debug("CertUtil createSelfSignedCert: got CA private key"); } String keyAlgo = x509key.getAlgorithm(); CMS.debug("key algorithm is " + keyAlgo); - String caSigningKeyType = - config.getString("preop.cert.signing.keytype","rsa"); - String caSigningKeyAlgo = ""; - if (type.equals("selfsign")) { - caSigningKeyAlgo = config.getString("preop.cert.signing.keyalgorithm","SHA256withRSA"); + String caSigningKeyType = + config.getString("preop.cert.signing.keytype", "rsa"); + String caSigningKeyAlgo = ""; + if (type.equals("selfsign")) { + caSigningKeyAlgo = config.getString("preop.cert.signing.keyalgorithm", "SHA256withRSA"); } else { - caSigningKeyAlgo = config.getString("preop.cert.signing.signingalgorithm","SHA256withRSA"); + caSigningKeyAlgo = config.getString("preop.cert.signing.signingalgorithm", "SHA256withRSA"); } CMS.debug("CA Signing Key type " + caSigningKeyType); CMS.debug("CA Signing Key algorithm " + caSigningKeyAlgo); if (caSigningKeyType.equals("ecc")) { - CMS.debug("CA signing cert is ECC"); - cert = CryptoUtil.signECCCert(caPrik, info, - caSigningKeyAlgo); + CMS.debug("CA signing cert is ECC"); + cert = CryptoUtil.signECCCert(caPrik, info, + caSigningKeyAlgo); } else { - CMS.debug("CA signing cert is not ecc"); - cert = CryptoUtil.signCert(caPrik, info, - caSigningKeyAlgo); + CMS.debug("CA signing cert is not ecc"); + cert = CryptoUtil.signCert(caPrik, info, + caSigningKeyAlgo); } if (cert != null) { @@ -462,13 +462,13 @@ public class CertUtil { if (reqId != null) { meta.set(ICertRecord.META_REQUEST_ID, reqId.toString()); } - + meta.set(ICertRecord.META_PROFILE_ID, profileId); record = (ICertRecord) cr.createCertRecord( - cert.getSerialNumber(), cert, meta); + cert.getSerialNumber(), cert, meta); } catch (Exception e) { CMS.debug( - "NamePanel configCert: failed to add metainfo. Exception: " + e.toString()); + "NamePanel configCert: failed to add metainfo. Exception: " + e.toString()); } try { @@ -488,10 +488,10 @@ public class CertUtil { } if (req != null) { - // update request with cert + // update request with cert req.setExtData(IEnrollProfile.REQUEST_ISSUED_CERT, cert); - // store request in db + // store request in db try { CMS.debug("certUtil: before updateRequest"); if (queue != null) { @@ -507,21 +507,21 @@ public class CertUtil { public static void addUserCertificate(X509CertImpl cert) { IConfigStore cs = CMS.getConfigStore(); - int num=0; + int num = 0; try { num = cs.getInteger("preop.subsystem.count", 0); } catch (Exception e) { } IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); - String id = "user"+num; + String id = "user" + num; - try { - String sysType = cs.getString("cs.type", ""); - String machineName = cs.getString("machineName", ""); - String securePort = cs.getString("service.securePort", ""); - id = sysType + "-" + machineName + "-" + securePort; + try { + String sysType = cs.getString("cs.type", ""); + String machineName = cs.getString("machineName", ""); + String securePort = cs.getString("service.securePort", ""); + id = sysType + "-" + machineName + "-" + securePort; } catch (Exception e1) { - // ignore + // ignore } num++; @@ -566,7 +566,7 @@ public class CertUtil { system.addUserCert(user); CMS.debug("CertUtil addUserCertificate: successfully add the user certificate"); } catch (Exception e) { - CMS.debug("CertUtil addUserCertificate exception="+e.toString()); + CMS.debug("CertUtil addUserCertificate exception=" + e.toString()); } IGroup group = null; @@ -603,17 +603,17 @@ public class CertUtil { } if (content.length() > 0) result.append(content); - result.append("\n"); + result.append("\n"); return result.toString(); } public static boolean privateKeyExistsOnToken(String certTag, - String tokenname, String nickname) { + String tokenname, String nickname) { IConfigStore cs = CMS.getConfigStore(); String givenid = ""; try { - givenid = cs.getString("preop.cert."+certTag+".privkey.id"); + givenid = cs.getString("preop.cert." + certTag + ".privkey.id"); } catch (Exception e) { CMS.debug("CertUtil privateKeyExistsOnToken: we did not generate private key yet."); return false; @@ -624,7 +624,7 @@ public class CertUtil { boolean hardware = false; if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) { hardware = true; - fullnickname = tokenname+":"+nickname; + fullnickname = tokenname + ":" + nickname; } X509Certificate cert = null; @@ -633,7 +633,7 @@ public class CertUtil { cm = CryptoManager.getInstance(); cert = cm.findCertByNickname(fullnickname); } catch (Exception e) { - CMS.debug("CertUtil privateKeyExistsOnToken: nickname="+fullnickname+" Exception:"+e.toString()); + CMS.debug("CertUtil privateKeyExistsOnToken: nickname=" + fullnickname + " Exception:" + e.toString()); return false; } @@ -641,19 +641,19 @@ public class CertUtil { try { privKey = cm.findPrivKeyByCert(cert); } catch (Exception e) { - CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("+fullnickname+") exception: "+e.toString()); + CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" + fullnickname + ") exception: " + e.toString()); return false; } if (privKey == null) { - CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("+fullnickname+")"); + CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" + fullnickname + ")"); return false; } else { String str = ""; try { str = CryptoUtil.byte2string(privKey.getUniqueID()); } catch (Exception e) { - CMS.debug("CertUtil privateKeyExistsOnToken: encode string Exception: "+e.toString()); + CMS.debug("CertUtil privateKeyExistsOnToken: encode string Exception: " + e.toString()); } if (str.equals(givenid)) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java index b3c10b6e..a28ae76b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java @@ -36,7 +36,6 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.xml.XMLObject; - public class CheckIdentity extends CMSServlet { /** @@ -52,6 +51,7 @@ public class CheckIdentity extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -61,7 +61,8 @@ public class CheckIdentity extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -74,12 +75,12 @@ public class CheckIdentity extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { CMS.debug("CheckIdentity authentication failed"); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, "Error: Not authenticated"); return; - } + } try { XMLObject xmlObj = null; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java index f2587300..b538dbb5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.util.Enumeration; import javax.servlet.http.HttpServletRequest; @@ -28,7 +27,6 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; - public abstract class ConfigBaseServlet extends BaseServlet { /** * @@ -50,7 +48,7 @@ public abstract class ConfigBaseServlet extends BaseServlet { public abstract void display(HttpServletRequest request, HttpServletResponse response, Context context); - public abstract void update(HttpServletRequest request, + public abstract void update(HttpServletRequest request, HttpServletResponse response, Context context); public abstract Template getTemplate(HttpServletRequest request, @@ -64,29 +62,29 @@ public abstract class ConfigBaseServlet extends BaseServlet { while (paramNames.hasMoreElements()) { String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( pn.startsWith("__") || - pn.endsWith("password") || - pn.endsWith("passwd") || - pn.endsWith("pwd") || - pn.equalsIgnoreCase("admin_password_again") || - pn.equalsIgnoreCase("directoryManagerPwd") || - pn.equalsIgnoreCase("bindpassword") || - pn.equalsIgnoreCase("bindpwd") || - pn.equalsIgnoreCase("passwd") || - pn.equalsIgnoreCase("password") || - pn.equalsIgnoreCase("pin") || - pn.equalsIgnoreCase("pwd") || - pn.equalsIgnoreCase("pwdagain") || - pn.equalsIgnoreCase("uPasswd") ) { - CMS.debug("ConfigBaseServlet::service() param name='" + pn + - "' value='(sensitive)'" ); + if (pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("ConfigBaseServlet::service() param name='" + pn + + "' value='(sensitive)'"); } else { - CMS.debug("ConfigBaseServlet::service() param name='" + pn + - "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("ConfigBaseServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); } } } @@ -97,7 +95,7 @@ public abstract class ConfigBaseServlet extends BaseServlet { public Template process(HttpServletRequest request, HttpServletResponse response, Context context) { - + if (CMS.debugOn()) { outputHttpParameters(request); } @@ -107,16 +105,16 @@ public abstract class ConfigBaseServlet extends BaseServlet { } else { update(request, response, context); } - + Template template = null; - + try { context.put("name", "Velocity Test"); template = getTemplate(request, response, context); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } - + return template; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java index d95c85d1..956c285b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java @@ -20,16 +20,14 @@ package com.netscape.cms.servlet.csadmin; import org.mozilla.jss.crypto.X509Certificate; import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; - -public class ConfigCertApprovalCallback - implements SSLCertificateApprovalCallback { +public class ConfigCertApprovalCallback + implements SSLCertificateApprovalCallback { public ConfigCertApprovalCallback() { } public boolean approve(X509Certificate cert, - SSLCertificateApprovalCallback.ValidityStatus status) { - return true; + SSLCertificateApprovalCallback.ValidityStatus status) { + return true; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java index 37493b6b..b04de414 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class ConfigCertReqServlet extends BaseServlet { /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java index e7d88a35..ed1d9cc0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class ConfigCloneServlet extends BaseServlet { /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java index 08ebf08e..2b4a82a0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -28,7 +27,6 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.IConfigStore; - public class ConfigDatabaseServlet extends ConfigBaseServlet { /** @@ -47,7 +45,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { try { modified = cs.getString("preop.configDatabase.modified", ""); - } catch (Exception e) {} + } catch (Exception e) { + } if (modified.equals("true")) { return true; @@ -75,7 +74,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { basedn = cs.getString("internaldb.basedn", ""); binddn = cs.getString("internaldb.ldapauth.bindDN", ""); database = cs.getString("internaldb.database", ""); - } catch (Exception e) {} + } catch (Exception e) { + } } else { hostname = HOST; portStr = PORT; @@ -113,7 +113,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { int port = -1; try { - port = Integer.parseInt(portStr); + port = Integer.parseInt(portStr); cs.putInteger("internaldb.ldapconn.port", port); } catch (Exception e) { errorString = "Port is invalid"; @@ -159,7 +159,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { CMS.debug("ConfigDatabaseServlet update: " + e.toString()); return; } - psStore.putString("internaldb", bindpwd); + psStore.putString("internaldb", bindpwd); } else { errorString = "Bind password is empty string"; } @@ -189,7 +189,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { Context context) { try { return Velocity.getTemplate("admin/console/config/config_db.vm"); - } catch (Exception e) {} + } catch (Exception e) { + } return null; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java index d04fbf2f..fa9dbb05 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.FileNotFoundException; import java.io.IOException; @@ -46,7 +45,8 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { private CryptoManager mCryptoManager = null; private String mPwdFilePath = ""; - public ConfigHSMLoginPanel() {} + public ConfigHSMLoginPanel() { + } public void init(ServletConfig config, int panelno) throws ServletException { try { @@ -132,7 +132,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { CMS.debug("ConfigHSMLoginPanel: passwrd file path: " + e.toString()); } CMS.debug("ConfigHSMLoginPanel: checking if passwd in cache"); - String tokPwd = pr.getPassword("hardware-"+tokName); + String tokPwd = pr.getPassword("hardware-" + tokName); boolean loggedIn = false; @@ -157,48 +157,52 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { password = new Password(tokPwd.toCharArray()); try { - if (token.passwordIsInitialized()) { - CMS.debug( - "ConfigHSMLoginPanel: loginToken():token password is initialized"); - if (!token.isLoggedIn()) { - CMS.debug( - "ConfigHSMLoginPanel: loginToken():Token is not logged in, try it"); - token.login(password); - context.put("status", "justLoggedIn"); - } else { - CMS.debug( - "ConfigHSMLoginPanel:Token has already logged on"); - context.put("status", "alreadyLoggedIn"); - } - } else { - CMS.debug( - "ConfigHSMLoginPanel: loginToken():Token password not initialized"); - context.put("status", "tokenPasswordNotInitialized"); - rv = false; - } - - } catch (IncorrectPasswordException e) { - context.put("status", "incorrectPassword"); - context.put("errorString", e.toString()); - CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); - rv = false; - } catch (Exception e) { - CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); - context.put("errorString", e.toString()); - rv = false; - } + if (token.passwordIsInitialized()) { + CMS.debug( + "ConfigHSMLoginPanel: loginToken():token password is initialized"); + if (!token.isLoggedIn()) { + CMS.debug( + "ConfigHSMLoginPanel: loginToken():Token is not logged in, try it"); + token.login(password); + context.put("status", "justLoggedIn"); + } else { + CMS.debug( + "ConfigHSMLoginPanel:Token has already logged on"); + context.put("status", "alreadyLoggedIn"); + } + } else { + CMS.debug( + "ConfigHSMLoginPanel: loginToken():Token password not initialized"); + context.put("status", "tokenPasswordNotInitialized"); + rv = false; + } + + } catch (IncorrectPasswordException e) { + context.put("status", "incorrectPassword"); + context.put("errorString", e.toString()); + CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); + rv = false; + } catch (Exception e) { + CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); + context.put("errorString", e.toString()); + rv = false; + } return rv; } // XXX how do you do this? public PropertySet getUsage() { PropertySet set = new PropertySet(); - - Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, "", "", null); /* no default parameters */ + + Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, "", "", null); /* + * no + * default + * parameters + */ set.add( "choice", choiceDesc); - + return set; } @@ -220,10 +224,10 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { select = cs.getString("preop.subsystem.select", ""); } catch (Exception e) { } - -// if (select.equals("clone")) - // return; - + + // if (select.equals("clone")) + // return; + CMS.debug("ConfigHSMLoginPanel: in update()"); String uTokName = null; @@ -233,7 +237,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { uPasswd = HttpInput.getPassword(request, "__uPasswd"); } catch (Exception e) { } - + if (uPasswd == null) { CMS.debug("ConfigHSMLoginPanel: password not found"); context.put("error", "no password"); @@ -270,13 +274,13 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { PlainPasswordWriter pw = new PlainPasswordWriter(); pw.init(mPwdFilePath); - pw.putPassword("hardware-"+uTokName, uPasswd); + pw.putPassword("hardware-" + uTokName, uPasswd); pw.commit(); } catch (FileNotFoundException e) { CMS.debug( "ConfigHSMLoginPanel: update(): Exception caught: " - + e.toString() + " writing to "+ mPwdFilePath); + + e.toString() + " writing to " + mPwdFilePath); CMS.debug( "ConfigHSMLoginPanel: update(): password not written to cache"); System.err.println("Exception caught: " + e.toString()); @@ -288,7 +292,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { System.err.println("Exception caught: " + e.toString()); context.put("error", "Exception:" + e.toString()); } - + } // found password context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); @@ -308,4 +312,3 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java index bfc6e278..9428ecce 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.util.Enumeration; import java.util.Hashtable; import java.util.Vector; @@ -39,7 +38,6 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.IConfigStore; import com.netscape.cmsutil.crypto.Module; - public class ConfigHSMServlet extends ConfigBaseServlet { /** * @@ -131,9 +129,9 @@ public class ConfigHSMServlet extends ConfigBaseServlet { } else { CMS.debug( "ConfigHSMServlet: token " + token.getName() - + " not to be added"); + + " not to be added"); } - + } catch (TokenException ex) { CMS.debug("ConfigHSMServlet:" + ex.toString()); } @@ -165,11 +163,11 @@ public class ConfigHSMServlet extends ConfigBaseServlet { if ((cn == null) || (cn.equals(""))) { break; } - + CMS.debug("ConfigHSMServlet: got from config module: " + cn); // create a Module object Module module = new Module(cn, pn, img); - + if (mCurrModTable.containsKey(cn)) { CMS.debug("ConfigHSMServlet: module found: " + cn); module.setFound(true); @@ -178,7 +176,7 @@ public class ConfigHSMServlet extends ConfigBaseServlet { loadModTokens(module, m); } - + CMS.debug("ConfigHSMServlet: adding module " + cn); // add module to set if (!mSupportedModules.contains(module)) { @@ -290,8 +288,8 @@ public class ConfigHSMServlet extends ConfigBaseServlet { Context context) { try { return Velocity.getTemplate("admin/console/config/config_hsm.vm"); - } catch (Exception e) {} + } catch (Exception e) { + } return null; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java index 3b3b8a64..c65e559d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class ConfigImportCertServlet extends BaseServlet { /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java index 01917303..5d50193c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -30,7 +29,6 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.cmsutil.crypto.CryptoUtil; - public class ConfigJoinServlet extends ConfigBaseServlet { /** @@ -52,12 +50,13 @@ public class ConfigJoinServlet extends ConfigBaseServlet { public boolean isPanelModified() { IConfigStore config = CMS.getConfigStore(); - + String cert = null; try { cert = config.getString("preop.join.cert", null); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } if (cert == null || cert.equals("")) { return false; } else { @@ -69,7 +68,7 @@ public class ConfigJoinServlet extends ConfigBaseServlet { * Displays panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, + HttpServletResponse response, Context context) { IConfigStore config = CMS.getConfigStore(); @@ -85,7 +84,8 @@ public class ConfigJoinServlet extends ConfigBaseServlet { CryptoUtil.string2byte(pubKeyPublicExponent), CryptoUtil.string2byte(priKeyID)); context.put("certreq", pkcs10); - } catch (Exception e) {} + } catch (Exception e) { + } String select = "auto"; boolean select_manual = true; @@ -94,8 +94,8 @@ public class ConfigJoinServlet extends ConfigBaseServlet { try { select = config.getString("preop.join.select", null); } catch (EBaseException e) { - CMS.debug( "ConfigJoinServlet::display() - " - + "Exception="+e.toString() ); + CMS.debug("ConfigJoinServlet::display() - " + + "Exception=" + e.toString()); return; } if (select.equals("auto")) { @@ -109,12 +109,13 @@ public class ConfigJoinServlet extends ConfigBaseServlet { String cert = config.getString("preop.join.cert", ""); context.put("cert", cert); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } } else { context.put("cert", ""); } - if (select_manual) { + if (select_manual) { context.put("check_manual", "checked"); context.put("check_auto", ""); } else { @@ -128,7 +129,7 @@ public class ConfigJoinServlet extends ConfigBaseServlet { * Updates panel. */ public void update(HttpServletRequest request, - HttpServletResponse response, + HttpServletResponse response, Context context) { CMS.debug("JoinServlet: update"); IConfigStore config = CMS.getConfigStore(); @@ -160,9 +161,10 @@ public class ConfigJoinServlet extends ConfigBaseServlet { } config.putString("preop.join.select", select); config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } } - + public Template getTemplate(HttpServletRequest request, HttpServletResponse response, Context context) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java index 895c75ac..44046fdc 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.util.Vector; import javax.servlet.http.HttpServletRequest; @@ -32,7 +31,6 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.profile.CertInfoProfile; - public class ConfigRootCAServlet extends ConfigBaseServlet { /** @@ -54,12 +52,13 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { public boolean isPanelModified() { IConfigStore config = CMS.getConfigStore(); - + String profile = null; try { profile = config.getString("preop.hierarchy.profile", null); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } if (profile == null || profile.equals("")) { return false; } else { @@ -73,7 +72,8 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { try { instancePath = config.getString("instanceRoot"); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } String p[] = { "caCert.profile" }; Vector profiles = new Vector(); @@ -81,13 +81,14 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { try { profiles.addElement( new CertInfoProfile(instancePath + "/conf/" + p[i])); - } catch (Exception e) {} + } catch (Exception e) { + } } return profiles; } public void display(HttpServletRequest request, - HttpServletResponse response, + HttpServletResponse response, Context context) { IConfigStore config = CMS.getConfigStore(); String profile = null; @@ -95,7 +96,8 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { if (isPanelModified()) { try { profile = config.getString("preop.hierarchy.profile", null); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } if (profile == null) { profile = "caCert.profile"; @@ -108,15 +110,16 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { } public void update(HttpServletRequest request, - HttpServletResponse response, + HttpServletResponse response, Context context) { String profile = request.getParameter("profile"); IConfigStore config = CMS.getConfigStore(); config.putString("preop.hierarchy.profile", profile); try { - config.commit(false); - } catch (Exception e) {} + config.commit(false); + } catch (Exception e) { + } context.put("status", "update"); context.put("error", ""); Vector profiles = getProfiles(); @@ -124,7 +127,7 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { context.put("profiles", profiles); context.put("selected_profile_id", profile); } - + public Template getTemplate(HttpServletRequest request, HttpServletResponse response, Context context) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java index daf14c9e..377043d5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.net.URL; import java.util.StringTokenizer; @@ -39,19 +38,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class CreateSubsystemPanel extends WizardPanelBase { - public CreateSubsystemPanel() {} + public CreateSubsystemPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Subsystem Selection"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Subsystem Type"); setId(id); @@ -72,15 +72,16 @@ public class CreateSubsystemPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -112,8 +113,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { context.put("check_newsubsystem", ""); context.put("check_clonesubsystem", "checked"); } - context.put("subsystemName", - config.getString("preop.subsystem.name")); + context.put("subsystemName", + config.getString("preop.subsystem.name")); } catch (Exception e) { CMS.debug(e.toString()); } @@ -121,8 +122,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { context.put("check_newsubsystem", "checked"); context.put("check_clonesubsystem", ""); try { - context.put("subsystemName", - config.getString("preop.system.fullname")); + context.put("subsystemName", + config.getString("preop.system.fullname")); } catch (Exception e) { CMS.debug(e.toString()); } @@ -144,7 +145,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { } catch (EBaseException e) { } - Vector v = getUrlListFromSecurityDomain(config, cstype, "SecurePort" ); + Vector v = getUrlListFromSecurityDomain(config, cstype, "SecurePort"); StringBuffer list = new StringBuffer(); int size = v.size(); @@ -164,7 +165,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { errorString = "Internal error, cs.type is missing from CS.cfg"; } - if (list.length()==0) + if (list.length() == 0) context.put("disableClone", "true"); context.put("panel", "admin/console/config/createsubsystempanel.vm"); @@ -196,8 +197,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { throw new IOException("choice not found"); } - config.putString("preop.subsystem.name", - HttpInput.getName(request, "subsystemName")); + config.putString("preop.subsystem.name", + HttpInput.getName(request, "subsystemName")); if (select.equals("newsubsystem")) { config.putString("preop.subsystem.select", "new"); config.putString("subsystem.select", "New"); @@ -209,7 +210,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { } cstype = toLowerCaseSubsystemType(cstype); - + config.putString("preop.subsystem.select", "clone"); config.putString("subsystem.select", "Clone"); @@ -223,9 +224,9 @@ public class CreateSubsystemPanel extends WizardPanelBase { while (t.hasMoreTokens()) { String tag = t.nextToken(); if (tag.equals("sslserver")) - config.putBoolean(PCERT_PREFIX+tag+".enable", true); - else - config.putBoolean(PCERT_PREFIX+tag+".enable", false); + config.putBoolean(PCERT_PREFIX + tag + ".enable", true); + else + config.putBoolean(PCERT_PREFIX + tag + ".enable", false); } // get the master CA @@ -254,10 +255,10 @@ public class CreateSubsystemPanel extends WizardPanelBase { String host = u.getHost(); int https_ee_port = u.getPort(); - String https_admin_port = getSecurityDomainAdminPort( config, + String https_admin_port = getSecurityDomainAdminPort(config, host, String.valueOf(https_ee_port), - cstype ); + cstype); config.putString("preop.master.hostname", host); config.putInteger("preop.master.httpsport", https_ee_port); @@ -265,12 +266,12 @@ public class CreateSubsystemPanel extends WizardPanelBase { ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); if (cstype.equals("ca")) { - updateCertChainUsingSecureEEPort( config, "clone", host, https_ee_port, - true, context, certApprovalCallback ); + updateCertChainUsingSecureEEPort(config, "clone", host, https_ee_port, + true, context, certApprovalCallback); } - getTokenInfo(config, cstype, host, https_ee_port, true, context, - certApprovalCallback); + getTokenInfo(config, cstype, host, https_ee_port, true, context, + certApprovalCallback); } else { CMS.debug("CreateSubsystemPanel: invalid choice " + select); errorString = "Invalid choice"; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java index e18d86cf..a69f462a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.BufferedReader; import java.io.File; import java.io.FileOutputStream; @@ -64,7 +63,7 @@ import com.netscape.cmsutil.ldap.LDAPUtil; public class DatabasePanel extends WizardPanelBase { private static final String HOST = "localhost"; - private static final String CLONE_HOST="Enter FQDN here"; + private static final String CLONE_HOST = "Enter FQDN here"; private static final String PORT = "389"; private static final String BASEDN = "o=netscapeCertificateServer"; private static final String BINDDN = "cn=Directory Manager"; @@ -74,19 +73,20 @@ public class DatabasePanel extends WizardPanelBase { private WizardServlet mServlet = null; - public DatabasePanel() {} + public DatabasePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Internal Database"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Internal Database"); setId(id); @@ -109,7 +109,8 @@ public class DatabasePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -120,7 +121,7 @@ public class DatabasePanel extends WizardPanelBase { "Host name"); set.add("hostname", hostDesc); - + Descriptor portDesc = new Descriptor(IDescriptor.INTEGER, null, null, "Port"); @@ -130,14 +131,14 @@ public class DatabasePanel extends WizardPanelBase { "Base DN"); set.add("basedn", basednDesc); - + Descriptor binddnDesc = new Descriptor(IDescriptor.STRING, null, null, "Bind DN"); set.add("binddn", binddnDesc); Descriptor bindpwdDesc = new Descriptor(IDescriptor.PASSWORD, null, null, - "Bind Password"); + "Bind Password"); set.add("bindpwd", bindpwdDesc); @@ -187,8 +188,8 @@ public class DatabasePanel extends WizardPanelBase { basedn = cs.getString("internaldb.basedn", ""); binddn = cs.getString("internaldb.ldapauth.bindDN", ""); database = cs.getString("internaldb.database", ""); - secure = cs.getString("internaldb.ldapconn.secureConn", ""); - cloneStartTLS = cs.getString("internaldb.ldapconn.cloneStartTLS", ""); + secure = cs.getString("internaldb.ldapconn.secureConn", ""); + cloneStartTLS = cs.getString("internaldb.ldapconn.cloneStartTLS", ""); errorString = cs.getString("preop.database.errorString", ""); } catch (Exception e) { CMS.debug("DatabasePanel display: " + e.toString()); @@ -199,12 +200,12 @@ public class DatabasePanel extends WizardPanelBase { try { basedn = cs.getString("internaldb.basedn", ""); } catch (Exception e) { - CMS.debug( "DatabasePanel::display() - " - + "Exception="+e.toString() ); + CMS.debug("DatabasePanel::display() - " + + "Exception=" + e.toString()); return; } binddn = BINDDN; - database = basedn.substring(basedn.lastIndexOf('=')+1); + database = basedn.substring(basedn.lastIndexOf('=') + 1); CMS.debug("Clone: database=" + database); } else { hostname = HOST; @@ -223,11 +224,10 @@ public class DatabasePanel extends WizardPanelBase { boolean multipleEnable = false; try { multipleEnable = cs.getBoolean( - "internaldb.multipleSuffix.enable", false); + "internaldb.multipleSuffix.enable", false); } catch (Exception e) { } - - + if (multipleEnable) basedn = "ou=" + instanceId + "," + suffix; else @@ -243,15 +243,14 @@ public class DatabasePanel extends WizardPanelBase { context.put("binddn", binddn); context.put("bindpwd", bindpwd); context.put("database", database); - context.put("secureConn", (secure.equals("true")? "on":"off")); - context.put("cloneStartTLS", (cloneStartTLS.equals("true")? "on":"off")); + context.put("secureConn", (secure.equals("true") ? "on" : "off")); + context.put("cloneStartTLS", (cloneStartTLS.equals("true") ? "on" : "off")); context.put("panel", "admin/console/config/databasepanel.vm"); context.put("errorString", errorString); } public void initParams(HttpServletRequest request, Context context) - throws IOException - { + throws IOException { IConfigStore config = CMS.getConfigStore(); String select = ""; try { @@ -323,7 +322,7 @@ public class DatabasePanel extends WizardPanelBase { } catch (Exception e) { } - //get the real host name + // get the real host name String realhostname = ""; if (hostname.equals("localhost")) { try { @@ -395,8 +394,7 @@ public class DatabasePanel extends WizardPanelBase { } private LDAPConnection getLocalLDAPConn(Context context, String secure) - throws IOException - { + throws IOException { IConfigStore cs = CMS.getConfigStore(); String host = ""; @@ -409,7 +407,7 @@ public class DatabasePanel extends WizardPanelBase { host = cs.getString("internaldb.ldapconn.host"); port = cs.getString("internaldb.ldapconn.port"); binddn = cs.getString("internaldb.ldapauth.bindDN"); - pwd = (String) context.get("bindpwd"); + pwd = (String) context.get("bindpwd"); security = cs.getString("internaldb.ldapconn.secureConn"); } catch (Exception e) { CMS.debug("DatabasePanel populateDB: " + e.toString()); @@ -428,12 +426,12 @@ public class DatabasePanel extends WizardPanelBase { LDAPConnection conn = null; if (security.equals("true")) { - CMS.debug("DatabasePanel populateDB: creating secure (SSL) connection for internal ldap"); - conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); - } else { - CMS.debug("DatabasePanel populateDB: creating non-secure (non-SSL) connection for internal ldap"); - conn = new LDAPConnection(); - } + CMS.debug("DatabasePanel populateDB: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + } else { + CMS.debug("DatabasePanel populateDB: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); + } CMS.debug("DatabasePanel connecting to " + host + ":" + p); try { @@ -443,81 +441,78 @@ public class DatabasePanel extends WizardPanelBase { throw new IOException("Failed to connect to the internal database."); } - return conn; + return conn; } - private boolean deleteDir(File dir) - { + private boolean deleteDir(File dir) { if (dir.isDirectory()) { String[] children = dir.list(); - for (int i=0; i<children.length; i++) { + for (int i = 0; i < children.length; i++) { boolean success = deleteDir(new File(dir, children[i])); if (!success) { return false; } } } - + // The directory is now empty so delete it return dir.delete(); - } + } - private void cleanupDB(LDAPConnection conn, String baseDN, String database) - { + private void cleanupDB(LDAPConnection conn, String baseDN, String database) { String[] entries = {}; String filter = "objectclass=*"; LDAPSearchConstraints cons = null; String[] attrs = null; - String dn=""; + String dn = ""; try { CMS.debug("Deleting baseDN: " + baseDN); LDAPSearchResults res = conn.search(baseDN, LDAPConnection.SCOPE_BASE, filter, - attrs, true, cons); - if (res != null) - deleteEntries(res, conn, baseDN, entries); + attrs, true, cons); + if (res != null) + deleteEntries(res, conn, baseDN, entries); + } catch (LDAPException e) { } - catch (LDAPException e) {} - + try { - dn="cn=mapping tree, cn=config"; - filter = "nsslapd-backend=" + database; - LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, - attrs, true, cons); - if (res != null) { - while (res.hasMoreElements()) { - dn = res.next().getDN(); - filter = "objectclass=*"; - LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, - attrs, true, cons); - if (res2 != null) - deleteEntries(res2, conn, dn, entries); - } - } - } - catch (LDAPException e) {} + dn = "cn=mapping tree, cn=config"; + filter = "nsslapd-backend=" + database; + LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, + attrs, true, cons); + if (res != null) { + while (res.hasMoreElements()) { + dn = res.next().getDN(); + filter = "objectclass=*"; + LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, + attrs, true, cons); + if (res2 != null) + deleteEntries(res2, conn, dn, entries); + } + } + } catch (LDAPException e) { + } try { dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config"; LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, - attrs, true, cons); + attrs, true, cons); if (res != null) { deleteEntries(res, conn, dn, entries); - String dbdir = getInstanceDir(conn) + "/db/" + database; - if (dbdir != null) { - CMS.debug(" Deleting dbdir " + dbdir); + String dbdir = getInstanceDir(conn) + "/db/" + database; + if (dbdir != null) { + CMS.debug(" Deleting dbdir " + dbdir); boolean success = deleteDir(new File(dbdir)); if (!success) { CMS.debug("Unable to delete database directory " + dbdir); } } } + } catch (LDAPException e) { } - catch (LDAPException e) {} } - - private void populateDB(HttpServletRequest request, Context context, String secure) - throws IOException { + private void populateDB(HttpServletRequest request, Context context, String secure) + throws IOException { IConfigStore cs = CMS.getConfigStore(); String baseDN = ""; @@ -542,41 +537,44 @@ public class DatabasePanel extends WizardPanelBase { boolean foundDatabase = false; try { LDAPEntry entry = conn.read(baseDN); - if (entry != null) foundBaseDN = true; + if (entry != null) + foundBaseDN = true; } catch (LDAPException e) { - switch( e.getLDAPResultCode() ) { - case LDAPException.NO_SUCH_OBJECT: - break; - default: - CMS.debug("DatabasePanel update: LDAPException " + e.toString()); - throw new IOException("Failed to create the database"); + switch (e.getLDAPResultCode()) { + case LDAPException.NO_SUCH_OBJECT: + break; + default: + CMS.debug("DatabasePanel update: LDAPException " + e.toString()); + throw new IOException("Failed to create the database"); } } try { dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config"; LDAPEntry entry = conn.read(dn); - if (entry != null) foundDatabase = true; + if (entry != null) + foundDatabase = true; } catch (LDAPException e) { - switch( e.getLDAPResultCode() ) { - case LDAPException.NO_SUCH_OBJECT: - break; - default: - CMS.debug("DatabasePanel update: LDAPException " + e.toString()); - throw new IOException("Failed to create the database"); + switch (e.getLDAPResultCode()) { + case LDAPException.NO_SUCH_OBJECT: + break; + default: + CMS.debug("DatabasePanel update: LDAPException " + e.toString()); + throw new IOException("Failed to create the database"); } } try { dn = "cn=\"" + baseDN + "\",cn=mapping tree, cn=config"; LDAPEntry entry = conn.read(dn); - if (entry != null) foundDatabase = true; + if (entry != null) + foundDatabase = true; } catch (LDAPException e) { - switch( e.getLDAPResultCode() ) { - case LDAPException.NO_SUCH_OBJECT: - break; - default: - CMS.debug("DatabasePanel update: LDAPException " + e.toString()); - throw new IOException("Failed to create the database"); + switch (e.getLDAPResultCode()) { + case LDAPException.NO_SUCH_OBJECT: + break; + default: + CMS.debug("DatabasePanel update: LDAPException " + e.toString()); + throw new IOException("Failed to create the database"); } } @@ -584,8 +582,7 @@ public class DatabasePanel extends WizardPanelBase { CMS.debug("DatabasePanel update: This database has already been used."); if (remove == null) { throw new IOException("This database has already been used. Select the checkbox below to remove all data and reuse this database"); - } - else { + } else { CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN"); cleanupDB(conn, baseDN, database); foundBaseDN = false; @@ -596,9 +593,8 @@ public class DatabasePanel extends WizardPanelBase { if (foundBaseDN) { CMS.debug("DatabasePanel update: This base DN has already been used."); if (remove == null) { - throw new IOException("This base DN ("+baseDN+") has already been used. Select the checkbox below to remove all data and reuse this base DN"); - } - else { + throw new IOException("This base DN (" + baseDN + ") has already been used. Select the checkbox below to remove all data and reuse this base DN"); + } else { CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN"); cleanupDB(conn, baseDN, database); foundBaseDN = false; @@ -609,7 +605,7 @@ public class DatabasePanel extends WizardPanelBase { // create database try { LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc[] = { "top", "extensibleObject", "nsBackendInstance"}; + String oc[] = { "top", "extensibleObject", "nsBackendInstance" }; attrs.add(new LDAPAttribute("objectClass", oc)); attrs.add(new LDAPAttribute("cn", database)); attrs.add(new LDAPAttribute("nsslapd-suffix", baseDN)); @@ -623,7 +619,7 @@ public class DatabasePanel extends WizardPanelBase { try { LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc2[] = { "top", "extensibleObject", "nsMappingTree"}; + String oc2[] = { "top", "extensibleObject", "nsMappingTree" }; attrs.add(new LDAPAttribute("objectClass", oc2)); attrs.add(new LDAPAttribute("cn", baseDN)); attrs.add(new LDAPAttribute("nsslapd-backend", database)); @@ -644,19 +640,19 @@ public class DatabasePanel extends WizardPanelBase { String n = st.nextToken(); String v = st.nextToken(); LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc3[] = { "top", "domain"}; + String oc3[] = { "top", "domain" }; if (n.equals("o")) { - oc3[1] = "organization"; + oc3[1] = "organization"; } else if (n.equals("ou")) { - oc3[1] = "organizationalUnit"; - } + oc3[1] = "organizationalUnit"; + } attrs.add(new LDAPAttribute("objectClass", oc3)); attrs.add(new LDAPAttribute(n, v)); LDAPEntry entry = new LDAPEntry(baseDN, attrs); conn.add(entry); } catch (Exception e) { CMS.debug("Warning: suffix creation error - " + e.toString()); - throw new IOException("Failed to create the base DN: "+baseDN); + throw new IOException("Failed to create the base DN: " + baseDN); } // check to see if the base dn exists @@ -666,15 +662,17 @@ public class DatabasePanel extends WizardPanelBase { LDAPEntry entry = conn.read(baseDN); if (entry != null) { - foundBaseDN = true; + foundBaseDN = true; } - } catch (LDAPException e) {} + } catch (LDAPException e) { + } boolean createBaseDN = true; boolean testing = false; try { testing = cs.getBoolean("internaldb.multipleSuffix.enable", false); - } catch (Exception e) {} + } catch (Exception e) { + } if (!foundBaseDN) { if (!testing) { @@ -697,7 +695,7 @@ public class DatabasePanel extends WizardPanelBase { // support only one level creation - create new entry // right under the suffix LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc[] = { "top", "organizationalUnit"}; + String oc[] = { "top", "organizationalUnit" }; attrs.add(new LDAPAttribute("objectClass", oc)); attrs.add(new LDAPAttribute("ou", dns2[0])); @@ -705,7 +703,7 @@ public class DatabasePanel extends WizardPanelBase { try { conn.add(entry); - foundBaseDN = true; + foundBaseDN = true; CMS.debug("DatabasePanel added " + baseDN); } catch (LDAPException e) { throw new IOException("Failed to create " + baseDN); @@ -723,25 +721,26 @@ public class DatabasePanel extends WizardPanelBase { } if (select.equals("clone")) { - // if this is clone, add index before replication - // don't put in the schema or bad things will happen - - importLDIFS("preop.internaldb.ldif", conn); - importLDIFS("preop.internaldb.index_ldif", conn); + // if this is clone, add index before replication + // don't put in the schema or bad things will happen + + importLDIFS("preop.internaldb.ldif", conn); + importLDIFS("preop.internaldb.index_ldif", conn); } else { - // data will be replicated from the master to the clone - // so clone does not need the data - // + // data will be replicated from the master to the clone + // so clone does not need the data + // - importLDIFS("preop.internaldb.schema.ldif", conn); - importLDIFS("preop.internaldb.ldif", conn); - importLDIFS("preop.internaldb.data_ldif", conn); - importLDIFS("preop.internaldb.index_ldif", conn); + importLDIFS("preop.internaldb.schema.ldif", conn); + importLDIFS("preop.internaldb.ldif", conn); + importLDIFS("preop.internaldb.data_ldif", conn); + importLDIFS("preop.internaldb.index_ldif", conn); } try { conn.disconnect(); - } catch (LDAPException e) {} + } catch (LDAPException e) { + } } private void importLDIFS(String param, LDAPConnection conn) throws IOException { @@ -751,11 +750,11 @@ public class DatabasePanel extends WizardPanelBase { CMS.debug("DatabasePanel populateDB param=" + param); try { v = cs.getString(param); - } catch (EBaseException e) { + } catch (EBaseException e) { CMS.debug("DatabasePanel populateDB: " + e.toString()); throw new IOException("Cant find ldif files."); } - + StringTokenizer tokenizer = new StringTokenizer(v, ","); String baseDN = null; String database = null; @@ -787,13 +786,12 @@ public class DatabasePanel extends WizardPanelBase { String instanceId = null; try { - instanceId = cs.getString("instanceId"); + instanceId = cs.getString("instanceId"); } catch (EBaseException e) { throw new IOException("instanceId is missing"); } - - String configDir = instancePath + File.separator + "conf"; + String configDir = instancePath + File.separator + "conf"; while (tokenizer.hasMoreTokens()) { String token = tokenizer.nextToken().trim(); @@ -846,11 +844,11 @@ public class DatabasePanel extends WizardPanelBase { if (!endOfline) { ps.println(s); } - } + } } in.close(); ps.close(); - } catch (Exception e) { + } catch (Exception e) { CMS.debug("DBSubsystem popuateDB: " + e.toString()); throw new IOException( "Problem of copying ldif file: " + filename); @@ -867,7 +865,7 @@ public class DatabasePanel extends WizardPanelBase { HttpServletResponse response, Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); - boolean hasErr = false; + boolean hasErr = false; boolean firsttime = false; context.put("firsttime", "false"); @@ -903,17 +901,19 @@ public class DatabasePanel extends WizardPanelBase { cs.putString("internaldb.ldapauth.bindDN", binddn); cs.putString("internaldb.database", database2); String secure = HttpInput.getCheckbox(request, "secureConn"); - cs.putString("internaldb.ldapconn.secureConn", (secure.equals("on")?"true":"false")); + cs.putString("internaldb.ldapconn.secureConn", (secure.equals("on") ? "true" : "false")); String cloneStartTLS = HttpInput.getCheckbox(request, "cloneStartTLS"); - cs.putString("internaldb.ldapconn.cloneStartTLS", (cloneStartTLS.equals("on")?"true":"false")); + cs.putString("internaldb.ldapconn.cloneStartTLS", (cloneStartTLS.equals("on") ? "true" : "false")); String remove = HttpInput.getID(request, "removeData"); if (isPanelDone() && (remove == null || remove.equals(""))) { - /* if user submits the same data, they just want to skip - to the next panel, no database population is required. */ - if (hostname1.equals(hostname2) && - portStr1.equals(portStr2) && - database1.equals(database2)) { + /* + * if user submits the same data, they just want to skip to the next + * panel, no database population is required. + */ + if (hostname1.equals(hostname2) && + portStr1.equals(portStr2) && + database1.equals(database2)) { context.put("updateStatus", "success"); return; } @@ -921,15 +921,14 @@ public class DatabasePanel extends WizardPanelBase { mServlet.cleanUpFromPanel(mServlet.getPanelNo(request)); - try { - populateDB(request, context, (secure.equals("on")?"true":"false")); + populateDB(request, context, (secure.equals("on") ? "true" : "false")); } catch (IOException e) { - CMS.debug("DatabasePanel update: populateDB Exception: "+e.toString()); + CMS.debug("DatabasePanel update: populateDB Exception: " + e.toString()); context.put("updateStatus", "failure"); throw e; } catch (Exception e) { - CMS.debug("DatabasePanel update: populateDB Exception: "+e.toString()); + CMS.debug("DatabasePanel update: populateDB Exception: " + e.toString()); context.put("errorString", e.toString()); cs.putString("preop.database.errorString", e.toString()); context.put("updateStatus", "failure"); @@ -950,11 +949,11 @@ public class DatabasePanel extends WizardPanelBase { } catch (Exception e) { CMS.debug("ConfigDatabaseServlet update: " + e.toString()); context.put("updateStatus", "failure"); - throw new IOException( e.toString() ); + throw new IOException(e.toString()); } psStore.putString("internaldb", bindpwd); psStore.putString("replicationdb", replicationpwd); - cs.putString("preop.internaldb.replicationpwd" , replicationpwd); + cs.putString("preop.internaldb.replicationpwd", replicationpwd); cs.putString("preop.database.removeData", "false"); try { @@ -983,57 +982,58 @@ public class DatabasePanel extends WizardPanelBase { // always populate the index the last try { - CMS.debug("Populating local indexes"); - LDAPConnection conn = getLocalLDAPConn(context, - (secure.equals("on")?"true":"false")); - importLDIFS("preop.internaldb.post_ldif", conn); - - /* For vlvtask, we need to check if the task has - been completed or not. Presence of nsTaskExitCode means task is complete - */ - String wait_dn = cs.getString("preop.internaldb.wait_dn", ""); - if (!wait_dn.equals("")) { - int i = 0; - LDAPEntry task = null; - boolean taskComplete = false; - CMS.debug("Checking wait_dn " + wait_dn); - do { - Thread.sleep(1000); - try { - task = conn.read(wait_dn, (String[])null); - if (task != null) { - LDAPAttribute attr = task.getAttribute("nsTaskExitCode"); - if (attr != null) { - taskComplete = true; - String val = (String) attr.getStringValues().nextElement(); - if (val.compareTo("0") != 0) { - CMS.debug("Error in populating local indexes: nsTaskExitCode=" + val); - } - } + CMS.debug("Populating local indexes"); + LDAPConnection conn = getLocalLDAPConn(context, + (secure.equals("on") ? "true" : "false")); + importLDIFS("preop.internaldb.post_ldif", conn); + + /* + * For vlvtask, we need to check if the task has been completed or + * not. Presence of nsTaskExitCode means task is complete + */ + String wait_dn = cs.getString("preop.internaldb.wait_dn", ""); + if (!wait_dn.equals("")) { + int i = 0; + LDAPEntry task = null; + boolean taskComplete = false; + CMS.debug("Checking wait_dn " + wait_dn); + do { + Thread.sleep(1000); + try { + task = conn.read(wait_dn, (String[]) null); + if (task != null) { + LDAPAttribute attr = task.getAttribute("nsTaskExitCode"); + if (attr != null) { + taskComplete = true; + String val = (String) attr.getStringValues().nextElement(); + if (val.compareTo("0") != 0) { + CMS.debug("Error in populating local indexes: nsTaskExitCode=" + val); + } + } + } + } catch (LDAPException le) { + CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + le.toString() + ")"); + } catch (Exception e) { + CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + e.toString() + ")."); + } + } while ((!taskComplete) && (i < 20)); + if (i < 20) { + CMS.debug("Done checking wait_dn " + wait_dn); + } else { + CMS.debug("Done checking wait_dn " + wait_dn + " due to timeout."); } - } catch (LDAPException le) { - CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + le.toString() + ")"); - } catch (Exception e) { - CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + e.toString() + ")."); - } - } while ((!taskComplete) && (i < 20)); - if (i < 20) { - CMS.debug("Done checking wait_dn " + wait_dn); - } else { - CMS.debug("Done checking wait_dn " + wait_dn + " due to timeout."); } - } - conn.disconnect(); - CMS.debug("Done populating local indexes"); + conn.disconnect(); + CMS.debug("Done populating local indexes"); } catch (Exception e) { - CMS.debug("Populating index failure - " + e); + CMS.debug("Populating index failure - " + e); } // setup replication after indexes have been created if (select.equals("clone")) { CMS.debug("Start setting up replication."); - setupReplication(request, context, (secure.equals("on")?"true":"false"), (cloneStartTLS.equals("on")?"true":"false")); + setupReplication(request, context, (secure.equals("on") ? "true" : "false"), (cloneStartTLS.equals("on") ? "true" : "false")); CMS.debug("Finish setting up replication."); try { @@ -1048,25 +1048,24 @@ public class DatabasePanel extends WizardPanelBase { } } - if (hasErr == false) { - cs.putBoolean("preop.Database.done", true); - try { - cs.commit(false); - } catch (EBaseException e) { - CMS.debug( - "DatabasePanel: update() Exception caught at config commit: " - + e.toString()); - } - } + cs.putBoolean("preop.Database.done", true); + try { + cs.commit(false); + } catch (EBaseException e) { + CMS.debug( + "DatabasePanel: update() Exception caught at config commit: " + + e.toString()); + } + } context.put("updateStatus", "success"); } private void setupReplication(HttpServletRequest request, - Context context, String secure, String cloneStartTLS) throws IOException { + Context context, String secure, String cloneStartTLS) throws IOException { String bindpwd = HttpInput.getPassword(request, "__bindpwd"); IConfigStore cs = CMS.getConfigStore(); - + String cstype = ""; String machinename = ""; String instanceId = ""; @@ -1078,13 +1077,12 @@ public class DatabasePanel extends WizardPanelBase { } catch (Exception e) { } - - //setup replication agreement - String masterAgreementName = "masterAgreement1-"+machinename+"-"+instanceId; + // setup replication agreement + String masterAgreementName = "masterAgreement1-" + machinename + "-" + instanceId; cs.putString("internaldb.replication.master", masterAgreementName); - String cloneAgreementName = "cloneAgreement1-"+machinename+"-"+instanceId; + String cloneAgreementName = "cloneAgreement1-" + machinename + "-" + instanceId; cs.putString("internaldb.replication.consumer", cloneAgreementName); - + try { cs.commit(false); } catch (Exception e) { @@ -1119,18 +1117,18 @@ public class DatabasePanel extends WizardPanelBase { master2_replicationpwd = cs.getString("preop.internaldb.replicationpwd", ""); } catch (Exception e) { } - + LDAPConnection conn1 = null; LDAPConnection conn2 = null; if (secure.equals("true")) { - CMS.debug("DatabasePanel setupReplication: creating secure (SSL) connections for internal ldap"); - conn1 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); - conn2 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); - } else { - CMS.debug("DatabasePanel setupreplication: creating non-secure (non-SSL) connections for internal ldap"); - conn1 = new LDAPConnection(); - conn2 = new LDAPConnection(); - } + CMS.debug("DatabasePanel setupReplication: creating secure (SSL) connections for internal ldap"); + conn1 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + conn2 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + } else { + CMS.debug("DatabasePanel setupreplication: creating non-secure (non-SSL) connections for internal ldap"); + conn1 = new LDAPConnection(); + conn2 = new LDAPConnection(); + } String basedn = ""; try { @@ -1140,13 +1138,13 @@ public class DatabasePanel extends WizardPanelBase { try { conn1.connect(master1_hostname, master1_port, master1_binddn, - master1_bindpwd); + master1_bindpwd); conn2.connect(master2_hostname, master2_port, master2_binddn, - master2_bindpwd); + master2_bindpwd); String suffix = cs.getString("internaldb.basedn", ""); - String replicadn = "cn=replica,cn=\""+suffix+"\",cn=mapping tree,cn=config"; - CMS.debug("DatabasePanel setupReplication: replicadn="+replicadn); + String replicadn = "cn=replica,cn=\"" + suffix + "\",cn=mapping tree,cn=config"; + CMS.debug("DatabasePanel setupReplication: replicadn=" + replicadn); String masterBindUser = "Replication Manager " + masterAgreementName; String cloneBindUser = "Replication Manager " + cloneAgreementName; @@ -1168,16 +1166,16 @@ public class DatabasePanel extends WizardPanelBase { CMS.debug("DatabasePanel setupReplication: Finished enabling replication"); - createReplicationAgreement(replicadn, conn1, masterAgreementName, - master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure, cloneStartTLS); + createReplicationAgreement(replicadn, conn1, masterAgreementName, + master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure, cloneStartTLS); - createReplicationAgreement(replicadn, conn2, cloneAgreementName, - master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure, cloneStartTLS); + createReplicationAgreement(replicadn, conn2, cloneAgreementName, + master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure, cloneStartTLS); // initialize consumer initializeConsumer(replicadn, conn1, masterAgreementName); - while (! replicationDone(replicadn, conn1, masterAgreementName)) { + while (!replicationDone(replicadn, conn1, masterAgreementName)) { CMS.debug("DatabasePanel setupReplication: Waiting for replication to complete"); Thread.sleep(1000); } @@ -1185,12 +1183,12 @@ public class DatabasePanel extends WizardPanelBase { String status = replicationStatus(replicadn, conn1, masterAgreementName); if (!status.startsWith("0 ")) { CMS.debug("DatabasePanel setupReplication: consumer initialization failed. " + - status); + status); throw new IOException("consumer initialization failed. " + status); - } + } } catch (Exception e) { - CMS.debug("DatabasePanel setupReplication: "+e.toString()); + CMS.debug("DatabasePanel setupReplication: " + e.toString()); throw new IOException("Failed to setup the replication for cloning."); } } @@ -1203,15 +1201,15 @@ public class DatabasePanel extends WizardPanelBase { Context context) { try { - initParams(request, context); - } catch (IOException e) { + initParams(request, context); + } catch (IOException e) { } context.put("title", "Database"); context.put("panel", "admin/console/config/databasepanel.vm"); } private void createReplicationManager(LDAPConnection conn, String bindUser, String pwd) - throws LDAPException { + throws LDAPException { LDAPAttributeSet attrs = null; LDAPEntry entry = null; String dn = "cn=" + bindUser + ",cn=config"; @@ -1231,11 +1229,11 @@ public class DatabasePanel extends WizardPanelBase { conn.delete(dn); conn.add(entry); } catch (LDAPException ee) { - CMS.debug("DatabasePanel createReplicationManager: "+ee.toString()); + CMS.debug("DatabasePanel createReplicationManager: " + ee.toString()); } return; } else { - CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: "+e.toString()); + CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: " + e.toString()); throw e; } } @@ -1244,7 +1242,7 @@ public class DatabasePanel extends WizardPanelBase { } private void createChangeLog(LDAPConnection conn, String dir) - throws LDAPException { + throws LDAPException { LDAPAttributeSet attrs = null; LDAPEntry entry = null; String dn = "cn=changelog5,cn=config"; @@ -1259,17 +1257,15 @@ public class DatabasePanel extends WizardPanelBase { } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) { CMS.debug("DatabasePanel createChangeLog: Changelog entry has already used"); -/* leave it, dont delete it because it will have operation error - try { - conn.delete(dn); - conn.add(entry); - } catch (LDAPException ee) { - CMS.debug("DatabasePanel createChangeLog: "+ee.toString()); - } -*/ + /* + * leave it, dont delete it because it will have operation error + * try { conn.delete(dn); conn.add(entry); } catch + * (LDAPException ee) { + * CMS.debug("DatabasePanel createChangeLog: "+ee.toString()); } + */ return; } else { - CMS.debug("DatabasePanel createChangeLog: Failed to create changelog entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel createChangeLog: Failed to create changelog entry. Exception: " + e.toString()); throw e; } } @@ -1278,8 +1274,8 @@ public class DatabasePanel extends WizardPanelBase { } private int enableReplication(String replicadn, LDAPConnection conn, String bindUser, String basedn, int id) - throws LDAPException { - CMS.debug("DatabasePanel enableReplication: replicadn: "+replicadn); + throws LDAPException { + CMS.debug("DatabasePanel enableReplication: replicadn: " + replicadn); LDAPAttributeSet attrs = null; LDAPEntry entry = null; try { @@ -1290,7 +1286,7 @@ public class DatabasePanel extends WizardPanelBase { attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn)); attrs.add(new LDAPAttribute("nsDS5ReplicaType", "3")); attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", - "cn=" + bindUser + ",cn=config")); + "cn=" + bindUser + ",cn=config")); attrs.add(new LDAPAttribute("cn", "replica")); attrs.add(new LDAPAttribute("nsDS5ReplicaId", Integer.toString(id))); attrs.add(new LDAPAttribute("nsds5flags", "1")); @@ -1298,49 +1294,51 @@ public class DatabasePanel extends WizardPanelBase { conn.add(entry); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) { - /* BZ 470918 -we cant just add the new dn. We need to do a replace instead - * until the DS code is fixed */ - CMS.debug("DatabasePanel enableReplication: "+replicadn+" has already been used"); - + /* + * BZ 470918 -we cant just add the new dn. We need to do a + * replace instead until the DS code is fixed + */ + CMS.debug("DatabasePanel enableReplication: " + replicadn + " has already been used"); + try { entry = conn.read(replicadn); LDAPAttribute attr = entry.getAttribute("nsDS5ReplicaBindDN"); - attr.addValue( "cn=" + bindUser + ",cn=config"); + attr.addValue("cn=" + bindUser + ",cn=config"); LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr); conn.modify(replicadn, mod); } catch (LDAPException ee) { - CMS.debug("DatabasePanel enableReplication: Failed to modify " - +replicadn+" entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel enableReplication: Failed to modify " + + replicadn + " entry. Exception: " + e.toString()); } return id; } else { - CMS.debug("DatabasePanel enableReplication: Failed to create "+replicadn+" entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel enableReplication: Failed to create " + replicadn + " entry. Exception: " + e.toString()); return id; } } - CMS.debug("DatabasePanel enableReplication: Successfully create "+replicadn+" entry."); + CMS.debug("DatabasePanel enableReplication: Successfully create " + replicadn + " entry."); return id + 1; } - private void createReplicationAgreement(String replicadn, - LDAPConnection conn, String name, String replicahost, int replicaport, - String replicapwd, String basedn, String bindUser, String secure, String cloneStartTLS) throws LDAPException { - String dn = "cn="+name+","+replicadn; - CMS.debug("DatabasePanel createReplicationAgreement: dn: "+dn); + private void createReplicationAgreement(String replicadn, + LDAPConnection conn, String name, String replicahost, int replicaport, + String replicapwd, String basedn, String bindUser, String secure, String cloneStartTLS) throws LDAPException { + String dn = "cn=" + name + "," + replicadn; + CMS.debug("DatabasePanel createReplicationAgreement: dn: " + dn); LDAPEntry entry = null; LDAPAttributeSet attrs = null; try { attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); attrs.add(new LDAPAttribute("objectclass", - "nsds5replicationagreement")); + "nsds5replicationagreement")); attrs.add(new LDAPAttribute("cn", name)); attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn)); attrs.add(new LDAPAttribute("nsDS5ReplicaHost", replicahost)); - attrs.add(new LDAPAttribute("nsDS5ReplicaPort", ""+replicaport)); + attrs.add(new LDAPAttribute("nsDS5ReplicaPort", "" + replicaport)); attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", - "cn=" + bindUser + ",cn=config")); + "cn=" + bindUser + ",cn=config")); attrs.add(new LDAPAttribute("nsDS5ReplicaBindMethod", "Simple")); attrs.add(new LDAPAttribute("nsds5replicacredentials", replicapwd)); @@ -1351,50 +1349,50 @@ public class DatabasePanel extends WizardPanelBase { } CMS.debug("About to set description attr to " + name); - attrs.add(new LDAPAttribute("description",name)); + attrs.add(new LDAPAttribute("description", name)); entry = new LDAPEntry(dn, attrs); conn.add(entry); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) { - CMS.debug("DatabasePanel createReplicationAgreement: "+dn+" has already used"); + CMS.debug("DatabasePanel createReplicationAgreement: " + dn + " has already used"); try { conn.delete(dn); } catch (LDAPException ee) { - CMS.debug("DatabasePanel createReplicationAgreement: "+ee.toString()); + CMS.debug("DatabasePanel createReplicationAgreement: " + ee.toString()); throw ee; } try { conn.add(entry); } catch (LDAPException ee) { - CMS.debug("DatabasePanel createReplicationAgreement: "+ee.toString()); + CMS.debug("DatabasePanel createReplicationAgreement: " + ee.toString()); throw ee; } } else { - CMS.debug("DatabasePanel createReplicationAgreement: Failed to create "+dn+" entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel createReplicationAgreement: Failed to create " + dn + " entry. Exception: " + e.toString()); throw e; } } - CMS.debug("DatabasePanel createReplicationAgreement: Successfully create replication agreement "+name); + CMS.debug("DatabasePanel createReplicationAgreement: Successfully create replication agreement " + name); } - private void initializeConsumer(String replicadn, LDAPConnection conn, - String name) { - String dn = "cn="+name+","+replicadn; - CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: "+dn); - CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: "+conn.getHost() + " port: " + conn.getPort()); + private void initializeConsumer(String replicadn, LDAPConnection conn, + String name) { + String dn = "cn=" + name + "," + replicadn; + CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: " + dn); + CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: " + conn.getHost() + " port: " + conn.getPort()); try { LDAPAttribute attr = new LDAPAttribute("nsds5beginreplicarefresh", - "start"); + "start"); LDAPModification mod = new LDAPModification( - LDAPModification.REPLACE, attr); + LDAPModification.REPLACE, attr); CMS.debug("DatabasePanel initializeConsumer: start modifying"); conn.modify(dn, mod); CMS.debug("DatabasePanel initializeConsumer: Finish modification."); } catch (LDAPException e) { - CMS.debug("DatabasePanel initializeConsumer: Failed to modify "+dn+" entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel initializeConsumer: Failed to modify " + dn + " entry. Exception: " + e.toString()); return; } catch (Exception e) { CMS.debug("DatabasePanel initializeConsumer: exception " + e); @@ -1405,33 +1403,33 @@ public class DatabasePanel extends WizardPanelBase { Thread.sleep(5000); CMS.debug("DatabasePanel initializeConsumer: finish sleeping."); } catch (InterruptedException ee) { - CMS.debug("DatabasePanel initializeConsumer: exception: "+ee.toString()); + CMS.debug("DatabasePanel initializeConsumer: exception: " + ee.toString()); } CMS.debug("DatabasePanel initializeConsumer: Successfully initialize consumer"); } - private boolean replicationDone(String replicadn, LDAPConnection conn, String name) - throws IOException { - String dn = "cn="+name+","+replicadn; + private boolean replicationDone(String replicadn, LDAPConnection conn, String name) + throws IOException { + String dn = "cn=" + name + "," + replicadn; String filter = "(objectclass=*)"; - String[] attrs = {"nsds5beginreplicarefresh"}; + String[] attrs = { "nsds5beginreplicarefresh" }; - CMS.debug("DatabasePanel replicationDone: dn: "+dn); + CMS.debug("DatabasePanel replicationDone: dn: " + dn); try { LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, - attrs, true); + attrs, true); int count = results.getCount(); if (count < 1) { throw new IOException("Replication entry not found"); - } - + } + LDAPEntry entry = results.next(); LDAPAttribute refresh = entry.getAttribute("nsds5beginreplicarefresh"); if (refresh == null) { return true; - } + } return false; } catch (Exception e) { CMS.debug("DatabasePanel replicationDone: exception " + e); @@ -1439,29 +1437,29 @@ public class DatabasePanel extends WizardPanelBase { } } - private String replicationStatus(String replicadn, LDAPConnection conn, String name) - throws IOException { - String dn = "cn="+name+","+replicadn; + private String replicationStatus(String replicadn, LDAPConnection conn, String name) + throws IOException { + String dn = "cn=" + name + "," + replicadn; String filter = "(objectclass=*)"; - String[] attrs = {"nsds5replicalastinitstatus"}; + String[] attrs = { "nsds5replicalastinitstatus" }; String status = null; - CMS.debug("DatabasePanel replicationStatus: dn: "+dn); + CMS.debug("DatabasePanel replicationStatus: dn: " + dn); try { LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, - attrs, false); + attrs, false); int count = results.getCount(); if (count < 1) { throw new IOException("Replication entry not found"); - } + } LDAPEntry entry = results.next(); LDAPAttribute attr = entry.getAttribute("nsds5replicalastinitstatus"); if (attr != null) { Enumeration valsInAttr = attr.getStringValues(); if (valsInAttr.hasMoreElements()) { - return (String)valsInAttr.nextElement(); + return (String) valsInAttr.nextElement(); } else { throw new IOException("No value returned for nsds5replicalastinitstatus"); } @@ -1475,35 +1473,35 @@ public class DatabasePanel extends WizardPanelBase { } private String getInstanceDir(LDAPConnection conn) { - String instancedir=""; + String instancedir = ""; try { String filter = "(objectclass=*)"; - String[] attrs = {"nsslapd-directory"}; + String[] attrs = { "nsslapd-directory" }; LDAPSearchResults results = conn.search("cn=config,cn=ldbm database,cn=plugins,cn=config", LDAPv3.SCOPE_SUB, - filter, attrs, false); + filter, attrs, false); while (results.hasMoreElements()) { LDAPEntry entry = results.next(); String dn = entry.getDN(); - CMS.debug("DatabasePanel getInstanceDir: DN for storing nsslapd-directory: "+dn); + CMS.debug("DatabasePanel getInstanceDir: DN for storing nsslapd-directory: " + dn); LDAPAttributeSet entryAttrs = entry.getAttributeSet(); Enumeration attrsInSet = entryAttrs.getAttributes(); while (attrsInSet.hasMoreElements()) { - LDAPAttribute nextAttr = (LDAPAttribute)attrsInSet.nextElement(); + LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet.nextElement(); String attrName = nextAttr.getName(); - CMS.debug("DatabasePanel getInstanceDir: attribute name: "+attrName); + CMS.debug("DatabasePanel getInstanceDir: attribute name: " + attrName); Enumeration valsInAttr = nextAttr.getStringValues(); - while ( valsInAttr.hasMoreElements() ) { - String nextValue = (String)valsInAttr.nextElement(); + while (valsInAttr.hasMoreElements()) { + String nextValue = (String) valsInAttr.nextElement(); if (attrName.equalsIgnoreCase("nsslapd-directory")) { - CMS.debug("DatabasePanel getInstanceDir: instanceDir="+nextValue); - return nextValue.substring(0,nextValue.lastIndexOf("/db")); + CMS.debug("DatabasePanel getInstanceDir: instanceDir=" + nextValue); + return nextValue.substring(0, nextValue.lastIndexOf("/db")); } } } } } catch (LDAPException e) { - CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: "+e.toString()); + CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: " + e.toString()); } return instancedir; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java index d8fd7526..c44f6113 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class DatabaseServlet extends BaseServlet { /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java index 1e1b6dec..f0a995fe 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.net.URLEncoder; import java.util.Locale; @@ -42,25 +41,26 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class DisplayCertChainPanel extends WizardPanelBase { - public DisplayCertChainPanel() {} + public DisplayCertChainPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Display Certificate Chain"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Display Certificate Chain"); setId(id); } - - public boolean isSubPanel() { + + public boolean isSubPanel() { return true; } @@ -70,7 +70,7 @@ public class DisplayCertChainPanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - + return set; } @@ -86,8 +86,8 @@ public class DisplayCertChainPanel extends WizardPanelBase { IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - try { - String select = cs.getString("securitydomain.select",""); + try { + String select = cs.getString("securitydomain.select", ""); String type = cs.getString("preop.subsystem.select", ""); String hierarchy = cs.getString("preop.hierarchy.select", ""); @@ -117,7 +117,7 @@ public class DisplayCertChainPanel extends WizardPanelBase { Context context) { CMS.debug("DisplayCertChainPanel: display"); - // update session id + // update session id String session_id = request.getParameter("session_id"); if (session_id != null) { CMS.debug("DisplayCertChainPanel setting session id."); @@ -132,7 +132,8 @@ public class DisplayCertChainPanel extends WizardPanelBase { try { certchain_size = cs.getString(certChainConfigName, ""); - } catch (Exception e) {} + } catch (Exception e) { + } int size = 0; Vector v = new Vector(); @@ -140,20 +141,22 @@ public class DisplayCertChainPanel extends WizardPanelBase { if (!certchain_size.equals("")) { try { size = Integer.parseInt(certchain_size); - } catch (Exception e) {} + } catch (Exception e) { + } for (int i = 0; i < size; i++) { certChainConfigName = "preop." + type + ".certchain." + i; try { String c = cs.getString(certChainConfigName, ""); byte[] b_c = CryptoUtil.base64Decode(c); CertPrettyPrint pp = new CertPrettyPrint( - new X509CertImpl(b_c)); + new X509CertImpl(b_c)); v.addElement(pp.toString(Locale.getDefault())); - } catch (Exception e) {} + } catch (Exception e) { + } } } - + if (getId().equals("securitydomain")) { context.put("panelid", "securitydomain"); context.put("panelname", "Security Domain Trust Verification"); @@ -184,7 +187,7 @@ public class DisplayCertChainPanel extends WizardPanelBase { importCertChain(getId()); if (getId().equals("securitydomain")) { - int panel = getPanelNo()+1; + int panel = getPanelNo() + 1; IConfigStore cs = CMS.getConfigStore(); try { String sd_hostname = cs.getString("securitydomain.host", ""); @@ -192,23 +195,23 @@ public class DisplayCertChainPanel extends WizardPanelBase { String cs_hostname = cs.getString("machineName", ""); int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1); String subsystem = cs.getString("cs.type", ""); - String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem; + String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + toLowerCaseSubsystemType(subsystem) + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem; String encodedValue = URLEncoder.encode(urlVal, "UTF-8"); - String sdurl = "https://"+sd_hostname+":"+sd_port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue; + String sdurl = "https://" + sd_hostname + ":" + sd_port + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue; response.sendRedirect(sdurl); // The user previously specified the CA Security Domain's // SSL Admin port in the "Security Domain Panel"; // now retrieve this specified CA Security Domain's // non-SSL EE, SSL Agent, and SSL EE ports: - cs.putString( "securitydomain.httpport", - getSecurityDomainPort( cs, "UnSecurePort" ) ); - cs.putString("securitydomain.httpsagentport", - getSecurityDomainPort( cs, "SecureAgentPort" ) ); - cs.putString("securitydomain.httpseeport", - getSecurityDomainPort( cs, "SecurePort" ) ); + cs.putString("securitydomain.httpport", + getSecurityDomainPort(cs, "UnSecurePort")); + cs.putString("securitydomain.httpsagentport", + getSecurityDomainPort(cs, "SecureAgentPort")); + cs.putString("securitydomain.httpseeport", + getSecurityDomainPort(cs, "SecurePort")); } catch (Exception ee) { - CMS.debug("DisplayCertChainPanel Exception="+ee.toString()); + CMS.debug("DisplayCertChainPanel Exception=" + ee.toString()); } } context.put("updateStatus", "success"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java index 00871921..3bb8c73c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class DisplayServlet extends BaseServlet { /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java index 9669ddb1..ed12465f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.math.BigInteger; import java.net.URLEncoder; @@ -58,22 +57,23 @@ public class DonePanel extends WizardPanelBase { public static final BigInteger BIG_ZERO = new BigInteger("0"); public static final Long MINUS_ONE = Long.valueOf(-1); public static final String RESTART_SERVER_AFTER_CONFIGURATION = - "restart_server_after_configuration"; + "restart_server_after_configuration"; public static final String PKI_SECURITY_DOMAIN = "pki_security_domain"; - public DonePanel() {} + public DonePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Done"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Done"); setId(id); @@ -88,15 +88,14 @@ public class DonePanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } private LDAPConnection getLDAPConn(Context context) - throws IOException - { + throws IOException { IConfigStore cs = CMS.getConfigStore(); String host = ""; @@ -112,8 +111,8 @@ public class DonePanel extends WizardPanelBase { pwd = pwdStore.getPassword("internaldb"); } - if ( pwd == null) { - throw new IOException("DonePanel: Failed to obtain password from password store"); + if (pwd == null) { + throw new IOException("DonePanel: Failed to obtain password from password store"); } try { @@ -138,11 +137,11 @@ public class DonePanel extends WizardPanelBase { LDAPConnection conn = null; if (security.equals("true")) { - CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap"); - conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); } else { - CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); - conn = new LDAPConnection(); + CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); } CMS.debug("DonePanel connecting to " + host + ":" + p); @@ -153,10 +152,9 @@ public class DonePanel extends WizardPanelBase { throw new IOException("Failed to connect to the internal database."); } - return conn; + return conn; } - /** * Display the panel. */ @@ -165,7 +163,7 @@ public class DonePanel extends WizardPanelBase { Context context) { CMS.debug("DonePanel: display()"); - // update session id + // update session id String session_id = request.getParameter("session_id"); if (session_id != null) { CMS.debug("NamePanel setting session id."); @@ -193,31 +191,32 @@ public class DonePanel extends WizardPanelBase { instanceRoot = cs.getString("instanceRoot"); select = cs.getString("preop.subsystem.select", ""); systemdService = cs.getString("pkicreate.systemd.servicename", ""); - } catch (Exception e) {} + } catch (Exception e) { + } String initDaemon = ""; if (type.equals("CA")) { - initDaemon = "pki-cad"; + initDaemon = "pki-cad"; } else if (type.equals("KRA")) { - initDaemon = "pki-krad"; + initDaemon = "pki-krad"; } else if (type.equals("OCSP")) { - initDaemon = "pki-ocspd"; + initDaemon = "pki-ocspd"; } else if (type.equals("TKS")) { - initDaemon = "pki-tksd"; + initDaemon = "pki-tksd"; } - String os = System.getProperty( "os.name" ); - if( os.equalsIgnoreCase( "Linux" ) ) { - if (! systemdService.equals("")) { - context.put( "initCommand", "/bin/systemctl"); - context.put( "instanceId", systemdService ); + String os = System.getProperty("os.name"); + if (os.equalsIgnoreCase("Linux")) { + if (!systemdService.equals("")) { + context.put("initCommand", "/bin/systemctl"); + context.put("instanceId", systemdService); } else { - context.put( "initCommand", "/sbin/service " + initDaemon ); - context.put( "instanceId", instanceId ); + context.put("initCommand", "/sbin/service " + initDaemon); + context.put("instanceId", instanceId); } } else { - /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ - context.put( "initCommand", "/etc/init.d/" + initDaemon ); - context.put( "instanceId", instanceId ); + /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ + context.put("initCommand", "/etc/init.d/" + initDaemon); + context.put("instanceId", instanceId); } context.put("title", "Done"); context.put("panel", "admin/console/config/donepanel.vm"); @@ -233,7 +232,7 @@ public class DonePanel extends WizardPanelBase { return; } else context.put("csstate", "0"); - + } catch (Exception e) { } @@ -280,11 +279,11 @@ public class DonePanel extends WizardPanelBase { String basedn = cs.getString("internaldb.basedn"); String secdomain = cs.getString("securitydomain.name"); - try { + try { // Create security domain ldap entry String dn = "ou=Security Domain," + basedn; CMS.debug("DonePanel: creating ldap entry : " + dn); - + LDAPEntry entry = null; LDAPAttributeSet attrs = null; attrs = new LDAPAttributeSet(); @@ -305,10 +304,10 @@ public class DonePanel extends WizardPanelBase { throw e; } - try { + try { // create list containers - String clist[] = {"CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList"}; - for (int i=0; i< clist.length; i++) { + String clist[] = { "CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList" }; + for (int i = 0; i < clist.length; i++) { LDAPEntry entry = null; LDAPAttributeSet attrs = null; String dn = "cn=" + clist[i] + ",ou=Security Domain," + basedn; @@ -320,12 +319,12 @@ public class DonePanel extends WizardPanelBase { conn.add(entry); } } catch (Exception e) { - CMS.debug("Unable to create security domain list groups" ); + CMS.debug("Unable to create security domain list groups"); throw e; - } + } try { - // Add this host (only CA can create new domain) + // Add this host (only CA can create new domain) String cn = ownhost + ":" + ownadminsport; String dn = "cn=" + cn + ",cn=CAList,ou=Security Domain," + basedn; LDAPEntry entry = null; @@ -340,8 +339,8 @@ public class DonePanel extends WizardPanelBase { attrs.add(new LDAPAttribute("SecureAdminPort", ownadminsport)); if (owneeclientauthsport != null) { - attrs.add(new LDAPAttribute("SecureEEClientAuthPort", - owneeclientauthsport)); + attrs.add(new LDAPAttribute("SecureEEClientAuthPort", + owneeclientauthsport)); } attrs.add(new LDAPAttribute("UnSecurePort", ownport)); attrs.add(new LDAPAttribute("Clone", "FALSE")); @@ -357,31 +356,32 @@ public class DonePanel extends WizardPanelBase { CMS.debug("DonePanel display: finish updating domain info"); conn.disconnect(); } catch (Exception e) { - CMS.debug("DonePanel display: "+e.toString()); + CMS.debug("DonePanel display: " + e.toString()); } int sd_admin_port_int = -1; try { - sd_admin_port_int = Integer.parseInt( sd_admin_port ); + sd_admin_port_int = Integer.parseInt(sd_admin_port); } catch (Exception e) { } try { // Fetch the "new" security domain and display it - CMS.debug( "Dump contents of new Security Domain . . ." ); - String c = getDomainXML( sd_host, sd_admin_port_int, true ); - } catch( Exception e ) {} + CMS.debug("Dump contents of new Security Domain . . ."); + String c = getDomainXML(sd_host, sd_admin_port_int, true); + } catch (Exception e) { + } // Since this instance is a new Security Domain, // create an empty file to designate this fact. String security_domain = instanceRoot + "/conf/" + PKI_SECURITY_DOMAIN; - if( !Utils.isNT() ) { - Utils.exec( "touch " + security_domain ); - Utils.exec( "chmod 00660 " + security_domain ); + if (!Utils.isNT()) { + Utils.exec("touch " + security_domain); + Utils.exec("chmod 00660 " + security_domain); } - } else { //existing domain + } else { // existing domain int sd_agent_port_int = -1; int sd_admin_port_int = -1; try { @@ -398,34 +398,34 @@ public class DonePanel extends WizardPanelBase { cloneStr = "&clone=false"; String domainMasterStr = ""; - if (cloneMaster) + if (cloneMaster) domainMasterStr = "&dm=true"; - else - domainMasterStr = "&dm=false"; + else + domainMasterStr = "&dm=false"; String eecaStr = ""; - if (owneeclientauthsport != null) - eecaStr="&eeclientauthsport=" + owneeclientauthsport; + if (owneeclientauthsport != null) + eecaStr = "&eeclientauthsport=" + owneeclientauthsport; - updateDomainXML( sd_host, sd_agent_port_int, true, - "/ca/agent/ca/updateDomainXML", + updateDomainXML(sd_host, sd_agent_port_int, true, + "/ca/agent/ca/updateDomainXML", "list=" + s - + "&type=" + type - + "&host=" + ownhost - + "&name=" + subsystemName - + "&sport=" + ownsport - + domainMasterStr - + cloneStr - + "&agentsport=" + ownagentsport - + "&adminsport=" + ownadminsport - + eecaStr - + "&httpport=" + ownport ); + + "&type=" + type + + "&host=" + ownhost + + "&name=" + subsystemName + + "&sport=" + ownsport + + domainMasterStr + + cloneStr + + "&agentsport=" + ownagentsport + + "&adminsport=" + ownadminsport + + eecaStr + + "&httpport=" + ownport); // Fetch the "updated" security domain and display it - CMS.debug( "Dump contents of updated Security Domain . . ." ); - String c = getDomainXML( sd_host, sd_admin_port_int, true ); + CMS.debug("Dump contents of updated Security Domain . . ."); + String c = getDomainXML(sd_host, sd_admin_port_int, true); } catch (Exception e) { context.put("errorString", "Failed to update the security domain on the domain master."); - //return; + // return; } } @@ -439,7 +439,6 @@ public class DonePanel extends WizardPanelBase { CMS.debug("DonePanel: exception in adding service.securityDomainPort to CS.cfg" + e); } - // need to push connector information to the CA if (type.equals("KRA") && !ca_host.equals("")) { try { @@ -469,7 +468,7 @@ public class DonePanel extends WizardPanelBase { setupClientAuthUser(); } - + if (!select.equals("clone")) { if (type.equals("CA") || type.equals("KRA")) { String beginRequestNumStr = ""; @@ -478,7 +477,7 @@ public class DonePanel extends WizardPanelBase { String endSerialNumStr = ""; String requestIncStr = ""; String serialIncStr = ""; - + try { endRequestNumStr = cs.getString("dbs.endRequestNumber", ""); endSerialNumStr = cs.getString("dbs.endSerialNumber", ""); @@ -495,25 +494,26 @@ public class DonePanel extends WizardPanelBase { serialdn = "ou=certificateRepository,ou=" + type.toLowerCase() + "," + basedn; } else { serialdn = "ou=keyRepository,ou=" + type.toLowerCase() + "," + basedn; - } - LDAPAttribute attrSerialNextRange = new LDAPAttribute( "nextRange", endSerialNum.add(oneNum).toString()); - LDAPModification serialmod = new LDAPModification( LDAPModification.REPLACE, attrSerialNextRange ); - conn.modify( serialdn, serialmod ); + } + LDAPAttribute attrSerialNextRange = new LDAPAttribute("nextRange", endSerialNum.add(oneNum).toString()); + LDAPModification serialmod = new LDAPModification(LDAPModification.REPLACE, attrSerialNextRange); + conn.modify(serialdn, serialmod); String requestdn = "ou=" + type.toLowerCase() + ",ou=requests," + basedn; - LDAPAttribute attrRequestNextRange = new LDAPAttribute( "nextRange", endRequestNum.add(oneNum).toString()); - LDAPModification requestmod = new LDAPModification( LDAPModification.REPLACE, attrRequestNextRange ); - conn.modify( requestdn, requestmod ); + LDAPAttribute attrRequestNextRange = new LDAPAttribute("nextRange", endRequestNum.add(oneNum).toString()); + LDAPModification requestmod = new LDAPModification(LDAPModification.REPLACE, attrRequestNextRange); + conn.modify(requestdn, requestmod); - conn.disconnect(); + conn.disconnect(); } catch (Exception e) { CMS.debug("Unable to update global next range numbers: " + e); - } + } } - } + } if (cloneMaster) { - // cloning a domain master CA, the clone is also master of its domain + // cloning a domain master CA, the clone is also master of its + // domain try { cs.putString("securitydomain.host", ownhost); cs.putString("securitydomain.httpport", ownport); @@ -550,24 +550,30 @@ public class DonePanel extends WizardPanelBase { // more cloning variables needed for non-ca clones - if (! type.equals("CA")) { + if (!type.equals("CA")) { String val = cs.getString("preop.ca.hostname", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.hostname", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.hostname", val); val = cs.getString("preop.ca.httpport", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.httpport", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.httpport", val); - val = cs.getString("preop.ca.httpsport", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.httpsport", val); + val = cs.getString("preop.ca.httpsport", ""); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.httpsport", val); val = cs.getString("preop.ca.list", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.list", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.list", val); val = cs.getString("preop.ca.pkcs7", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.pkcs7", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.pkcs7", val); val = cs.getString("preop.ca.type", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.type", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.type", val); } // save EC type for sslserver cert (if present) @@ -581,9 +587,9 @@ public class DonePanel extends WizardPanelBase { // been restarted! String restart_server = instanceRoot + "/conf/" + RESTART_SERVER_AFTER_CONFIGURATION; - if( !Utils.isNT() ) { - Utils.exec( "touch " + restart_server ); - Utils.exec( "chmod 00660 " + restart_server ); + if (!Utils.isNT()) { + Utils.exec("touch " + restart_server); + Utils.exec("chmod 00660 " + restart_server); } } catch (Exception e) { @@ -593,13 +599,12 @@ public class DonePanel extends WizardPanelBase { context.put("csstate", "1"); } - private void setupClientAuthUser() - { + private void setupClientAuthUser() { IConfigStore cs = CMS.getConfigStore(); // retrieve CA subsystem certificate from the CA IUGSubsystem system = - (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); + (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); String id = ""; try { String b64 = getCASubsystemCert(); @@ -640,9 +645,8 @@ public class DonePanel extends WizardPanelBase { } } - - private void updateOCSPConfig(HttpServletResponse response) - throws IOException { + private void updateOCSPConfig(HttpServletResponse response) + throws IOException { IConfigStore config = CMS.getConfigStore(); String cahost = ""; int caport = -1; @@ -661,7 +665,7 @@ public class DonePanel extends WizardPanelBase { int ocspport = Integer.parseInt(CMS.getAgentPort()); int ocspagentport = Integer.parseInt(CMS.getAgentPort()); String session_id = CMS.getConfigSDSessionId(); - String content = "xmlOutput=true&sessionID="+session_id+"&ocsp_host="+ocsphost+"&ocsp_port="+ocspport; + String content = "xmlOutput=true&sessionID=" + session_id + "&ocsp_host=" + ocsphost + "&ocsp_port=" + ocspport; updateOCSPConfig(cahost, caport, true, content, response); } @@ -675,7 +679,7 @@ public class DonePanel extends WizardPanelBase { if (b64.equals("")) throw new IOException("Failed to get certificate chain."); - + try { // this could be a chain X509Certificate[] certs = Cert.mapCertFromPKCS7(b64); @@ -686,9 +690,9 @@ public class DonePanel extends WizardPanelBase { } else { leafCert = certs[0]; } - - IOCSPAuthority ocsp = - (IOCSPAuthority)CMS.getSubsystem(IOCSPAuthority.ID); + + IOCSPAuthority ocsp = + (IOCSPAuthority) CMS.getSubsystem(IOCSPAuthority.ID); IDefStore defStore = ocsp.getDefaultStore(); // (1) need to normalize (sort) the chain @@ -696,9 +700,9 @@ public class DonePanel extends WizardPanelBase { // (2) store certificate (and certificate chain) into // database ICRLIssuingPointRecord rec = defStore.createCRLIssuingPointRecord( - leafCert.getSubjectDN().getName(), - BIG_ZERO, - MINUS_ONE, null, null); + leafCert.getSubjectDN().getName(), + BIG_ZERO, + MINUS_ONE, null, null); try { rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, leafCert.getEncoded()); @@ -706,7 +710,9 @@ public class DonePanel extends WizardPanelBase { // error } defStore.addCRLIssuingPoint(leafCert.getSubjectDN().getName(), rec); - //log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CA certificate " + leafCert.getSubjectDN().getName()); + // log(ILogger.EV_AUDIT, AuditFormat.LEVEL, + // "Added CA certificate " + + // leafCert.getSubjectDN().getName()); CMS.debug("DonePanel importCACertToOCSP: Added CA certificate."); } @@ -748,7 +754,7 @@ public class DonePanel extends WizardPanelBase { } private void updateConnectorInfo(String ownagenthost, String ownagentsport) - throws IOException { + throws IOException { IConfigStore cs = CMS.getConfigStore(); int port = -1; String url = ""; @@ -757,21 +763,21 @@ public class DonePanel extends WizardPanelBase { try { url = cs.getString("preop.ca.url", ""); if (!url.equals("")) { - host = cs.getString("preop.ca.hostname", ""); - port = cs.getInteger("preop.ca.httpsadminport", -1); - transportCert = cs.getString("kra.transport.cert", ""); + host = cs.getString("preop.ca.hostname", ""); + port = cs.getInteger("preop.ca.httpsadminport", -1); + transportCert = cs.getString("kra.transport.cert", ""); } } catch (Exception e) { } if (host == null) { - CMS.debug("DonePanel: preop.ca.url is not defined. External CA selected. No transport certificate setup is required"); + CMS.debug("DonePanel: preop.ca.url is not defined. External CA selected. No transport certificate setup is required"); } else { - CMS.debug("DonePanel: Transport certificate is being setup in " + url); - String session_id = CMS.getConfigSDSessionId(); - String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host="+ownagenthost+"&ca.connector.KRA.port="+ownagentsport+"&ca.connector.KRA.transportCert="+URLEncoder.encode(transportCert)+"&sessionID="+session_id; + CMS.debug("DonePanel: Transport certificate is being setup in " + url); + String session_id = CMS.getConfigSDSessionId(); + String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host=" + ownagenthost + "&ca.connector.KRA.port=" + ownagentsport + "&ca.connector.KRA.transportCert=" + URLEncoder.encode(transportCert) + "&sessionID=" + session_id; - updateConnectorInfo(host, port, true, content); + updateConnectorInfo(host, port, true, content); } } @@ -802,12 +808,14 @@ public class DonePanel extends WizardPanelBase { */ public void update(HttpServletRequest request, HttpServletResponse response, - Context context) throws IOException {} + Context context) throws IOException { + } /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, HttpServletResponse response, - Context context) {/* This should never be called */} + Context context) {/* This should never be called */ + } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java index 9d7fc22a..25332d86 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java @@ -50,6 +50,7 @@ public class DownloadPKCS12 extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -59,7 +60,7 @@ public class DownloadPKCS12 extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("DownloadPKCS12: processing..."); @@ -70,7 +71,7 @@ public class DownloadPKCS12 extends CMSServlet { mRenderResult = false; // check the pin from the session - String pin = (String)httpReq.getSession().getAttribute("pin"); + String pin = (String) httpReq.getSession().getAttribute("pin"); if (pin == null) { CMS.debug("DownloadPKCS12 process: Failed to get the pin from the cookie."); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); @@ -101,18 +102,27 @@ public class DownloadPKCS12 extends CMSServlet { httpResp.getOutputStream().write(pkcs12); return; } catch (Exception e) { - CMS.debug("DownloadPKCS12 process: Exception="+e.toString()); + CMS.debug("DownloadPKCS12 process: Exception=" + e.toString()); } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java index 87cb7a7c..452ead98 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayOutputStream; import java.io.IOException; import java.util.Locale; @@ -40,7 +39,6 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.xml.XMLObject; - public class GetCertChain extends CMSServlet { /** @@ -56,6 +54,7 @@ public class GetCertChain extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -63,11 +62,13 @@ public class GetCertChain extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -95,7 +96,7 @@ public class GetCertChain extends CMSServlet { } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", - e.toString())); + e.toString())); outputError(httpResp, "Error: Failed to encode the certificate chain"); } @@ -121,7 +122,15 @@ public class GetCertChain extends CMSServlet { } } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java index c1010b46..456bf6c1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java @@ -59,6 +59,7 @@ public class GetConfigEntries extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -67,11 +68,13 @@ public class GetConfigEntries extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -84,12 +87,12 @@ public class GetConfigEntries extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { CMS.debug("GetConfigEntries authentication failed"); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; - } + } // Construct an ArgBlock IArgBlock args = cmsReq.getHttpParams(); @@ -104,32 +107,32 @@ public class GetConfigEntries extends CMSServlet { try { xmlObj = new XMLObject(); } catch (Exception e) { - CMS.debug("GetConfigEntries process: Exception: "+e.toString()); - throw new EBaseException( e.toString() ); + CMS.debug("GetConfigEntries process: Exception: " + e.toString()); + throw new EBaseException(e.toString()); } Node root = xmlObj.createRoot("XMLResponse"); AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - outputError(httpResp, "Error: Not authorized"); - return; + outputError(httpResp, "Error: Not authorized"); + return; } catch (Exception e) { - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - outputError(httpResp, + outputError(httpResp, "Error: Encountered problem during authorization."); - return; + return; } if (authzToken == null) { - outputError(httpResp, "Error: Not authorized"); - return; + outputError(httpResp, "Error: Not authorized"); + return; } if (op != null) { @@ -140,9 +143,9 @@ public class GetConfigEntries extends CMSServlet { String name1 = t.nextToken(); IConfigStore cs = config.getSubStore(name1); Enumeration enum1 = cs.getPropertyNames(); - + while (enum1.hasMoreElements()) { - String name = name1+"."+enum1.nextElement(); + String name = name1 + "." + enum1.nextElement(); try { String value = config.getString(name); Node container = xmlObj.createContainer(root, "Config"); @@ -171,10 +174,10 @@ public class GetConfigEntries extends CMSServlet { value = getLDAPPassword(); } else if (name.equals("internaldb.replication.password")) { value = getReplicationPassword(); - } else + } else continue; } - + Node container = xmlObj.createContainer(root, "Config"); xmlObj.addItemToContainer(container, "name", name); xmlObj.addItemToContainer(container, "value", value); @@ -208,7 +211,15 @@ public class GetConfigEntries extends CMSServlet { return locale; } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } private String getLDAPPassword() { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java index 74edda79..daa60911 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java @@ -45,7 +45,6 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - public class GetCookie extends CMSServlet { /** @@ -58,9 +57,9 @@ public class GetCookie extends CMSServlet { private String mFormPath = null; private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = - "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = - "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; + "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; public GetCookie() { super(); @@ -68,6 +67,7 @@ public class GetCookie extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -78,12 +78,13 @@ public class GetCookie extends CMSServlet { mRandom = new Random(); mErrorFormPath = sc.getInitParameter("errorTemplatePath"); if (mOutputTemplatePath != null) { - mFormPath = mOutputTemplatePath; + mFormPath = mOutputTemplatePath; } } /** - * Process the HTTP request. + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -100,14 +101,14 @@ public class GetCookie extends CMSServlet { } IArgBlock header = CMS.createArgBlock(); - IArgBlock ctx = CMS.createArgBlock(); + IArgBlock ctx = CMS.createArgBlock(); CMSTemplateParams argSet = new CMSTemplateParams(header, ctx); CMSTemplate form = null; Locale[] locale = new Locale[1]; String url = httpReq.getParameter("url"); - CMS.debug("GetCookie before auth, url ="+url); + CMS.debug("GetCookie before auth, url =" + url); String url_e = ""; URL u = null; try { @@ -115,13 +116,13 @@ public class GetCookie extends CMSServlet { u = new URL(url_e); } catch (Exception eee) { throw new ECMSGWException( - "GetCookie missing parameter: url"); + "GetCookie missing parameter: url"); } int index2 = url_e.indexOf("subsystem="); String subsystem = ""; if (index2 > 0) { - subsystem = url.substring(index2+10); + subsystem = url.substring(index2 + 10); int index1 = subsystem.indexOf("&"); if (index1 > 0) subsystem = subsystem.substring(0, index1); @@ -131,9 +132,9 @@ public class GetCookie extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { CMS.debug("GetCookie authentication failed"); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); header.addStringValue("sd_uid", ""); header.addStringValue("sd_pwd", ""); header.addStringValue("host", u.getHost()); @@ -149,17 +150,17 @@ public class GetCookie extends CMSServlet { form = getTemplate(mErrorFormPath, httpReq, locale); } catch (IOException eee) { CMS.debug("GetCookie process: cant locate the form"); -/* - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); -*/ - } + /* + * log(ILogger.LL_FAILURE, + * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + * throw new ECMSGWException( + * CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + */ + } - if( form == null ) { + if (form == null) { CMS.debug("GetCookie::process() - form is null!"); - throw new EBaseException( "form is null" ); + throw new EBaseException("form is null"); } try { @@ -170,16 +171,16 @@ public class GetCookie extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException ee) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", ee.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", ee.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } return; - } + } String cookie = ""; String auditMessage = ""; - + if (authToken != null) { String uid = authToken.getInString("uid"); String groupname = getGroupName(uid, subsystem); @@ -195,7 +196,7 @@ public class GetCookie extends CMSServlet { // assign cookie long num = mRandom.nextLong(); - cookie = num+""; + cookie = num + ""; ISecurityDomainSessionTable ctable = CMS.getSecurityDomainSessionTable(); String addr = ""; try { @@ -207,11 +208,11 @@ public class GetCookie extends CMSServlet { ip = InetAddress.getByName(addr).toString(); int index = ip.indexOf("/"); if (index > 0) - ip = ip.substring(index+1); + ip = ip.substring(index + 1); } catch (Exception e) { } - String auditParams = "operation;;issue_token+token;;"+ cookie + "+ip;;" + ip + + String auditParams = "operation;;issue_token+token;;" + cookie + "+ip;;" + ip + "+uid;;" + uid + "+groupname;;" + groupname; int status = ctable.addEntry(cookie, ip, uid, groupname); @@ -232,18 +233,19 @@ public class GetCookie extends CMSServlet { } try { - String sd_url = "https://"+CMS.getEESSLHost()+":"+CMS.getEESSLPort(); + String sd_url = "https://" + CMS.getEESSLHost() + ":" + CMS.getEESSLPort(); if (!url.startsWith("$")) { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { CMS.debug("GetCookie process: cant locate the form"); -/* - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); -*/ + /* + * log(ILogger.LL_FAILURE, + * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", + * e.toString())); throw new ECMSGWException( + * CMS.getUserMessage + * ("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + */ } header.addStringValue("url", url); @@ -254,13 +256,13 @@ public class GetCookie extends CMSServlet { ServletOutputStream out = httpResp.getOutputStream(); cmsReq.setStatus(CMSRequest.SUCCESS); - httpResp.setContentType("text/html"); - form.renderOutput(out, argSet); + httpResp.setContentType("text/html"); + form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } catch (Exception e) { @@ -278,25 +280,25 @@ public class GetCookie extends CMSServlet { private String getGroupName(String uid, String subsystemname) { String groupname = ""; - IUGSubsystem subsystem = - (IUGSubsystem)(CMS.getSubsystem(IUGSubsystem.ID)); - if (subsystem.isMemberOf(uid, "Enterprise CA Administrators") && - subsystemname.equals("CA")) { + IUGSubsystem subsystem = + (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); + if (subsystem.isMemberOf(uid, "Enterprise CA Administrators") && + subsystemname.equals("CA")) { return "Enterprise CA Administrators"; } else if (subsystem.isMemberOf(uid, "Enterprise KRA Administrators") && - subsystemname.equals("KRA")) { + subsystemname.equals("KRA")) { return "Enterprise KRA Administrators"; } else if (subsystem.isMemberOf(uid, "Enterprise OCSP Administrators") && - subsystemname.equals("OCSP")) { + subsystemname.equals("OCSP")) { return "Enterprise OCSP Administrators"; } else if (subsystem.isMemberOf(uid, "Enterprise TKS Administrators") && - subsystemname.equals("TKS")) { + subsystemname.equals("TKS")) { return "Enterprise TKS Administrators"; } else if (subsystem.isMemberOf(uid, "Enterprise RA Administrators") && - subsystemname.equals("RA")) { + subsystemname.equals("RA")) { return "Enterprise RA Administrators"; } else if (subsystem.isMemberOf(uid, "Enterprise TPS Administrators") && - subsystemname.equals("TPS")) { + subsystemname.equals("TPS")) { return "Enterprise TPS Administrators"; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java index f9e6c70e..d983e4a1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.FileInputStream; import java.io.IOException; import java.util.Enumeration; @@ -48,7 +47,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class GetDomainXML extends CMSServlet { /** @@ -64,6 +62,7 @@ public class GetDomainXML extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -73,11 +72,13 @@ public class GetDomainXML extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -95,8 +96,7 @@ public class GetDomainXML extends CMSServlet { try { secstore = cs.getString("securitydomain.store"); basedn = cs.getString("internaldb.basedn"); - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Unable to determine the security domain name or internal basedn. Please run the domaininfo migration script"); } @@ -120,16 +120,16 @@ public class GetDomainXML extends CMSServlet { connFactory.init(ldapConfig); conn = connFactory.getConn(); - // get the security domain name + // get the security domain name String secdomain = (String) conn.read(dn).getAttribute("name").getStringValues().nextElement(); XMLObject xmlObj = new XMLObject(); Node domainInfo = xmlObj.createRoot("DomainInfo"); xmlObj.addItemToContainer(domainInfo, "Name", secdomain); - // this should return CAList, KRAList etc. + // this should return CAList, KRAList etc. LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, - attrs, true, cons); + attrs, true, cons); while (res.hasMoreElements()) { int count = 0; @@ -137,10 +137,10 @@ public class GetDomainXML extends CMSServlet { String listName = dn.substring(3, dn.indexOf(",")); String subType = listName.substring(0, listName.indexOf("List")); Node listNode = xmlObj.createContainer(domainInfo, listName); - + filter = "objectclass=pkiSubsystem"; - LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, - attrs, false, cons); + LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, + attrs, false, cons); while (res2.hasMoreElements()) { Node node = xmlObj.createContainer(listNode, subType); LDAPEntry entry = res2.next(); @@ -149,32 +149,29 @@ public class GetDomainXML extends CMSServlet { while (attrsInSet.hasMoreElements()) { LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet.nextElement(); String attrName = nextAttr.getName(); - if ((! attrName.equals("cn")) && (! attrName.equals("objectClass"))) { + if ((!attrName.equals("cn")) && (!attrName.equals("objectClass"))) { String attrValue = (String) nextAttr.getStringValues().nextElement(); xmlObj.addItemToContainer(node, securityDomainLDAPtoXML(attrName), attrValue); } } - count ++; - } + count++; + } xmlObj.addItemToContainer(listNode, "SubsystemCount", Integer.toString(count)); } // Add new xml object as string to response. response.addItemToContainer(root, "DomainInfo", xmlObj.toXMLString()); - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("GetDomainXML: Failed to read domain.xml from ldap " + e.toString()); status = FAILED; - } - finally { - if ((conn != null) && (connFactory!= null)) { + } finally { + if ((conn != null) && (connFactory != null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } } - } - else { - // get data from file store + } else { + // get data from file store String path = CMS.getConfigStore().getString("instanceRoot", "") + "/conf/domain.xml"; @@ -194,10 +191,9 @@ public class GetDomainXML extends CMSServlet { CMS.debug("GetDomainXML: Done Reading domain.xml..."); response.addItemToContainer(root, "DomainInfo", new String(buf)); - } - catch (Exception e) { - CMS.debug("Failed to read domain.xml from file" + e.toString()); - status = FAILED; + } catch (Exception e) { + CMS.debug("Failed to read domain.xml from file" + e.toString()); + status = FAILED; } } @@ -211,18 +207,29 @@ public class GetDomainXML extends CMSServlet { } protected String securityDomainLDAPtoXML(String attribute) { - if (attribute.equals("host")) return "Host"; - else return attribute; + if (attribute.equals("host")) + return "Host"; + else + return attribute; } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java index 02fe36c1..623acf9a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; @@ -36,7 +35,6 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.xml.XMLObject; - public class GetStatus extends CMSServlet { /** @@ -52,6 +50,7 @@ public class GetStatus extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -59,18 +58,19 @@ public class GetStatus extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); - IConfigStore config = CMS.getConfigStore(); + IConfigStore config = CMS.getConfigStore(); String outputString = null; - String state = config.getString("cs.state", ""); - String type = config.getString("cs.type", ""); + String state = config.getString("cs.state", ""); + String type = config.getString("cs.type", ""); try { XMLObject xmlObj = null; @@ -89,7 +89,15 @@ public class GetStatus extends CMSServlet { } } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java index c1bf138e..59e135a1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; @@ -39,7 +38,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.xml.XMLObject; - public class GetSubsystemCert extends CMSServlet { /** @@ -55,6 +53,7 @@ public class GetSubsystemCert extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -62,7 +61,7 @@ public class GetSubsystemCert extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); @@ -76,16 +75,16 @@ public class GetSubsystemCert extends CMSServlet { nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) - nickname = tokenname+":"+nickname; + nickname = tokenname + ":" + nickname; } catch (Exception e) { } - CMS.debug("GetSubsystemCert process: nickname="+nickname); + CMS.debug("GetSubsystemCert process: nickname=" + nickname); String s = ""; try { CryptoManager cm = CryptoManager.getInstance(); X509Certificate cert = cm.findCertByNickname(nickname); - + if (cert == null) { CMS.debug("GetSubsystemCert process: subsystem cert is null"); outputError(httpResp, "Error: Failed to get subsystem certificate."); @@ -95,7 +94,7 @@ public class GetSubsystemCert extends CMSServlet { byte[] bytes = cert.getEncoded(); s = CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bytes)); } catch (Exception e) { - CMS.debug("GetSubsystemCert process: exception: "+e.toString()); + CMS.debug("GetSubsystemCert process: exception: " + e.toString()); } try { @@ -111,7 +110,15 @@ public class GetSubsystemCert extends CMSServlet { } } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java index d7af0740..f4d68392 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java @@ -52,6 +52,7 @@ public class GetTokenInfo extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -60,11 +61,13 @@ public class GetTokenInfo extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -78,8 +81,8 @@ public class GetTokenInfo extends CMSServlet { try { xmlObj = new XMLObject(); } catch (Exception e) { - CMS.debug("GetTokenInfo process: Exception: "+e.toString()); - throw new EBaseException( e.toString() ); + CMS.debug("GetTokenInfo process: Exception: " + e.toString()); + throw new EBaseException(e.toString()); } Node root = xmlObj.createRoot("XMLResponse"); @@ -97,7 +100,7 @@ public class GetTokenInfo extends CMSServlet { String name = t1.nextToken(); if (name.equals("sslserver")) continue; - name = "cloning."+name+".nickname"; + name = "cloning." + name + ".nickname"; String value = ""; try { @@ -105,7 +108,7 @@ public class GetTokenInfo extends CMSServlet { } catch (Exception ee) { continue; } - + Node container = xmlObj.createContainer(root, "Config"); xmlObj.addItemToContainer(container, "name", name); xmlObj.addItemToContainer(container, "value", value); @@ -149,6 +152,14 @@ public class GetTokenInfo extends CMSServlet { return locale; } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java index bc29b34a..2722b0f7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.security.cert.CertificateEncodingException; import java.util.Locale; @@ -63,6 +62,7 @@ public class GetTransportCert extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -72,7 +72,7 @@ public class GetTransportCert extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateUpdater: processing..."); @@ -86,9 +86,9 @@ public class GetTransportCert extends CMSServlet { CMS.debug("GetTransportCert authentication successful."); } catch (Exception e) { CMS.debug("GetTransportCert: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -101,19 +101,19 @@ public class GetTransportCert extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); CMS.debug("GetTransportCert authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -126,17 +126,17 @@ public class GetTransportCert extends CMSServlet { IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) mAuthority; - ITransportKeyUnit tu = kra.getTransportKeyUnit(); - org.mozilla.jss.crypto.X509Certificate transportCert = + ITransportKeyUnit tu = kra.getTransportKeyUnit(); + org.mozilla.jss.crypto.X509Certificate transportCert = tu.getCertificate(); - String mime64 = ""; + String mime64 = ""; try { mime64 = CMS.BtoA(transportCert.getEncoded()); mime64 = com.netscape.cmsutil.util.Cert.normalizeCertStrAndReq(mime64); - } catch (CertificateEncodingException eee) { + } catch (CertificateEncodingException eee) { CMS.debug("GetTransportCert: Failed to encode certificate"); - } + } // send success status back to the requestor try { @@ -154,14 +154,23 @@ public class GetTransportCert extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java index a00b0fb7..b42bdb7d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -36,19 +35,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class HierarchyPanel extends WizardPanelBase { - public HierarchyPanel() {} + public HierarchyPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("PKI Hierarchy"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("PKI Hierarchy"); setId(id); @@ -56,7 +56,7 @@ public class HierarchyPanel extends WizardPanelBase { public boolean shouldSkip() { - // we dont need to ask the hierachy if we are + // we dont need to ask the hierachy if we are // setting up a clone try { IConfigStore c = CMS.getConfigStore(); @@ -64,8 +64,8 @@ public class HierarchyPanel extends WizardPanelBase { null); if (s != null && s.equals("clone")) { // mark this panel as done - c.putString("preop.hierarchy.select","root"); - c.putString("hierarchy.select","Clone"); + c.putString("preop.hierarchy.select", "root"); + c.putString("hierarchy.select", "Clone"); return true; } } catch (EBaseException e) { @@ -89,15 +89,16 @@ public class HierarchyPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -117,7 +118,7 @@ public class HierarchyPanel extends WizardPanelBase { if (s.equals("root")) { context.put("check_root", "checked"); } else if (s.equals("join")) { - context.put("check_join", "checked"); + context.put("check_join", "checked"); } } catch (Exception e) { CMS.debug(e.toString()); @@ -163,16 +164,17 @@ public class HierarchyPanel extends WizardPanelBase { } if (select.equals("root")) { - config.putString("preop.hierarchy.select", "root"); - config.putString("hierarchy.select", "Root"); + config.putString("preop.hierarchy.select", "root"); + config.putString("hierarchy.select", "Root"); config.putString("preop.ca.type", "sdca"); try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } else if (select.equals("join")) { config.putString(PCERT_PREFIX + "signing.type", "remote"); config.putString("preop.hierarchy.select", "join"); - config.putString("hierarchy.select", "Subordinate"); + config.putString("hierarchy.select", "Subordinate"); } else { config.putString(PCERT_PREFIX + "signing.type", "remote"); CMS.debug("HierarchyPanel: invalid choice " + select); @@ -187,5 +189,6 @@ public class HierarchyPanel extends WizardPanelBase { */ public void displayError(HttpServletRequest request, HttpServletResponse response, - Context context) {} + Context context) { + } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java index d4f93a9b..991bb49b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.BufferedReader; import java.io.FileReader; import java.io.IOException; @@ -47,19 +46,20 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class ImportAdminCertPanel extends WizardPanelBase { - public ImportAdminCertPanel() {} + public ImportAdminCertPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Import Administrator's Certificate"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Import Administrator's Certificate"); setId(id); @@ -102,11 +102,12 @@ public class ImportAdminCertPanel extends WizardPanelBase { try { type = cs.getString("preop.ca.type", ""); subsystemtype = cs.getString("cs.type", ""); - } catch (Exception e) {} + } catch (Exception e) { + } try { String serialno = cs.getString("preop.admincert.serialno.0"); - + context.put("serialNumber", serialno); } catch (Exception e) { context.put("errorString", "Failed to get serial number."); @@ -129,21 +130,26 @@ public class ImportAdminCertPanel extends WizardPanelBase { if (ca == null) { if (type.equals("otherca")) { try { - // this is a non-CA system that has elected to have its certificates + // this is a non-CA system that has elected to have its + // certificates // signed by a CA outside of the security domain. - // in this case, we submitted the cert request for the admin cert to + // in this case, we submitted the cert request for the admin + // cert to // to security domain host. caHost = cs.getString("securitydomain.host", ""); caPort = cs.getString("securitydomain.httpsadminport", ""); - } catch (Exception e) {} + } catch (Exception e) { + } } else if (type.equals("sdca")) { try { // this is a non-CA system that submitted its certs to a CA - // within the security domain. In this case, we submitted the cert + // within the security domain. In this case, we submitted + // the cert // request for the admin cert to this CA caHost = cs.getString("preop.ca.hostname", ""); caPort = cs.getString("preop.ca.httpsadminport", ""); - } catch (Exception e) {} + } catch (Exception e) { + } } } else { // for CAs, we always generate our own admin certs @@ -151,7 +157,8 @@ public class ImportAdminCertPanel extends WizardPanelBase { try { caHost = cs.getString("service.machineName", ""); caPort = cs.getString("pkicreate.admin_secure_port", ""); - } catch (Exception e) {} + } catch (Exception e) { + } } String pkcs7 = ""; @@ -192,12 +199,13 @@ public class ImportAdminCertPanel extends WizardPanelBase { subsystemtype = cs.getString("cs.type", ""); security_domain_type = cs.getString("securitydomain.select", ""); selected_hierarchy = cs.getString("preop.hierarchy.select", ""); - } catch (Exception e) {} + } catch (Exception e) { + } ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( ICertificateAuthority.ID); - if (ca == null) { + if (ca == null) { context.put("ca", "false"); } else { context.put("ca", "true"); @@ -206,18 +214,18 @@ public class ImportAdminCertPanel extends WizardPanelBase { X509CertImpl certs[] = new X509CertImpl[1]; - // REMINDER: This panel is NOT used by "clones" - if( ca != null ) { + // REMINDER: This panel is NOT used by "clones" + if (ca != null) { String serialno = null; - if( selected_hierarchy.equals( "root" ) ) { - CMS.debug( "ImportAdminCertPanel update: " + if (selected_hierarchy.equals("root")) { + CMS.debug("ImportAdminCertPanel update: " + "Root CA subsystem - " - + "(new Security Domain)" ); + + "(new Security Domain)"); } else { - CMS.debug( "ImportAdminCertPanel update: " + CMS.debug("ImportAdminCertPanel update: " + "Subordinate CA subsystem - " - + "(new Security Domain)" ); + + "(new Security Domain)"); } try { @@ -234,35 +242,37 @@ public class ImportAdminCertPanel extends WizardPanelBase { try { certs[0] = repost.getX509Certificate( new BigInteger(serialno, 16)); - } catch (Exception ee) {} + } catch (Exception ee) { + } } else { String dir = null; - // REMINDER: This panel is NOT used by "clones" - if( subsystemtype.equals( "CA" ) ) { - if( selected_hierarchy.equals( "root" ) ) { - CMS.debug( "ImportAdminCertPanel update: " + // REMINDER: This panel is NOT used by "clones" + if (subsystemtype.equals("CA")) { + if (selected_hierarchy.equals("root")) { + CMS.debug("ImportAdminCertPanel update: " + "Root CA subsystem - " - + "(existing Security Domain)" ); + + "(existing Security Domain)"); } else { - CMS.debug( "ImportAdminCertPanel update: " + CMS.debug("ImportAdminCertPanel update: " + "Subordinate CA subsystem - " - + "(existing Security Domain)" ); + + "(existing Security Domain)"); } } else { - CMS.debug( "ImportAdminCertPanel update: " + CMS.debug("ImportAdminCertPanel update: " + subsystemtype - + " subsystem" ); + + " subsystem"); } try { - dir = cs.getString("preop.admincert.b64", ""); + dir = cs.getString("preop.admincert.b64", ""); CMS.debug("ImportAdminCertPanel update: dir=" + dir); - } catch (Exception ee) {} + } catch (Exception ee) { + } try { BufferedReader reader = new BufferedReader( - new FileReader(dir)); + new FileReader(dir)); String b64 = ""; StringBuffer sb = new StringBuffer(); @@ -289,7 +299,7 @@ public class ImportAdminCertPanel extends WizardPanelBase { user.setX509Certificates(certs); ug.addUserCert(user); } catch (LDAPException e) { - CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: "+e.toString()); + CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: " + e.toString()); if (e.getLDAPResultCode() != LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { context.put("updateStatus", "failure"); throw new IOException(e.toString()); @@ -312,7 +322,7 @@ public class ImportAdminCertPanel extends WizardPanelBase { public boolean shouldSkip() { try { IConfigStore c = CMS.getConfigStore(); - String s = c.getString("preop.subsystem.select",null); + String s = c.getString("preop.subsystem.select", null); if (s != null && s.equals("clone")) { return true; } @@ -322,7 +332,6 @@ public class ImportAdminCertPanel extends WizardPanelBase { return false; } - /** * If validiate() returns false, this method will be called. */ diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java index 0c2e7fa0..a26b2dc2 100755 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -36,19 +35,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class ImportCAChainPanel extends WizardPanelBase { - public ImportCAChainPanel() {} + public ImportCAChainPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Import CA's Certificate Chain"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Import CA's Certificate Chain"); setId(id); @@ -89,7 +89,7 @@ public class ImportCAChainPanel extends WizardPanelBase { context.put("https_port", cs.getString("pkicreate.ee_secure_port")); context.put("http_port", cs.getString("pkicreate.unsecure_port")); } catch (EBaseException e) { - CMS.debug("ImportCACertChain:display: Exception: " + e.toString()); + CMS.debug("ImportCACertChain:display: Exception: " + e.toString()); context.put("errorString", "Error loading values for Import CA Certificate Panel"); } @@ -119,7 +119,6 @@ public class ImportCAChainPanel extends WizardPanelBase { Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); - context.put("errorString", ""); context.put("title", "Import CA's Certificate Chain"); context.put("panel", "admin/console/config/importcachainpanel.vm"); @@ -141,6 +140,7 @@ public class ImportCAChainPanel extends WizardPanelBase { context.put("http_port", cs.getString("pkicreate.unsecure_port")); context.put("title", "Import CA's Certificate Chain"); context.put("panel", "admin/console/config/importcachainpanel.vm"); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java index 3f54ec1c..2cfc6cad 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; @@ -61,6 +60,7 @@ public class ImportTransportCert extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -70,7 +70,7 @@ public class ImportTransportCert extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateUpdater: processing..."); @@ -84,9 +84,9 @@ public class ImportTransportCert extends CMSServlet { CMS.debug("ImportTransportCert authentication successful."); } catch (Exception e) { CMS.debug("ImportTransportCert: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -99,19 +99,19 @@ public class ImportTransportCert extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); CMS.debug("ImportTransportCert authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -126,17 +126,17 @@ public class ImportTransportCert extends CMSServlet { String certsString = httpReq.getParameter("certificate"); try { - CryptoManager cm = CryptoManager.getInstance(); - CMS.debug("ImportTransportCert: Importing certificate"); - org.mozilla.jss.crypto.X509Certificate cert = - cm.importCACertPackage(CMS.AtoB(certsString)); - String nickName = cert.getNickname(); - CMS.debug("ImportTransportCert: nickname " + nickName); - cs.putString("tks.drm_transport_cert_nickname", nickName); - CMS.debug("ImportTransportCert: Commiting configuration"); - cs.commit(false); - - // send success status back to the requestor + CryptoManager cm = CryptoManager.getInstance(); + CMS.debug("ImportTransportCert: Importing certificate"); + org.mozilla.jss.crypto.X509Certificate cert = + cm.importCACertPackage(CMS.AtoB(certsString)); + String nickName = cert.getNickname(); + CMS.debug("ImportTransportCert: nickname " + nickName); + cs.putString("tks.drm_transport_cert_nickname", nickName); + CMS.debug("ImportTransportCert: Commiting configuration"); + cs.commit(false); + + // send success status back to the requestor CMS.debug("ImportTransportCert: Sending response"); XMLObject xmlObj = new XMLObject(); Node root = xmlObj.createRoot("XMLResponse"); @@ -150,14 +150,23 @@ public class ImportTransportCert extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java index a421302b..d661a318 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java @@ -36,11 +36,11 @@ import com.netscape.certsrv.base.ISecurityDomainSessionTable; import com.netscape.cmsutil.password.IPasswordStore; /** - * This object stores the values for IP, uid and group based on the cookie id in LDAP. - * Entries are stored under ou=Security Domain, ou=sessions, $basedn + * This object stores the values for IP, uid and group based on the cookie id in + * LDAP. Entries are stored under ou=Security Domain, ou=sessions, $basedn */ -public class LDAPSecurityDomainSessionTable - implements ISecurityDomainSessionTable { +public class LDAPSecurityDomainSessionTable + implements ISecurityDomainSessionTable { private long m_timeToLive; @@ -48,8 +48,8 @@ public class LDAPSecurityDomainSessionTable m_timeToLive = timeToLive; } - public int addEntry(String sessionId, String ip, - String uid, String group) { + public int addEntry(String sessionId, String ip, + String uid, String group) { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; boolean sessions_exists = true; @@ -77,14 +77,14 @@ public class LDAPSecurityDomainSessionTable attrs.add(new LDAPAttribute("ou", "sessions")); entry = new LDAPEntry(sessionsdn, attrs); conn.add(entry); - } catch (Exception e) { + } catch (Exception e) { if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)) { // continue } else { CMS.debug("SecurityDomainSessionTable: unable to create ou=sessions:" + e); sessions_exists = false; } - } + } // add new entry try { @@ -106,9 +106,9 @@ public class LDAPSecurityDomainSessionTable CMS.debug("SecurityDomainSessionTable: added session entry" + sessionId); status = SUCCESS; } - } catch(Exception e) { + } catch (Exception e) { CMS.debug("SecurityDomainSessionTable: unable to create session entry" + sessionId + ": " + e); - } + } try { conn.disconnect(); @@ -155,8 +155,9 @@ public class LDAPSecurityDomainSessionTable conn = getLDAPConn(); LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); - if (res.getCount() > 0) ret = true; - } catch(Exception e) { + if (res.getCount() > 0) + ret = true; + } catch (Exception e) { CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e); } @@ -168,7 +169,6 @@ public class LDAPSecurityDomainSessionTable return ret; } - public Enumeration<String> getSessionIds() { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; @@ -188,13 +188,13 @@ public class LDAPSecurityDomainSessionTable } } catch (LDAPException e) { switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - CMS.debug("SecurityDomainSessionTable: getSessionIds(): no sessions have been created"); - break; - default: - CMS.debug("SecurityDomainSessionTable: unable to query sessionIds due to ldap exception: " + e); + case LDAPException.NO_SUCH_OBJECT: + CMS.debug("SecurityDomainSessionTable: getSessionIds(): no sessions have been created"); + break; + default: + CMS.debug("SecurityDomainSessionTable: unable to query sessionIds due to ldap exception: " + e); } - } catch(Exception e) { + } catch (Exception e) { CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e); } @@ -211,18 +211,18 @@ public class LDAPSecurityDomainSessionTable IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; String ret = null; - try { + try { String basedn = cs.getString("internaldb.basedn"); String sessionsdn = "ou=sessions,ou=Security Domain," + basedn; String filter = "(cn=" + sessionId + ")"; String[] attrs = { attr }; conn = getLDAPConn(); LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); - if (res.getCount() > 0) { + if (res.getCount() > 0) { LDAPEntry entry = res.next(); ret = entry.getAttribute(attr).getStringValueArray()[0]; } - } catch(Exception e) { + } catch (Exception e) { CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e); } @@ -261,7 +261,7 @@ public class LDAPSecurityDomainSessionTable public int getSize() { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; - int ret =0; + int ret = 0; try { String basedn = cs.getString("internaldb.basedn"); @@ -272,7 +272,7 @@ public class LDAPSecurityDomainSessionTable conn = getLDAPConn(); LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); ret = res.getCount(); - } catch(Exception e) { + } catch (Exception e) { CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e); } @@ -286,8 +286,7 @@ public class LDAPSecurityDomainSessionTable } private LDAPConnection getLDAPConn() - throws IOException - { + throws IOException { IConfigStore cs = CMS.getConfigStore(); String host = ""; @@ -299,12 +298,12 @@ public class LDAPSecurityDomainSessionTable IPasswordStore pwdStore = CMS.getPasswordStore(); if (pwdStore != null) { - //CMS.debug("SecurityDomainSessionTable: getLDAPConn: password store available"); + // CMS.debug("SecurityDomainSessionTable: getLDAPConn: password store available"); pwd = pwdStore.getPassword("internaldb"); } - if ( pwd == null) { - throw new IOException("SecurityDomainSessionTable: Failed to obtain password from password store"); + if (pwd == null) { + throw new IOException("SecurityDomainSessionTable: Failed to obtain password from password store"); } try { @@ -329,14 +328,15 @@ public class LDAPSecurityDomainSessionTable LDAPConnection conn = null; if (security.equals("true")) { - //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap"); - conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + // CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); } else { - //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); - conn = new LDAPConnection(); + // CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); } - //CMS.debug("SecurityDomainSessionTable connecting to " + host + ":" + p); + // CMS.debug("SecurityDomainSessionTable connecting to " + host + ":" + + // p); try { conn.connect(host, p, binddn, pwd); } catch (LDAPException e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java index e7fdbe3f..713cb170 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -27,7 +26,6 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; - public class LoginServlet extends BaseServlet { /** @@ -52,7 +50,7 @@ public class LoginServlet extends BaseServlet { if (pin == null) { context.put("error", ""); } else { - String cspin = CMS.getConfigStore().getString("preop.pin"); + String cspin = CMS.getConfigStore().getString("preop.pin"); if (cspin != null && cspin.equals(pin)) { // create session @@ -62,7 +60,7 @@ public class LoginServlet extends BaseServlet { return null; } else { context.put("error", "Login Failed"); - } + } } template = Velocity.getTemplate("admin/console/config/login.vm"); } catch (Exception e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java index a91ca979..2c68ee02 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; @@ -43,7 +42,7 @@ public class MainPageServlet extends CMSServlet { * */ private static final long serialVersionUID = 2425301522251239666L; - private static final String PROP_AUTHORITY_ID="authorityId"; + private static final String PROP_AUTHORITY_ID = "authorityId"; private String mAuthorityId = null; private String mFormPath = null; @@ -75,12 +74,12 @@ public class MainPageServlet extends CMSServlet { form = getTemplate(mFormPath, request, locale); } catch (IOException e) { CMS.debug("MainPageServlet process: cant locate the form"); -/* - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); -*/ + /* + * log(ILogger.LL_FAILURE, + * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw + * new ECMSGWException( + * CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + */ } process(argSet, header, ctx, request, response); @@ -90,21 +89,21 @@ public class MainPageServlet extends CMSServlet { ServletOutputStream out = response.getOutputStream(); cmsReq.setStatus(CMSRequest.SUCCESS); - response.setContentType("text/html"); - form.renderOutput(out, argSet); + response.setContentType("text/html"); + form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private void process(CMSTemplateParams argSet, IArgBlock header, - IArgBlock ctx, HttpServletRequest req, HttpServletResponse resp) - throws EBaseException { + IArgBlock ctx, HttpServletRequest req, HttpServletResponse resp) + throws EBaseException { - int num = 0; + int num = 0; IArgBlock rarg = null; IConfigStore cs = CMS.getConfigStore(); int state = 0; @@ -125,8 +124,8 @@ public class MainPageServlet extends CMSServlet { rarg = CMS.createArgBlock(); rarg.addStringValue("type", "admin"); rarg.addStringValue("prefix", "http"); - rarg.addIntegerValue("port", - Integer.valueOf(CMS.getEENonSSLPort()).intValue()); + rarg.addIntegerValue("port", + Integer.valueOf(CMS.getEENonSSLPort()).intValue()); rarg.addStringValue("host", host); rarg.addStringValue("uri", adminInterface); argSet.addRepeatRecord(rarg); @@ -136,8 +135,8 @@ public class MainPageServlet extends CMSServlet { rarg = CMS.createArgBlock(); rarg.addStringValue("type", "ee"); rarg.addStringValue("prefix", "https"); - rarg.addIntegerValue("port", - Integer.valueOf(CMS.getEESSLPort()).intValue()); + rarg.addIntegerValue("port", + Integer.valueOf(CMS.getEESSLPort()).intValue()); rarg.addStringValue("host", host); rarg.addStringValue("uri", eeInterface); argSet.addRepeatRecord(rarg); @@ -147,8 +146,8 @@ public class MainPageServlet extends CMSServlet { rarg = CMS.createArgBlock(); rarg.addStringValue("type", "agent"); rarg.addStringValue("prefix", "https"); - rarg.addIntegerValue("port", - Integer.valueOf(CMS.getAgentPort()).intValue()); + rarg.addIntegerValue("port", + Integer.valueOf(CMS.getAgentPort()).intValue()); rarg.addStringValue("host", host); rarg.addStringValue("uri", agentInterface); argSet.addRepeatRecord(rarg); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java index 38185a33..e98df72a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -50,19 +49,21 @@ public class ModulePanel extends WizardPanelBase { private Vector mOtherModules = null; private Hashtable mCurrModTable = new Hashtable(); private WizardServlet mServlet = null; - public ModulePanel() {} + + public ModulePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Key Store"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Key Store"); setId(id); @@ -71,7 +72,7 @@ public class ModulePanel extends WizardPanelBase { public void cleanUp() throws IOException { IConfigStore cs = CMS.getConfigStore(); - cs.putBoolean("preop.ModulePanel.done",false); + cs.putBoolean("preop.ModulePanel.done", false); } public void loadCurrModTable() { @@ -142,14 +143,14 @@ public class ModulePanel extends WizardPanelBase { CMS.debug("ModulePanel: token logged in?" + token.isLoggedIn()); CMS.debug("ModulePanel: token is present?" + token.isPresent()); if (!token.getName().equals("Internal Crypto Services Token") && - !token.getName().equals("NSS Generic Crypto Services")) { + !token.getName().equals("NSS Generic Crypto Services")) { module.addToken(token); } else { CMS.debug( "ModulePanel: token " + token.getName() - + " not to be added"); + + " not to be added"); } - + } catch (TokenException ex) { CMS.debug("ModulePanel:" + ex.toString()); } @@ -181,11 +182,11 @@ public class ModulePanel extends WizardPanelBase { if ((cn == null) || (cn.equals(""))) { break; } - + CMS.debug("ModulePanel: got from config module: " + cn); // create a Module object Module module = new Module(cn, pn, img); - + if (mCurrModTable.containsKey(cn)) { CMS.debug("ModulePanel: module found: " + cn); module.setFound(true); @@ -194,7 +195,7 @@ public class ModulePanel extends WizardPanelBase { loadModTokens(module, m); } - + CMS.debug("ModulePanel: adding module " + cn); // add module to set if (!mSupportedModules.contains(module)) { @@ -211,16 +212,19 @@ public class ModulePanel extends WizardPanelBase { } public PropertySet getUsage() { - // it a token choice. Available tokens are discovered dynamically so + // it a token choice. Available tokens are discovered dynamically so // can't be a real CHOICE PropertySet set = new PropertySet(); - - Descriptor tokenDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + + Descriptor tokenDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ null, /* default parameter */ "module token selection"); set.add("choice", tokenDesc); - + return set; } @@ -235,7 +239,8 @@ public class ModulePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -272,8 +277,8 @@ public class ModulePanel extends WizardPanelBase { context.put("oms", mOtherModules); context.put("sms", mSupportedModules); // context.put("status_token", "None"); - String subpanelno = String.valueOf(getPanelNo()+1); - CMS.debug("ModulePanel subpanelno =" +subpanelno); + String subpanelno = String.valueOf(getPanelNo() + 1); + CMS.debug("ModulePanel subpanelno =" + subpanelno); context.put("subpanelno", subpanelno); context.put("panel", "admin/console/config/modulepanel.vm"); } @@ -292,7 +297,7 @@ public class ModulePanel extends WizardPanelBase { public void update(HttpServletRequest request, HttpServletResponse response, Context context) throws IOException { - boolean hasErr = false; + boolean hasErr = false; try { // get the value of the choice @@ -306,13 +311,13 @@ public class ModulePanel extends WizardPanelBase { IConfigStore config = CMS.getConfigStore(); String oldtokenname = config.getString("preop.module.token", ""); - if (!oldtokenname.equals(select)) + if (!oldtokenname.equals(select)) mServlet.cleanUpFromPanel(mServlet.getPanelNo(request)); - if (hasErr == false) { - config.putString("preop.module.token", select); - config.putBoolean("preop.ModulePanel.done", true); - } + if (hasErr == false) { + config.putString("preop.module.token", select); + config.putBoolean("preop.ModulePanel.done", true); + } config.commit(false); context.put("updateStatus", "success"); } catch (Exception e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java index a0a627ee..53a297e5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -27,7 +26,6 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; - public class ModuleServlet extends BaseServlet { /** @@ -36,14 +34,12 @@ public class ModuleServlet extends BaseServlet { private static final long serialVersionUID = 6518965840466227888L; /** - * Collect information on where keys are to be generated. - * Once collected, write to CS.cfg: - * "preop.module=soft" - * or - * "preop.module=hard" - * + * Collect information on where keys are to be generated. Once collected, + * write to CS.cfg: "preop.module=soft" or "preop.module=hard" + * * <ul> - * <li>http.param selection "soft" or "hard" for software token or hardware token + * <li>http.param selection "soft" or "hard" for software token or hardware + * token * </ul> */ public Template process(HttpServletRequest request, @@ -76,7 +72,7 @@ public class ModuleServlet extends BaseServlet { CMS.debug("ModuleServlet: illegal selection: " + selection); context.put("error", "failed selection"); } - + } else { CMS.debug("ModuleServlet: no selection"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java index ec3686e9..45239586 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.File; import java.io.FileOutputStream; import java.io.IOException; @@ -54,19 +53,20 @@ public class NamePanel extends WizardPanelBase { private Vector mCerts = null; private WizardServlet mServlet = null; - public NamePanel() {} + public NamePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Subject Names"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Subject Names"); setId(id); @@ -79,26 +79,38 @@ public class NamePanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - Descriptor caDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ + Descriptor caDN = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ "CA Signing Certificate's DN"); set.add("caDN", caDN); - Descriptor sslDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ + Descriptor sslDN = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ "SSL Server Certificate's DN"); set.add("sslDN", sslDN); - Descriptor subsystemDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ + Descriptor subsystemDN = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ "CA Subsystem Certificate's DN"); set.add("subsystemDN", subsystemDN); - Descriptor ocspDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ + Descriptor ocspDN = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ "OCSP Signing Certificate's DN"); set.add("ocspDN", ocspDN); @@ -124,7 +136,7 @@ public class NamePanel extends WizardPanelBase { StringTokenizer st = new StringTokenizer(list, ","); while (st.hasMoreTokens()) { String t = st.nextToken(); - cs.remove("preop.cert."+t+".done"); + cs.remove("preop.cert." + t + ".done"); } try { @@ -142,7 +154,8 @@ public class NamePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -164,7 +177,7 @@ public class NamePanel extends WizardPanelBase { CMS.debug("NamePanel: display()"); context.put("title", "Subject Names"); - // update session id + // update session id String session_id = request.getParameter("session_id"); if (session_id != null) { CMS.debug("NamePanel setting session id."); @@ -179,16 +192,16 @@ public class NamePanel extends WizardPanelBase { String hselect = ""; String cstype = ""; try { - //if CA, at the hierarchy panel, was it root or subord? + // if CA, at the hierarchy panel, was it root or subord? hselect = config.getString("preop.hierarchy.select", ""); select = config.getString("preop.subsystem.select", ""); cstype = config.getString("cs.type", ""); context.put("select", select); if (cstype.equals("CA") && hselect.equals("root")) { - CMS.debug("NamePanel ca is root"); + CMS.debug("NamePanel ca is root"); context.put("isRoot", "true"); } else { - CMS.debug("NamePanel not ca or not root"); + CMS.debug("NamePanel not ca or not root"); context.put("isRoot", "false"); } } catch (Exception e) { @@ -227,27 +240,27 @@ public class NamePanel extends WizardPanelBase { String type = config.getString(PCERT_PREFIX + certTag + ".type"); c.setType(type); - boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true); c.setEnable(enable); - String cert = config.getString(subsystem +"."+certTag +".cert", ""); - String certreq = - config.getString(subsystem + "." +certTag +".certreq", ""); + String cert = config.getString(subsystem + "." + certTag + ".cert", ""); + String certreq = + config.getString(subsystem + "." + certTag + ".certreq", ""); String dn = config.getString(PCERT_PREFIX + certTag + ".dn"); - boolean override = config.getBoolean(PCERT_PREFIX + certTag + - ".cncomponent.override", true); - //o_sd is to add o=secritydomainname + boolean override = config.getBoolean(PCERT_PREFIX + certTag + + ".cncomponent.override", true); + // o_sd is to add o=secritydomainname boolean o_sd = config.getBoolean(PCERT_PREFIX + certTag + - "o_securitydomain", true); - domainname = config.getString("securitydomain.name", ""); - CMS.debug("NamePanel: display() override is "+override); - CMS.debug("NamePanel: display() o_securitydomain is "+o_sd); - CMS.debug("NamePanel: display() domainname is "+domainname); + "o_securitydomain", true); + domainname = config.getString("securitydomain.name", ""); + CMS.debug("NamePanel: display() override is " + override); + CMS.debug("NamePanel: display() o_securitydomain is " + o_sd); + CMS.debug("NamePanel: display() domainname is " + domainname); boolean dnUpdated = false; try { - dnUpdated = config.getBoolean(PCERT_PREFIX+certTag+".updatedDN"); + dnUpdated = config.getBoolean(PCERT_PREFIX + certTag + ".updatedDN"); } catch (Exception e) { } @@ -259,16 +272,16 @@ public class NamePanel extends WizardPanelBase { if (select.equals("clone") || dnUpdated) { c.setDN(dn); } else if (count != 0 && override && (cert.equals("") || certreq.equals(""))) { - CMS.debug("NamePanel subsystemCount = "+count); - c.setDN(dn + " "+count+ - ((!instanceId.equals(""))? (",OU=" + instanceId):"") + - ((o_sd)? (",O=" + domainname):"")); - config.putBoolean(PCERT_PREFIX+certTag+".updatedDN", true); + CMS.debug("NamePanel subsystemCount = " + count); + c.setDN(dn + " " + count + + ((!instanceId.equals("")) ? (",OU=" + instanceId) : "") + + ((o_sd) ? (",O=" + domainname) : "")); + config.putBoolean(PCERT_PREFIX + certTag + ".updatedDN", true); } else { - c.setDN(dn + - ((!instanceId.equals(""))? (",OU=" + instanceId):"") + - ((o_sd)? (",O=" + domainname):"")); - config.putBoolean(PCERT_PREFIX+certTag+".updatedDN", true); + c.setDN(dn + + ((!instanceId.equals("")) ? (",OU=" + instanceId) : "") + + ((o_sd) ? (",O=" + domainname) : "")); + config.putBoolean(PCERT_PREFIX + certTag + ".updatedDN", true); } } @@ -302,7 +315,8 @@ public class NamePanel extends WizardPanelBase { try { config.putString("preop.ca.list", list.toString()); config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } context.put("urls", v); @@ -334,24 +348,24 @@ public class NamePanel extends WizardPanelBase { } // while } - /* + /* * update some parameters for clones */ public void updateCloneConfig(IConfigStore config) - throws EBaseException, IOException { + throws EBaseException, IOException { String cstype = config.getString("cs.type", null); cstype = toLowerCaseSubsystemType(cstype); if (cstype.equals("kra")) { String token = config.getString(PRE_CONF_CA_TOKEN); if (!token.equals("Internal Key Storage Token")) { - CMS.debug("NamePanel: updating configuration for KRA clone with hardware token"); + CMS.debug("NamePanel: updating configuration for KRA clone with hardware token"); String subsystem = config.getString(PCERT_PREFIX + "storage.subsystem"); String storageNickname = getNickname(config, "storage"); String transportNickname = getNickname(config, "transport"); config.putString(subsystem + ".storageUnit.hardware", token); - config.putString(subsystem + ".storageUnit.nickName", token+":"+storageNickname); - config.putString(subsystem + ".transportUnit.nickName", token+":"+transportNickname); + config.putString(subsystem + ".storageUnit.nickName", token + ":" + storageNickname); + config.putString(subsystem + ".transportUnit.nickName", token + ":" + transportNickname); config.commit(false); } else { // software token // parameters already set @@ -361,12 +375,12 @@ public class NamePanel extends WizardPanelBase { // audit signing cert String audit_nn = config.getString(cstype + ".audit_signing" + ".nickname", ""); String audit_tk = config.getString(cstype + ".audit_signing" + ".tokenname", ""); - if (!audit_tk.equals("Internal Key Storage Token") && !audit_tk.equals("")) { + if (!audit_tk.equals("Internal Key Storage Token") && !audit_tk.equals("")) { config.putString("log.instance.SignedAudit.signedAuditCertNickname", - audit_tk + ":" + audit_nn); + audit_tk + ":" + audit_nn); } else { config.putString("log.instance.SignedAudit.signedAuditCertNickname", - audit_nn); + audit_nn); } } @@ -374,7 +388,7 @@ public class NamePanel extends WizardPanelBase { * get some of the "preop" parameters to persisting parameters */ public void updateConfig(IConfigStore config, String certTag) - throws EBaseException, IOException { + throws EBaseException, IOException { String token = config.getString(PRE_CONF_CA_TOKEN); String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem"); CMS.debug("NamePanel: subsystem " + subsystem); @@ -389,34 +403,35 @@ public class NamePanel extends WizardPanelBase { config.putString(subsystem + "." + certTag + ".certnickname", nickname); } - // if KRA, hardware token needs param "kra.storageUnit.hardware" in CS.cfg + // if KRA, hardware token needs param "kra.storageUnit.hardware" in + // CS.cfg String cstype = config.getString("cs.type", null); cstype = toLowerCaseSubsystemType(cstype); if (cstype.equals("kra")) { - if (!token.equals("Internal Key Storage Token")) { - if (certTag.equals("storage")) { - config.putString(subsystem + ".storageUnit.hardware", token); - config.putString(subsystem + ".storageUnit.nickName", token+":"+nickname); - } else if (certTag.equals("transport")) { - config.putString(subsystem + ".transportUnit.nickName", token+":"+nickname); - } - } else { // software token - if (certTag.equals("storage")) { - config.putString(subsystem + ".storageUnit.nickName", nickname); - } else if (certTag.equals("transport")) { - config.putString(subsystem + ".transportUnit.nickName", nickname); - } - } + if (!token.equals("Internal Key Storage Token")) { + if (certTag.equals("storage")) { + config.putString(subsystem + ".storageUnit.hardware", token); + config.putString(subsystem + ".storageUnit.nickName", token + ":" + nickname); + } else if (certTag.equals("transport")) { + config.putString(subsystem + ".transportUnit.nickName", token + ":" + nickname); + } + } else { // software token + if (certTag.equals("storage")) { + config.putString(subsystem + ".storageUnit.nickName", nickname); + } else if (certTag.equals("transport")) { + config.putString(subsystem + ".transportUnit.nickName", nickname); + } + } } String serverCertNickname = nickname; String path = CMS.getConfigStore().getString("instanceRoot", ""); if (certTag.equals("sslserver")) { - if (!token.equals("Internal Key Storage Token")) { - serverCertNickname = token+":"+nickname; + if (!token.equals("Internal Key Storage Token")) { + serverCertNickname = token + ":" + nickname; } - File file = new File(path+"/conf/serverCertNick.conf"); - PrintStream ps = new PrintStream(new FileOutputStream(path+"/conf/serverCertNick.conf")); + File file = new File(path + "/conf/serverCertNick.conf"); + PrintStream ps = new PrintStream(new FileOutputStream(path + "/conf/serverCertNick.conf")); ps.println(serverCertNickname); ps.close(); } @@ -424,23 +439,23 @@ public class NamePanel extends WizardPanelBase { config.putString(subsystem + "." + certTag + ".nickname", nickname); config.putString(subsystem + "." + certTag + ".tokenname", token); if (certTag.equals("audit_signing")) { - if (!token.equals("Internal Key Storage Token") && !token.equals("")) { - config.putString("log.instance.SignedAudit.signedAuditCertNickname", - token + ":" + nickname); - } else { - config.putString("log.instance.SignedAudit.signedAuditCertNickname", - nickname); - } + if (!token.equals("Internal Key Storage Token") && !token.equals("")) { + config.putString("log.instance.SignedAudit.signedAuditCertNickname", + token + ":" + nickname); + } else { + config.putString("log.instance.SignedAudit.signedAuditCertNickname", + nickname); + } } /* - config.putString(CERT_PREFIX + certTag + ".defaultSigningAlgorithm", - "SHA1withRSA"); + * config.putString(CERT_PREFIX + certTag + ".defaultSigningAlgorithm", + * "SHA1withRSA"); */ // for system certs verification - if (!token.equals("Internal Key Storage Token") && !token.equals("")) { + if (!token.equals("Internal Key Storage Token") && !token.equals("")) { config.putString(subsystem + ".cert." + certTag + ".nickname", - token + ":" + nickname); + token + ":" + nickname); } else { config.putString(subsystem + ".cert." + certTag + ".nickname", nickname); } @@ -459,7 +474,7 @@ public class NamePanel extends WizardPanelBase { IConfigStore config = CMS.getConfigStore(); String caType = certObj.getType(); - CMS.debug("NamePanel: in configCert caType is "+ caType); + CMS.debug("NamePanel: in configCert caType is " + caType); X509CertImpl cert = null; String certTag = certObj.getCertTag(); @@ -469,13 +484,13 @@ public class NamePanel extends WizardPanelBase { String v = config.getString("preop.ca.type", ""); CMS.debug("NamePanel configCert: remote CA"); - String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX, - certObj, context); + String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX, + certObj, context); certObj.setRequest(pkcs10); String subsystem = config.getString( PCERT_PREFIX + certTag + ".subsystem"); config.putString(subsystem + "." + certTag + ".certreq", pkcs10); - String profileId = config.getString(PCERT_PREFIX+certTag+".profile"); + String profileId = config.getString(PCERT_PREFIX + certTag + ".profile"); String session_id = CMS.getConfigSDSessionId(); String sd_hostname = ""; int sd_ee_port = -1; @@ -483,15 +498,15 @@ public class NamePanel extends WizardPanelBase { sd_hostname = config.getString("securitydomain.host", ""); sd_ee_port = config.getInteger("securitydomain.httpseeport", -1); } catch (Exception ee) { - CMS.debug("NamePanel: configCert() exception caught:"+ee.toString()); + CMS.debug("NamePanel: configCert() exception caught:" + ee.toString()); } String sysType = config.getString("cs.type", ""); String machineName = config.getString("machineName", ""); String securePort = config.getString("service.securePort", ""); if (certTag.equals("subsystem")) { - String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId="+profileId+"&cert_request_type=pkcs10&cert_request="+URLEncoder.encode(pkcs10, "UTF-8")+"&xmlOutput=true&sessionID="+session_id; - cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port, - content, response, this); + String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8") + "&xmlOutput=true&sessionID=" + session_id; + cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port, + content, response, this); if (cert == null) { throw new IOException("Error: remote certificate is null"); } @@ -504,18 +519,18 @@ public class NamePanel extends WizardPanelBase { } catch (Exception ee) { } - String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId="+profileId+"&cert_request_type=pkcs10&cert_request="+URLEncoder.encode(pkcs10, "UTF-8")+"&xmlOutput=true&sessionID="+session_id; - cert = CertUtil.createRemoteCert(ca_hostname, ca_port, - content, response, this); + String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8") + "&xmlOutput=true&sessionID=" + session_id; + cert = CertUtil.createRemoteCert(ca_hostname, ca_port, + content, response, this); if (cert == null) { throw new IOException("Error: remote certificate is null"); } } else if (v.equals("otherca")) { config.putString(subsystem + "." + certTag + ".cert", "...paste certificate here..."); - } else { + } else { CMS.debug("NamePanel: no preop.ca.type is provided"); - } + } } else { // not remote CA, ie, self-signed or local ISubsystem ca = CMS.getSubsystem(ICertificateAuthority.ID); @@ -524,76 +539,76 @@ public class NamePanel extends WizardPanelBase { CMS.debug( "The value for " + s - + " should be remote, nothing else."); + + " should be remote, nothing else."); throw new IOException( "The value for " + s + " should be remote"); - } - + } + String pubKeyType = config.getString( PCERT_PREFIX + certTag + ".keytype"); if (pubKeyType.equals("rsa")) { - String pubKeyModulus = config.getString( - PCERT_PREFIX + certTag + ".pubkey.modulus"); - String pubKeyPublicExponent = config.getString( - PCERT_PREFIX + certTag + ".pubkey.exponent"); - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); + String pubKeyModulus = config.getString( + PCERT_PREFIX + certTag + ".pubkey.modulus"); + String pubKeyPublicExponent = config.getString( + PCERT_PREFIX + certTag + ".pubkey.exponent"); + String subsystem = config.getString( + PCERT_PREFIX + certTag + ".subsystem"); - if (certTag.equals("signing")) { - X509Key x509key = CryptoUtil.getPublicX509Key( - CryptoUtil.string2byte(pubKeyModulus), - CryptoUtil.string2byte(pubKeyPublicExponent)); - - cert = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, caType, context); - } else { - String cacert = config.getString("ca.signing.cert", ""); - - if (cacert.equals("") || cacert.startsWith("...")) { - certObj.setCert( - "...certificate be generated internally..."); - config.putString(subsystem + "." + certTag + ".cert", - "...certificate be generated internally..."); - } else { + if (certTag.equals("signing")) { X509Key x509key = CryptoUtil.getPublicX509Key( CryptoUtil.string2byte(pubKeyModulus), CryptoUtil.string2byte(pubKeyPublicExponent)); cert = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, caType, context); + } else { + String cacert = config.getString("ca.signing.cert", ""); + + if (cacert.equals("") || cacert.startsWith("...")) { + certObj.setCert( + "...certificate be generated internally..."); + config.putString(subsystem + "." + certTag + ".cert", + "...certificate be generated internally..."); + } else { + X509Key x509key = CryptoUtil.getPublicX509Key( + CryptoUtil.string2byte(pubKeyModulus), + CryptoUtil.string2byte(pubKeyPublicExponent)); + + cert = CertUtil.createLocalCert(config, x509key, + PCERT_PREFIX, certTag, caType, context); + } } - } } else if (pubKeyType.equals("ecc")) { - String pubKeyEncoded = config.getString( - PCERT_PREFIX + certTag + ".pubkey.encoded"); - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); - - if (certTag.equals("signing")) { + String pubKeyEncoded = config.getString( + PCERT_PREFIX + certTag + ".pubkey.encoded"); + String subsystem = config.getString( + PCERT_PREFIX + certTag + ".subsystem"); - X509Key x509key = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded)); - cert = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, caType, context); - } else { - String cacert = config.getString("ca.signing.cert", ""); - - if (cacert.equals("") || cacert.startsWith("...")) { - certObj.setCert( - "...certificate be generated internally..."); - config.putString(subsystem + "." + certTag + ".cert", - "...certificate be generated internally..."); - } else { - X509Key x509key = CryptoUtil.getPublicX509ECCKey( - CryptoUtil.string2byte(pubKeyEncoded)); + if (certTag.equals("signing")) { + X509Key x509key = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded)); cert = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, caType, context); + } else { + String cacert = config.getString("ca.signing.cert", ""); + + if (cacert.equals("") || cacert.startsWith("...")) { + certObj.setCert( + "...certificate be generated internally..."); + config.putString(subsystem + "." + certTag + ".cert", + "...certificate be generated internally..."); + } else { + X509Key x509key = CryptoUtil.getPublicX509ECCKey( + CryptoUtil.string2byte(pubKeyEncoded)); + + cert = CertUtil.createLocalCert(config, x509key, + PCERT_PREFIX, certTag, caType, context); + } } - } } else { - // invalid key type - CMS.debug("Invalid key type " + pubKeyType); + // invalid key type + CMS.debug("Invalid key type " + pubKeyType); } if (cert != null) { if (certTag.equals("subsystem")) @@ -605,7 +620,7 @@ public class NamePanel extends WizardPanelBase { byte[] certb = cert.getEncoded(); String certs = CryptoUtil.base64Encode(certb); - // certObj.setCert(certs); + // certObj.setCert(certs); String subsystem = config.getString( PCERT_PREFIX + certTag + ".subsystem"); config.putString(subsystem + "." + certTag + ".cert", certs); @@ -617,58 +632,57 @@ public class NamePanel extends WizardPanelBase { CMS.debug("NamePanel configCert() exception caught:" + e.toString()); } } - + public void configCertWithTag(HttpServletRequest request, HttpServletResponse response, - Context context, String tag) throws IOException - { - CMS.debug("NamePanel: configCertWithTag start"); - Enumeration c = mCerts.elements(); - IConfigStore config = CMS.getConfigStore(); - - while (c.hasMoreElements()) { - Cert cert = (Cert) c.nextElement(); - String ct = cert.getCertTag(); - CMS.debug("NamePanel: configCertWithTag ct=" + ct + - " tag=" +tag); - if (ct.equals(tag)) { - try { - String nickname = HttpInput.getNickname(request, ct + "_nick"); - if (nickname != null) { - CMS.debug("configCertWithTag: Setting nickname for " + ct + " to " + nickname); - config.putString(PCERT_PREFIX + ct + ".nickname", nickname); - cert.setNickname(nickname); - config.commit(false); - } - String dn = HttpInput.getDN(request, ct); - if (dn != null) { - config.putString(PCERT_PREFIX + ct + ".dn", dn); - config.commit(false); - } - } catch (Exception e) { - CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " + ct + ": " + e.toString()); - } + Context context, String tag) throws IOException { + CMS.debug("NamePanel: configCertWithTag start"); + Enumeration c = mCerts.elements(); + IConfigStore config = CMS.getConfigStore(); - configCert(request, response, context, cert); - CMS.debug("NamePanel: configCertWithTag done with tag=" + tag); - return; + while (c.hasMoreElements()) { + Cert cert = (Cert) c.nextElement(); + String ct = cert.getCertTag(); + CMS.debug("NamePanel: configCertWithTag ct=" + ct + + " tag=" + tag); + if (ct.equals(tag)) { + try { + String nickname = HttpInput.getNickname(request, ct + "_nick"); + if (nickname != null) { + CMS.debug("configCertWithTag: Setting nickname for " + ct + " to " + nickname); + config.putString(PCERT_PREFIX + ct + ".nickname", nickname); + cert.setNickname(nickname); + config.commit(false); + } + String dn = HttpInput.getDN(request, ct); + if (dn != null) { + config.putString(PCERT_PREFIX + ct + ".dn", dn); + config.commit(false); + } + } catch (Exception e) { + CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " + ct + ": " + e.toString()); } - } - CMS.debug("NamePanel: configCertWithTag done"); + + configCert(request, response, context, cert); + CMS.debug("NamePanel: configCertWithTag done with tag=" + tag); + return; + } + } + CMS.debug("NamePanel: configCertWithTag done"); } private boolean inputChanged(HttpServletRequest request) - throws IOException { - IConfigStore config = CMS.getConfigStore(); - + throws IOException { + IConfigStore config = CMS.getConfigStore(); + boolean hasChanged = false; try { Enumeration c = mCerts.elements(); while (c.hasMoreElements()) { Cert cert = (Cert) c.nextElement(); - String ct = cert.getCertTag(); - boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); + String ct = cert.getCertTag(); + boolean enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true); if (!enable) continue; @@ -679,10 +693,10 @@ public class NamePanel extends WizardPanelBase { if (!olddn.equals(dn)) hasChanged = true; - String oldnick = config.getString(PCERT_PREFIX + ct + ".nickname"); - String nick = HttpInput.getNickname(request, ct + "_nick"); - if (!oldnick.equals(nick)) - hasChanged = true; + String oldnick = config.getString(PCERT_PREFIX + ct + ".nickname"); + String nick = HttpInput.getNickname(request, ct + "_nick"); + if (!oldnick.equals(nick)) + hasChanged = true; } } catch (Exception e) { @@ -690,34 +704,34 @@ public class NamePanel extends WizardPanelBase { return hasChanged; } - - public String getURL(HttpServletRequest request, IConfigStore config) - { + + public String getURL(HttpServletRequest request, IConfigStore config) { String index = request.getParameter("urls"); - if (index == null){ - return null; + if (index == null) { + return null; } String url = ""; if (index.startsWith("http")) { - // user may submit url directlry - url = index; + // user may submit url directlry + url = index; } else { - try { - int x = Integer.parseInt(index); - String list = config.getString("preop.ca.list", ""); - StringTokenizer tokenizer = new StringTokenizer(list, ","); - int counter = 0; - - while (tokenizer.hasMoreTokens()) { - url = tokenizer.nextToken(); - if (counter == x) { - break; + try { + int x = Integer.parseInt(index); + String list = config.getString("preop.ca.list", ""); + StringTokenizer tokenizer = new StringTokenizer(list, ","); + int counter = 0; + + while (tokenizer.hasMoreTokens()) { + url = tokenizer.nextToken(); + if (counter == x) { + break; + } + counter++; } - counter++; + } catch (Exception e) { } - } catch (Exception e) {} } - return url; + return url; } /** @@ -727,7 +741,7 @@ public class NamePanel extends WizardPanelBase { HttpServletResponse response, Context context) throws IOException { CMS.debug("NamePanel: in update()"); - boolean hasErr = false; + boolean hasErr = false; if (inputChanged(request)) { mServlet.cleanUpFromPanel(mServlet.getPanelNo(request)); @@ -736,12 +750,12 @@ public class NamePanel extends WizardPanelBase { return; } - IConfigStore config = CMS.getConfigStore(); + IConfigStore config = CMS.getConfigStore(); String hselect = ""; ISubsystem subsystem = CMS.getSubsystem(ICertificateAuthority.ID); try { - //if CA, at the hierarchy panel, was it root or subord? + // if CA, at the hierarchy panel, was it root or subord? hselect = config.getString("preop.hierarchy.select", ""); String cstype = config.getString("preop.subsystem.select", ""); if (cstype.equals("clone")) { @@ -750,13 +764,14 @@ public class NamePanel extends WizardPanelBase { configCertWithTag(request, response, context, "sslserver"); String url = getURL(request, config); if (url != null && !url.equals("External CA")) { - // preop.ca.url and admin port are required for setting KRA connector - url = url.substring(url.indexOf("https")); - config.putString("preop.ca.url", url); + // preop.ca.url and admin port are required for setting KRA + // connector + url = url.substring(url.indexOf("https")); + config.putString("preop.ca.url", url); - URL urlx = new URL(url); - updateCloneSDCAInfo(request, context, urlx.getHost(), - Integer.toString(urlx.getPort())); + URL urlx = new URL(url); + updateCloneSDCAInfo(request, context, urlx.getHost(), + Integer.toString(urlx.getPort())); } updateCloneConfig(config); @@ -770,50 +785,51 @@ public class NamePanel extends WizardPanelBase { return; } - //if no hselect, then not CA - if (hselect.equals("") || hselect.equals("join")) { - String select = null; - String url = getURL(request, config); + // if no hselect, then not CA + if (hselect.equals("") || hselect.equals("join")) { + String select = null; + String url = getURL(request, config); - URL urlx = null; + URL urlx = null; - if (url.equals("External CA")) { - CMS.debug("NamePanel: external CA selected"); - select = "otherca"; - config.putString("preop.ca.type", "otherca"); - if (subsystem != null) { - config.putString(PCERT_PREFIX+"signing.type", "remote"); - } + if (url.equals("External CA")) { + CMS.debug("NamePanel: external CA selected"); + select = "otherca"; + config.putString("preop.ca.type", "otherca"); + if (subsystem != null) { + config.putString(PCERT_PREFIX + "signing.type", "remote"); + } - config.putString("preop.ca.pkcs7", ""); - config.putInteger("preop.ca.certchain.size", 0); - context.put("check_otherca", "checked"); - CMS.debug("NamePanel: update: this is the external CA."); - } else { - CMS.debug("NamePanel: local CA selected"); - select = "sdca"; - // parse URL (CA1 - https://...) - url = url.substring(url.indexOf("https")); - config.putString("preop.ca.url", url); - - urlx = new URL(url); - config.putString("preop.ca.type", "sdca"); - CMS.debug("NamePanel: update: this is a CA in the security domain."); - context.put("check_sdca", "checked"); - sdca(request, context, urlx.getHost(), - Integer.toString(urlx.getPort())); - if (subsystem != null) { - config.putString(PCERT_PREFIX + "signing.type", "remote"); - config.putString(PCERT_PREFIX + "signing.profile", - "caInstallCACert"); + config.putString("preop.ca.pkcs7", ""); + config.putInteger("preop.ca.certchain.size", 0); + context.put("check_otherca", "checked"); + CMS.debug("NamePanel: update: this is the external CA."); + } else { + CMS.debug("NamePanel: local CA selected"); + select = "sdca"; + // parse URL (CA1 - https://...) + url = url.substring(url.indexOf("https")); + config.putString("preop.ca.url", url); + + urlx = new URL(url); + config.putString("preop.ca.type", "sdca"); + CMS.debug("NamePanel: update: this is a CA in the security domain."); + context.put("check_sdca", "checked"); + sdca(request, context, urlx.getHost(), + Integer.toString(urlx.getPort())); + if (subsystem != null) { + config.putString(PCERT_PREFIX + "signing.type", "remote"); + config.putString(PCERT_PREFIX + "signing.profile", + "caInstallCACert"); + } } - } - try { - config.commit(false); - } catch (Exception e) {} + try { + config.commit(false); + } catch (Exception e) { + } - } + } try { @@ -821,13 +837,13 @@ public class NamePanel extends WizardPanelBase { while (c.hasMoreElements()) { Cert cert = (Cert) c.nextElement(); - String ct = cert.getCertTag(); + String ct = cert.getCertTag(); String tokenname = cert.getTokenname(); - boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true); if (!enable) continue; - boolean certDone = config.getBoolean(PCERT_PREFIX+ct+".done", false); + boolean certDone = config.getBoolean(PCERT_PREFIX + ct + ".done", false); if (certDone) continue; @@ -850,32 +866,32 @@ public class NamePanel extends WizardPanelBase { try { configCert(request, response, context, cert); - config.putBoolean("preop.cert."+cert.getCertTag()+".done", - true); + config.putBoolean("preop.cert." + cert.getCertTag() + ".done", + true); config.commit(false); } catch (Exception e) { CMS.debug( "NamePanel: update() exception caught:" + e.toString()); - hasErr = true; + hasErr = true; System.err.println("Exception caught: " + e.toString()); } - } // while - if (hasErr == false) { - config.putBoolean("preop.NamePanel.done", true); - config.commit(false); - } + } // while + if (hasErr == false) { + config.putBoolean("preop.NamePanel.done", true); + config.commit(false); + } } catch (Exception e) { CMS.debug("NamePanel: Exception caught: " + e.toString()); System.err.println("Exception caught: " + e.toString()); }// try - try { config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } if (!hasErr) { context.put("updateStatus", "success"); @@ -897,15 +913,15 @@ public class NamePanel extends WizardPanelBase { // Retrieve the associated HTTPS Admin port so that it // may be stored for use with ImportAdminCertPanel - https_admin_port = getSecurityDomainAdminPort( config, + https_admin_port = getSecurityDomainAdminPort(config, hostname, httpsPortStr, - "CA" ); + "CA"); int httpsport = -1; try { - httpsport = Integer.parseInt(httpsPortStr); + httpsport = Integer.parseInt(httpsPortStr); } catch (Exception e) { CMS.debug( "NamePanel update: Https port is not valid. Exception: " @@ -934,15 +950,15 @@ public class NamePanel extends WizardPanelBase { // Retrieve the associated HTTPS Admin port so that it // may be stored for use with ImportAdminCertPanel - https_admin_port = getSecurityDomainAdminPort( config, + https_admin_port = getSecurityDomainAdminPort(config, hostname, httpsPortStr, - "CA" ); + "CA"); int httpsport = -1; try { - httpsport = Integer.parseInt(httpsPortStr); + httpsport = Integer.parseInt(httpsPortStr); } catch (Exception e) { CMS.debug( "NamePanel update: Https port is not valid. Exception: " @@ -954,21 +970,19 @@ public class NamePanel extends WizardPanelBase { config.putString("preop.ca.httpsport", httpsPortStr); config.putString("preop.ca.httpsadminport", https_admin_port); ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChainUsingSecureEEPort( config, "ca", hostname, + updateCertChainUsingSecureEEPort(config, "ca", hostname, httpsport, true, context, - certApprovalCallback ); + certApprovalCallback); try { - CMS.debug("Importing CA chain"); - importCertChain("ca"); + CMS.debug("Importing CA chain"); + importCertChain("ca"); } catch (Exception e1) { - CMS.debug("Failed in importing CA chain"); + CMS.debug("Failed in importing CA chain"); } } - public void initParams(HttpServletRequest request, Context context) - throws IOException - { + throws IOException { context.put("certs", mCerts); } @@ -977,10 +991,9 @@ public class NamePanel extends WizardPanelBase { */ public void displayError(HttpServletRequest request, HttpServletResponse response, - Context context) - { + Context context) { try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } context.put("title", "Subject Names"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java index cf37fdff..28fdfd84 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Enumeration; @@ -50,11 +49,9 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; /** - * This servlet creates a TPS user in the CA, - * and it associates TPS's server certificate to - * the user. Finally, it addes the user to the - * administrator group. This procedure will - * allows TPS to connect to the CA for certificate + * This servlet creates a TPS user in the CA, and it associates TPS's server + * certificate to the user. Finally, it addes the user to the administrator + * group. This procedure will allows TPS to connect to the CA for certificate * issuance. */ public class RegisterUser extends CMSServlet { @@ -68,8 +65,7 @@ public class RegisterUser extends CMSServlet { private final static String AUTH_FAILURE = "2"; private String mGroupName = null; private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = - "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; - + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; public RegisterUser() { super(); @@ -77,6 +73,7 @@ public class RegisterUser extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -88,7 +85,7 @@ public class RegisterUser extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateUpdater: processing..."); @@ -102,9 +99,9 @@ public class RegisterUser extends CMSServlet { CMS.debug("RegisterUser authentication successful."); } catch (Exception e) { CMS.debug("RegisterUser: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -117,19 +114,19 @@ public class RegisterUser extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); CMS.debug("RegisterUser authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -150,93 +147,93 @@ public class RegisterUser extends CMSServlet { String auditMessage = null; String auditSubjectID = auditSubjectID(); - String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" + - "+Resource;;"+ uid + - "+fullname;;"+ name + + String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" + + "+Resource;;" + uid + + "+fullname;;" + name + "+state;;1" + "+userType;;<null>+email;;<null>+password;;<null>+phone;;<null>"; - IUGSubsystem ugsys = (IUGSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_UG); + IUGSubsystem ugsys = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); IUser user = null; boolean foundByCert = false; X509Certificate certs[] = new X509Certificate[1]; try { - byte bCert[] = null; - X509CertImpl cert = null; - bCert = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString)); - cert = new X509CertImpl(bCert); - certs[0] = (X509Certificate)cert; - - // test to see if the cert already belongs to a user - ICertUserLocator cul = ugsys.getCertUserLocator(); - com.netscape.certsrv.usrgrp.Certificates c = - new com.netscape.certsrv.usrgrp.Certificates(certs); - user = (IUser) cul.locateUser(c); + byte bCert[] = null; + X509CertImpl cert = null; + bCert = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString)); + cert = new X509CertImpl(bCert); + certs[0] = (X509Certificate) cert; + + // test to see if the cert already belongs to a user + ICertUserLocator cul = ugsys.getCertUserLocator(); + com.netscape.certsrv.usrgrp.Certificates c = + new com.netscape.certsrv.usrgrp.Certificates(certs); + user = (IUser) cul.locateUser(c); } catch (Exception ec) { - CMS.debug("RegisterUser: exception thrown: "+ec.toString()); + CMS.debug("RegisterUser: exception thrown: " + ec.toString()); } if (user == null) { - CMS.debug("RegisterUser NOT found user by cert"); - try { - user = ugsys.getUser(uid); - CMS.debug("RegisterUser found user by uid "+uid); - } catch (Exception eee) { - } + CMS.debug("RegisterUser NOT found user by cert"); + try { + user = ugsys.getUser(uid); + CMS.debug("RegisterUser found user by uid " + uid); + } catch (Exception eee) { + } } else { - foundByCert = true; - CMS.debug("RegisterUser found user by cert"); + foundByCert = true; + CMS.debug("RegisterUser found user by cert"); } - - try { - - if (user == null) { - // create user only if such user does not exist - user = ugsys.createUser(uid); - user.setFullName(name); - user.setState("1"); - user.setUserType(""); - user.setEmail(""); - user.setPhone(""); - user.setPassword(""); - - ugsys.addUser(user); - CMS.debug("RegisterUser created user " + uid); - auditMessage = CMS.getLogMessage( + + try { + + if (user == null) { + // create user only if such user does not exist + user = ugsys.createUser(uid); + user.setFullName(name); + user.setState("1"); + user.setUserType(""); + user.setEmail(""); + user.setPhone(""); + user.setPassword(""); + + ugsys.addUser(user); + CMS.debug("RegisterUser created user " + uid); + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.SUCCESS, auditParams); - audit(auditMessage); - } - - // extract all line separators - StringBuffer sb = new StringBuffer(); - for (int i = 0; i < certsString.length(); i++) { - if (!Character.isWhitespace(certsString.charAt(i))) { - sb.append(certsString.charAt(i)); - } - } - certsString = sb.toString(); - - auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" + - "+Resource;;"+ uid + - "+cert;;"+certsString; - - user.setX509Certificates(certs); - if (!foundByCert) { - ugsys.addUserCert(user); - CMS.debug("RegisterUser added user certificate"); - auditMessage = CMS.getLogMessage( + audit(auditMessage); + } + + // extract all line separators + StringBuffer sb = new StringBuffer(); + for (int i = 0; i < certsString.length(); i++) { + if (!Character.isWhitespace(certsString.charAt(i))) { + sb.append(certsString.charAt(i)); + } + } + certsString = sb.toString(); + + auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" + + "+Resource;;" + uid + + "+cert;;" + certsString; + + user.setX509Certificates(certs); + if (!foundByCert) { + ugsys.addUserCert(user); + CMS.debug("RegisterUser added user certificate"); + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.SUCCESS, auditParams); - audit(auditMessage); - } else - CMS.debug("RegisterUser no need to add user certificate"); - } catch (Exception eee) { + audit(auditMessage); + } else + CMS.debug("RegisterUser no need to add user certificate"); + } catch (Exception eee) { CMS.debug("RegisterUser error " + eee.toString()); auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, @@ -249,20 +246,19 @@ public class RegisterUser extends CMSServlet { return; } - // add user to the group auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;RegisterUser" + - "+Resource;;"+ mGroupName; + "+Resource;;" + mGroupName; try { Enumeration groups = ugsys.findGroups(mGroupName); - IGroup group = (IGroup)groups.nextElement(); + IGroup group = (IGroup) groups.nextElement(); auditParams += "+user;;"; Enumeration members = group.getMemberNames(); while (members.hasMoreElements()) { auditParams += (String) members.nextElement(); if (members.hasMoreElements()) { - auditParams +=","; + auditParams += ","; } } @@ -280,15 +276,15 @@ public class RegisterUser extends CMSServlet { audit(auditMessage); } - } catch (Exception e) { - auditMessage = CMS.getLogMessage( + } catch (Exception e) { + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.FAILURE, auditParams); - audit(auditMessage); - } + audit(auditMessage); + } // send success status back to the requestor try { @@ -305,14 +301,23 @@ public class RegisterUser extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java index 76f5a749..4763f814 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.FileInputStream; @@ -76,19 +75,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class RestoreKeyCertPanel extends WizardPanelBase { - public RestoreKeyCertPanel() {} + public RestoreKeyCertPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Import Keys and Certificates"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Import Keys and Certificates"); setId(id); @@ -99,18 +99,18 @@ public class RestoreKeyCertPanel extends WizardPanelBase { */ public boolean shouldSkip() { CMS.debug("RestoreKeyCertPanel: should skip"); - + IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - + try { - String select = cs.getString("preop.subsystem.select",""); + String select = cs.getString("preop.subsystem.select", ""); if (select.equals("clone")) { return false; } } catch (EBaseException e) { } - + return true; } @@ -138,15 +138,16 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -160,7 +161,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.pk12.path", ""); String type = config.getString("preop.subsystem.select", ""); @@ -193,15 +194,14 @@ public class RestoreKeyCertPanel extends WizardPanelBase { if (!tokenname.equals("Internal Key Storage Token")) return; - // Path can be empty. If this case, we just want to + // Path can be empty. If this case, we just want to // get to the next panel. Customer has HSM. String s = HttpInput.getString(request, "path"); // if (s == null || s.equals("")) { - // CMS.debug("RestoreKeyCertPanel validate: path is empty"); - // throw new IOException("Path is empty"); + // CMS.debug("RestoreKeyCertPanel validate: path is empty"); + // throw new IOException("Path is empty"); // } - if (s != null && !s.equals("")) { s = HttpInput.getPassword(request, "__password"); if (s == null || s.equals("")) { @@ -217,15 +217,14 @@ public class RestoreKeyCertPanel extends WizardPanelBase { */ public void update(HttpServletRequest request, HttpServletResponse response, - Context context) throws IOException - { + Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String path = HttpInput.getString(request, "path"); if (path == null || path.equals("")) { - // skip to next panel + // skip to next panel config.putBoolean("preop.restorekeycert.done", true); try { - config.commit(false); + config.commit(false); } catch (EBaseException e) { } getConfigEntriesFromMaster(request, response, context); @@ -233,7 +232,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { return; } String pwd = HttpInput.getPassword(request, "__password"); - + String tokenn = ""; String instanceRoot = ""; @@ -246,7 +245,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { if (tokenn.equals("Internal Key Storage Token")) { byte b[] = new byte[1000000]; FileInputStream fis = new FileInputStream(instanceRoot + "/alias/" + path); - while (fis.available() > 0) + while (fis.available() > 0) fis.read(b); fis.close(); @@ -256,10 +255,10 @@ public class RestoreKeyCertPanel extends WizardPanelBase { PFX pfx = null; boolean verifypfx = false; try { - pfx = (PFX)(new PFX.Template()).decode(bis); - verifypfx = pfx.verifyAuthSafes(password, reason); + pfx = (PFX) (new PFX.Template()).decode(bis); + verifypfx = pfx.verifyAuthSafes(password, reason); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel update: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel update: Exception=" + e.toString()); } if (verifypfx) { @@ -267,50 +266,50 @@ public class RestoreKeyCertPanel extends WizardPanelBase { AuthenticatedSafes safes = pfx.getAuthSafes(); Vector pkeyinfo_collection = new Vector(); Vector cert_collection = new Vector(); - for (int i=0; i<safes.getSize(); i++) { + for (int i = 0; i < safes.getSize(); i++) { try { - SEQUENCE scontent = safes.getSafeContentsAt(null, i); - for (int j=0; j<scontent.size(); j++) { - SafeBag bag = (SafeBag)scontent.elementAt(j); + SEQUENCE scontent = safes.getSafeContentsAt(null, i); + for (int j = 0; j < scontent.size(); j++) { + SafeBag bag = (SafeBag) scontent.elementAt(j); OBJECT_IDENTIFIER oid = bag.getBagType(); if (oid.equals(SafeBag.PKCS8_SHROUDED_KEY_BAG)) { - EncryptedPrivateKeyInfo privkeyinfo = - (EncryptedPrivateKeyInfo)bag.getInterpretedBagContent(); + EncryptedPrivateKeyInfo privkeyinfo = + (EncryptedPrivateKeyInfo) bag.getInterpretedBagContent(); PasswordConverter passConverter = new PasswordConverter(); PrivateKeyInfo pkeyinfo = privkeyinfo.decrypt(password, new PasswordConverter()); Vector pkeyinfo_v = new Vector(); pkeyinfo_v.addElement(pkeyinfo); SET bagAttrs = bag.getBagAttributes(); - for (int k=0; k<bagAttrs.size(); k++) { - Attribute attrs = (Attribute)bagAttrs.elementAt(k); + for (int k = 0; k < bagAttrs.size(); k++) { + Attribute attrs = (Attribute) bagAttrs.elementAt(k); OBJECT_IDENTIFIER aoid = attrs.getType(); if (aoid.equals(SafeBag.FRIENDLY_NAME)) { SET val = attrs.getValues(); - ANY ss = (ANY)val.elementAt(0); + ANY ss = (ANY) val.elementAt(0); ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded()); - BMPString sss = (BMPString)(new BMPString.Template()).decode(bbis); + BMPString sss = (BMPString) (new BMPString.Template()).decode(bbis); String s = sss.toString(); pkeyinfo_v.addElement(s); } } pkeyinfo_collection.addElement(pkeyinfo_v); } else if (oid.equals(SafeBag.CERT_BAG)) { - CertBag cbag = (CertBag)bag.getInterpretedBagContent(); - OCTET_STRING str = (OCTET_STRING)cbag.getInterpretedCert(); + CertBag cbag = (CertBag) bag.getInterpretedBagContent(); + OCTET_STRING str = (OCTET_STRING) cbag.getInterpretedCert(); byte[] x509cert = str.toByteArray(); Vector cert_v = new Vector(); cert_v.addElement(x509cert); SET bagAttrs = bag.getBagAttributes(); - + if (bagAttrs != null) { - for (int k=0; k<bagAttrs.size(); k++) { - Attribute attrs = (Attribute)bagAttrs.elementAt(k); + for (int k = 0; k < bagAttrs.size(); k++) { + Attribute attrs = (Attribute) bagAttrs.elementAt(k); OBJECT_IDENTIFIER aoid = attrs.getType(); if (aoid.equals(SafeBag.FRIENDLY_NAME)) { SET val = attrs.getValues(); - ANY ss = (ANY)val.elementAt(0); + ANY ss = (ANY) val.elementAt(0); ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded()); - BMPString sss = (BMPString)(new BMPString.Template()).decode(bbis); + BMPString sss = (BMPString) (new BMPString.Template()).decode(bbis); String s = sss.toString(); cert_v.addElement(s); } @@ -321,10 +320,10 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } } } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel update: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel update: Exception=" + e.toString()); } } - + importkeycert(pkeyinfo_collection, cert_collection); } else { context.put("updateStatus", "failure"); @@ -342,7 +341,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { cstype = toLowerCaseSubsystemType(cstype); if (subsystemtype.equals("clone")) { - CMS.debug("RestoreKeyCertPanel: this is the clone subsystem"); + CMS.debug("RestoreKeyCertPanel: this is the clone subsystem"); boolean cloneReady = isCertdbCloned(request, context); if (!cloneReady) { CMS.debug("RestoreKeyCertPanel update: clone does not have all the certificates."); @@ -363,7 +362,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } private void getConfigEntriesFromMaster(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { try { IConfigStore config = CMS.getConfigStore(); String cstype = ""; @@ -388,14 +387,14 @@ public class RestoreKeyCertPanel extends WizardPanelBase { String content = ""; if (cstype.equals("ca") || cstype.equals("kra")) { - content = "type=request&xmlOutput=true&sessionID="+session_id; + content = "type=request&xmlOutput=true&sessionID=" + session_id; CMS.debug("http content=" + content); updateNumberRange(master_hostname, master_ee_port, true, content, "request", response); - content = "type=serialNo&xmlOutput=true&sessionID="+session_id; + content = "type=serialNo&xmlOutput=true&sessionID=" + session_id; updateNumberRange(master_hostname, master_ee_port, true, content, "serialNo", response); - content = "type=replicaId&xmlOutput=true&sessionID="+session_id; + content = "type=replicaId&xmlOutput=true&sessionID=" + session_id; updateNumberRange(master_hostname, master_ee_port, true, content, "replicaId", response); } @@ -406,7 +405,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } StringBuffer c1 = new StringBuffer(); - StringBuffer s1 = new StringBuffer(); + StringBuffer s1 = new StringBuffer(); StringTokenizer tok = new StringTokenizer(list, ","); while (tok.hasMoreTokens()) { String t1 = tok.nextToken(); @@ -438,8 +437,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { c1.append(t1); c1.append(".pubkey.encoded"); - - if (s1.length()!=0) + if (s1.length() != 0) s1.append(","); s1.append(cstype); @@ -449,18 +447,18 @@ public class RestoreKeyCertPanel extends WizardPanelBase { if (!cstype.equals("ca")) { c1.append(",cloning.ca.hostname,cloning.ca.httpport,cloning.ca.httpsport,cloning.ca.list,cloning.ca.pkcs7,cloning.ca.type"); - } + } if (cstype.equals("ca")) { /* get ca connector details */ - if (s1.length()!=0) + if (s1.length() != 0) s1.append(","); s1.append("ca.connector.KRA"); } - content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN"+c1.toString()+"&substores="+s1.toString()+"&xmlOutput=true&sessionID="+session_id; + content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" + c1.toString() + "&substores=" + s1.toString() + "&xmlOutput=true&sessionID=" + session_id; boolean success = updateConfigEntries(master_hostname, master_port, true, - "/"+cstype+"/admin/"+cstype+"/getConfigEntries", content, config, response); + "/" + cstype + "/admin/" + cstype + "/getConfigEntries", content, config, response); if (!success) { context.put("errorString", "Failed to get configuration entries from the master"); throw new IOException("Failed to get configuration entries from the master"); @@ -473,7 +471,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } catch (IOException eee) { throw eee; } catch (Exception eee) { - CMS.debug("RestoreKeyCertPanel: update exception caught:"+eee.toString()); + CMS.debug("RestoreKeyCertPanel: update exception caught:" + eee.toString()); } } catch (IOException ee) { @@ -491,38 +489,38 @@ public class RestoreKeyCertPanel extends WizardPanelBase { String s = st.nextToken(); if (s.equals("sslserver")) continue; - String name = "preop.master."+s+".nickname"; + String name = "preop.master." + s + ".nickname"; String nickname = cs.getString(name, ""); CryptoManager cm = CryptoManager.getInstance(); X509Certificate xcert = null; try { xcert = cm.findCertByNickname(nickname); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+ee.toString()); + CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + ee.toString()); } CryptoToken ct = cm.getInternalKeyStorageToken(); CryptoStore store = ct.getCryptoStore(); try { store.deleteCert(xcert); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+ee.toString()); + CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + ee.toString()); } } } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+e.toString()); - } + CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + e.toString()); + } } private org.mozilla.jss.crypto.PrivateKey.Type getPrivateKeyType(PublicKey pubkey) { - CMS.debug("Key Algorithm '"+pubkey.getAlgorithm()+"'"); - if (pubkey.getAlgorithm().equals("EC")) { - return org.mozilla.jss.crypto.PrivateKey.Type.EC; - } - return org.mozilla.jss.crypto.PrivateKey.Type.RSA; + CMS.debug("Key Algorithm '" + pubkey.getAlgorithm() + "'"); + if (pubkey.getAlgorithm().equals("EC")) { + return org.mozilla.jss.crypto.PrivateKey.Type.EC; + } + return org.mozilla.jss.crypto.PrivateKey.Type.RSA; } - private void importkeycert(Vector pkeyinfo_collection, - Vector cert_collection) throws IOException { + private void importkeycert(Vector pkeyinfo_collection, + Vector cert_collection) throws IOException { CryptoManager cm = null; try { cm = CryptoManager.getInstance(); @@ -532,12 +530,12 @@ public class RestoreKeyCertPanel extends WizardPanelBase { // delete all existing certificates first deleteExistingCerts(); - for (int i=0; i<pkeyinfo_collection.size(); i++) { + for (int i = 0; i < pkeyinfo_collection.size(); i++) { try { - Vector pkeyinfo_v = (Vector)pkeyinfo_collection.elementAt(i); - PrivateKeyInfo pkeyinfo = (PrivateKeyInfo)pkeyinfo_v.elementAt(0); - String nickname = (String)pkeyinfo_v.elementAt(1); - byte[] x509cert = getX509Cert(nickname, cert_collection); + Vector pkeyinfo_v = (Vector) pkeyinfo_collection.elementAt(i); + PrivateKeyInfo pkeyinfo = (PrivateKeyInfo) pkeyinfo_v.elementAt(0); + String nickname = (String) pkeyinfo_v.elementAt(1); + byte[] x509cert = getX509Cert(nickname, cert_collection); X509Certificate cert = cm.importCACertPackage(x509cert); ByteArrayOutputStream bos = new ByteArrayOutputStream(); pkeyinfo.encode(bos); @@ -550,32 +548,32 @@ public class RestoreKeyCertPanel extends WizardPanelBase { try { store.deleteCert(cert); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel importKeyCert: Exception="+ee.toString()); + CMS.debug("RestoreKeyCertPanel importKeyCert: Exception=" + ee.toString()); } KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3); SymmetricKey sk = kg.generate(); - byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; + byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; IVParameterSpec param = new IVParameterSpec(iv); Cipher c = token.getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD); c.initEncrypt(sk, param); byte[] encpkey = c.doFinal(pkey); - + KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); wrapper.initUnwrap(sk, param); org.mozilla.jss.crypto.PrivateKey pp = wrapper.unwrapPrivate(encpkey, getPrivateKeyType(publickey), publickey); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel importkeycert: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel importkeycert: Exception=" + e.toString()); } } - for (int i=0; i<cert_collection.size(); i++) { + for (int i = 0; i < cert_collection.size(); i++) { try { - Vector cert_v = (Vector)cert_collection.elementAt(i); - byte[] cert = (byte[])cert_v.elementAt(0); + Vector cert_v = (Vector) cert_collection.elementAt(i); + byte[] cert = (byte[]) cert_v.elementAt(0); if (cert_v.size() > 1) { - String name = (String)cert_v.elementAt(1); + String name = (String) cert_v.elementAt(1); // we need to delete the trusted CA certificate if it is // the same as the ca signing certificate if (isCASigningCert(name)) { @@ -586,10 +584,10 @@ public class RestoreKeyCertPanel extends WizardPanelBase { CMS.debug("RestoreKeyCertPanel deleteCert: this is pk11store"); if (store instanceof PK11Store) { try { - PK11Store pk11store = (PK11Store)store; + PK11Store pk11store = (PK11Store) store; pk11store.deleteCertOnly(certchain); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel importKeyCert: Exception="+ee.toString()); + CMS.debug("RestoreKeyCertPanel importKeyCert: Exception=" + ee.toString()); } } } @@ -598,18 +596,18 @@ public class RestoreKeyCertPanel extends WizardPanelBase { X509Certificate xcert = cm.importUserCACertPackage(cert, name); if (name.startsWith("caSigningCert")) { // we need to change the trust attribute to CT - InternalCertificate icert = (InternalCertificate)xcert; - icert.setSSLTrust(InternalCertificate.TRUSTED_CA - | InternalCertificate.TRUSTED_CLIENT_CA - | InternalCertificate.VALID_CA); + InternalCertificate icert = (InternalCertificate) xcert; + icert.setSSLTrust(InternalCertificate.TRUSTED_CA + | InternalCertificate.TRUSTED_CLIENT_CA + | InternalCertificate.VALID_CA); } else if (name.startsWith("auditSigningCert")) { - InternalCertificate icert = (InternalCertificate)xcert; + InternalCertificate icert = (InternalCertificate) xcert; icert.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER); } } else cm.importCACertPackage(cert); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel importkeycert: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel importkeycert: Exception=" + e.toString()); } } } @@ -628,15 +626,15 @@ public class RestoreKeyCertPanel extends WizardPanelBase { return false; } - private X509Certificate getX509CertFromToken(byte[] cert) - throws IOException { + private X509Certificate getX509CertFromToken(byte[] cert) + throws IOException { try { X509CertImpl impl = new X509CertImpl(cert); String issuer_impl = impl.getIssuerDN().toString(); BigInteger serial_impl = impl.getSerialNumber(); CryptoManager cm = CryptoManager.getInstance(); X509Certificate[] permcerts = cm.getPermCerts(); - for (int i=0; i<permcerts.length; i++) { + for (int i = 0; i < permcerts.length; i++) { String issuer_p = permcerts[i].getSubjectDN().toString(); BigInteger serial_p = permcerts[i].getSerialNumber(); if (issuer_p.equals(issuer_impl) && serial_p.compareTo(serial_impl) == 0) { @@ -644,25 +642,25 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } } } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel getX509CertFromToken: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel getX509CertFromToken: Exception=" + e.toString()); } return null; } - private byte[] getX509Cert(String nickname, Vector cert_collection) - throws IOException { - for (int i=0; i<cert_collection.size(); i++) { - Vector v = (Vector)cert_collection.elementAt(i); - byte[] b = (byte[])v.elementAt(0); + private byte[] getX509Cert(String nickname, Vector cert_collection) + throws IOException { + for (int i = 0; i < cert_collection.size(); i++) { + Vector v = (Vector) cert_collection.elementAt(i); + byte[] b = (byte[]) v.elementAt(0); X509CertImpl impl = null; try { impl = new X509CertImpl(b); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel getX509Cert: Exception="+e.toString()); - throw new IOException( e.toString() ); + CMS.debug("RestoreKeyCertPanel getX509Cert: Exception=" + e.toString()); + throw new IOException(e.toString()); } - Principal subjectdn = impl.getSubjectDN(); + Principal subjectdn = impl.getSubjectDN(); if (LDAPDN.equals(subjectdn.toString(), nickname)) return b; } @@ -674,9 +672,8 @@ public class RestoreKeyCertPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, + Context context) { context.put("title", "Import Keys and Certificates"); context.put("password", ""); context.put("path", ""); @@ -684,7 +681,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } private boolean isCertdbCloned(HttpServletRequest request, - Context context) { + Context context) { IConfigStore config = CMS.getConfigStore(); String certList = ""; try { @@ -698,13 +695,13 @@ public class RestoreKeyCertPanel extends WizardPanelBase { String tokenname = config.getString("preop.module.token", ""); CryptoToken tok = cm.getTokenByName(tokenname); CryptoStore store = tok.getCryptoStore(); - String name1 = "preop.master."+token+".nickname"; + String name1 = "preop.master." + token + ".nickname"; String nickname = config.getString(name1, ""); if (!tokenname.equals("Internal Key Storage Token") && - !tokenname.equals("internal")) - nickname = tokenname+":"+nickname; + !tokenname.equals("internal")) + nickname = tokenname + ":" + nickname; - CMS.debug("RestoreKeyCertPanel isCertdbCloned: "+nickname); + CMS.debug("RestoreKeyCertPanel isCertdbCloned: " + nickname); X509Certificate cert = cm.findCertByNickname(nickname); if (cert == null) return false; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java index 854e8f10..0c066268 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java @@ -34,19 +34,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class SavePKCS12Panel extends WizardPanelBase { - public SavePKCS12Panel() {} + public SavePKCS12Panel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Save Keys and Certificates"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Save Keys and Certificates"); setId(id); @@ -60,11 +61,11 @@ public class SavePKCS12Panel extends WizardPanelBase { try { boolean enable = cs.getBoolean("preop.backupkeys.enable", false); - if (!enable) + if (!enable) return true; } catch (Exception e) { } - + return false; } @@ -77,13 +78,14 @@ public class SavePKCS12Panel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + return set; } @@ -116,7 +118,7 @@ public class SavePKCS12Panel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** @@ -134,9 +136,8 @@ public class SavePKCS12Panel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, + Context context) { context.put("title", "Save Keys and Certificates"); context.put("panel", "admin/console/config/savepkcs12panel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java index 3a5d82d1..42165b08 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.net.URL; import java.net.URLDecoder; @@ -59,9 +58,9 @@ public class SecurityDomainLogin extends BaseServlet { int index = url.indexOf("subsystem="); String subsystem = ""; if (index > 0) { - subsystem = url.substring(index+10); + subsystem = url.substring(index + 10); int index1 = subsystem.indexOf("&"); - if (index1 > 0) + if (index1 > 0) subsystem = subsystem.substring(0, index1); } context.put("sd_uid", ""); @@ -70,14 +69,14 @@ public class SecurityDomainLogin extends BaseServlet { context.put("host", u.getHost()); context.put("sdhost", CMS.getEESSLHost()); if (subsystem.equals("KRA")) { - subsystem = "DRM"; + subsystem = "DRM"; } context.put("subsystem", subsystem); // The "securitydomain.name" property ONLY resides in the "CS.cfg" // associated with the CS subsystem hosting the security domain. IConfigStore cs = CMS.getConfigStore(); String sdname = cs.getString("securitydomain.name", ""); - context.put("name", sdname); + context.put("name", sdname); template = Velocity.getTemplate("admin/console/config/securitydomainloginpanel.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java index 90a6aeb0..8e52aa37 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; @@ -39,19 +38,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class SecurityDomainPanel extends WizardPanelBase { - public SecurityDomainPanel() {} + public SecurityDomainPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Security Domain"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Security Domain"); setId(id); @@ -72,15 +72,16 @@ public class SecurityDomainPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -136,7 +137,8 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("https_ee_port", CMS.getEESSLPort()); context.put("https_admin_port", CMS.getAdminPort()); context.put("sdomainAdminURL", default_admin_url); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } context.put("panel", "admin/console/config/securitydomainpanel.vm"); context.put("errorString", errorString); @@ -157,18 +159,18 @@ public class SecurityDomainPanel extends WizardPanelBase { while (st.hasMoreTokens()) { count++; String n = st.nextToken(); - if (first) { //skip the hostname + if (first) { // skip the hostname first = false; continue; } if (count == numTokens) // skip the last element (e.g. com) continue; - sb.append((defaultDomain.length()==0)? "":" "); + sb.append((defaultDomain.length() == 0) ? "" : " "); sb.append(capitalize(n)); } - defaultDomain = sb.toString() + " "+ "Domain"; + defaultDomain = sb.toString() + " " + "Domain"; name = defaultDomain; - CMS.debug("SecurityDomainPanel: defaultDomain generated:"+ name); + CMS.debug("SecurityDomainPanel: defaultDomain generated:" + name); } catch (MalformedURLException e) { errorString = "Malformed URL"; // not being able to come up with default domain name is ok @@ -176,54 +178,53 @@ public class SecurityDomainPanel extends WizardPanelBase { } context.put("sdomainName", name); - if( default_admin_url != null ) { + if (default_admin_url != null) { String r = null; try { // check to see if "default" security domain exists // on local machine - URL u = new URL( default_admin_url ); + URL u = new URL(default_admin_url); String hostname = u.getHost(); int port = u.getPort(); - ConfigCertApprovalCallback - certApprovalCallback = new ConfigCertApprovalCallback(); - r = pingCS( hostname, port, true, certApprovalCallback ); + ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); + r = pingCS(hostname, port, true, certApprovalCallback); } catch (Exception e) { - CMS.debug( "SecurityDomainPanel: exception caught: " - + e.toString() ); + CMS.debug("SecurityDomainPanel: exception caught: " + + e.toString()); } - - if( r != null ) { + + if (r != null) { // "default" security domain exists on local machine; // fill "sdomainURL" in with "default" security domain // as an initial "guess" - CMS.debug( "SecurityDomainPanel: pingCS returns: "+r ); - context.put( "sdomainURL", default_admin_url ); + CMS.debug("SecurityDomainPanel: pingCS returns: " + r); + context.put("sdomainURL", default_admin_url); } else { // "default" security domain does NOT exist on local machine; // leave "sdomainURL" blank - CMS.debug( "SecurityDomainPanel: pingCS no successful response" ); - context.put( "sdomainURL", "" ); + CMS.debug("SecurityDomainPanel: pingCS no successful response"); + context.put("sdomainURL", ""); } } // Information for "existing" Security Domain CAs String initDaemon = "pki-cad"; String instanceId = "<security_domain_instance_name>"; - String os = System.getProperty( "os.name" ); - if( os.equalsIgnoreCase( "Linux" ) ) { - if (! systemdService.equals("")) { - context.put( "initCommand", "/usr/bin/pkicontrol" ); - context.put( "instanceId", "ca " + systemdService ); + String os = System.getProperty("os.name"); + if (os.equalsIgnoreCase("Linux")) { + if (!systemdService.equals("")) { + context.put("initCommand", "/usr/bin/pkicontrol"); + context.put("instanceId", "ca " + systemdService); } else { - context.put( "initCommand", "/sbin/service " + initDaemon ); - context.put( "instanceId", instanceId ); + context.put("initCommand", "/sbin/service " + initDaemon); + context.put("instanceId", instanceId); } } else { - /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ - context.put( "initCommand", "/etc/init.d/" + initDaemon ); - context.put( "instanceId", instanceId ); + /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ + context.put("initCommand", "/etc/init.d/" + initDaemon); + context.put("instanceId", instanceId); } } @@ -231,7 +232,7 @@ public class SecurityDomainPanel extends WizardPanelBase { if (s.length() == 0) { return s; } else { - return s.substring(0,1).toUpperCase() + s.substring(1); + return s.substring(0, 1).toUpperCase() + s.substring(1); } } @@ -241,7 +242,7 @@ public class SecurityDomainPanel extends WizardPanelBase { public void validate(HttpServletRequest request, HttpServletResponse response, Context context) throws IOException { - + String select = HttpInput.getID(request, "choice"); if (select.equals("newdomain")) { String name = HttpInput.getSecurityDomainName(request, "sdomainName"); @@ -251,50 +252,48 @@ public class SecurityDomainPanel extends WizardPanelBase { throw new IOException("Missing name value for the security domain"); } } else if (select.equals("existingdomain")) { - CMS.debug( "SecurityDomainPanel: validating " - + "SSL Admin HTTPS . . ." ); - String admin_url = HttpInput.getURL( request, "sdomainURL" ); - if( admin_url == null || admin_url.equals("") ) { - initParams( request, context ); + CMS.debug("SecurityDomainPanel: validating " + + "SSL Admin HTTPS . . ."); + String admin_url = HttpInput.getURL(request, "sdomainURL"); + if (admin_url == null || admin_url.equals("")) { + initParams(request, context); context.put("updateStatus", "validate-failure"); - throw new IOException( "Missing SSL Admin HTTPS url value " - + "for the security domain" ); + throw new IOException("Missing SSL Admin HTTPS url value " + + "for the security domain"); } else { String r = null; try { - URL u = new URL( admin_url ); + URL u = new URL(admin_url); String hostname = u.getHost(); int admin_port = u.getPort(); - ConfigCertApprovalCallback - certApprovalCallback = new ConfigCertApprovalCallback(); - r = pingCS( hostname, admin_port, true, - certApprovalCallback ); - } catch( Exception e ) { - CMS.debug( "SecurityDomainPanel: exception caught: " - + e.toString() ); + ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); + r = pingCS(hostname, admin_port, true, + certApprovalCallback); + } catch (Exception e) { + CMS.debug("SecurityDomainPanel: exception caught: " + + e.toString()); context.put("updateStatus", "validate-failure"); - throw new IOException( "Illegal SSL Admin HTTPS url value " - + "for the security domain" ); + throw new IOException("Illegal SSL Admin HTTPS url value " + + "for the security domain"); } if (r != null) { CMS.debug("SecurityDomainPanel: pingAdminCS returns: " - + r ); - context.put( "sdomainURL", admin_url ); + + r); + context.put("sdomainURL", admin_url); } else { - CMS.debug( "SecurityDomainPanel: pingAdminCS " - + "no successful response for SSL Admin HTTPS" ); - context.put( "sdomainURL", "" ); + CMS.debug("SecurityDomainPanel: pingAdminCS " + + "no successful response for SSL Admin HTTPS"); + context.put("sdomainURL", ""); } } } } - public void initParams(HttpServletRequest request, Context context) - throws IOException - { + public void initParams(HttpServletRequest request, Context context) + throws IOException { IConfigStore config = CMS.getConfigStore(); try { context.put("cstype", config.getString("cs.type")); @@ -306,7 +305,7 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("check_newdomain", "checked"); context.put("check_existingdomain", ""); } else if (select.equals("existingdomain")) { - context.put("check_newdomain", ""); + context.put("check_newdomain", ""); context.put("check_existingdomain", "checked"); } @@ -340,29 +339,30 @@ public class SecurityDomainPanel extends WizardPanelBase { if (select.equals("newdomain")) { config.putString("preop.securitydomain.select", "new"); config.putString("securitydomain.select", "new"); - config.putString("preop.securitydomain.name", - HttpInput.getDomainName(request, "sdomainName")); - config.putString("securitydomain.name", - HttpInput.getDomainName(request, "sdomainName")); - config.putString("securitydomain.host", - CMS.getEENonSSLHost()); - config.putString("securitydomain.httpport", - CMS.getEENonSSLPort()); - config.putString("securitydomain.httpsagentport", - CMS.getAgentPort()); - config.putString("securitydomain.httpseeport", - CMS.getEESSLPort()); - config.putString("securitydomain.httpsadminport", - CMS.getAdminPort()); - - // make sure the subsystem certificate is issued by the security + config.putString("preop.securitydomain.name", + HttpInput.getDomainName(request, "sdomainName")); + config.putString("securitydomain.name", + HttpInput.getDomainName(request, "sdomainName")); + config.putString("securitydomain.host", + CMS.getEENonSSLHost()); + config.putString("securitydomain.httpport", + CMS.getEENonSSLPort()); + config.putString("securitydomain.httpsagentport", + CMS.getAgentPort()); + config.putString("securitydomain.httpseeport", + CMS.getEESSLPort()); + config.putString("securitydomain.httpsadminport", + CMS.getAdminPort()); + + // make sure the subsystem certificate is issued by the security // domain config.putString("preop.cert.subsystem.type", "local"); config.putString("preop.cert.subsystem.profile", "subsystemCert.profile"); - + try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } String instanceRoot = ""; try { @@ -383,31 +383,32 @@ public class SecurityDomainPanel extends WizardPanelBase { String hostname = ""; int admin_port = -1; - if( admin_url != null ) { + if (admin_url != null) { try { - URL admin_u = new URL( admin_url ); + URL admin_u = new URL(admin_url); hostname = admin_u.getHost(); admin_port = admin_u.getPort(); - } catch( MalformedURLException e ) { + } catch (MalformedURLException e) { errorString = "Malformed SSL Admin HTTPS URL"; context.put("updateStatus", "failure"); - throw new IOException( errorString ); + throw new IOException(errorString); } - context.put( "sdomainURL", admin_url ); - config.putString( "securitydomain.host", hostname ); - config.putInteger( "securitydomain.httpsadminport", - admin_port ); + context.put("sdomainURL", admin_url); + config.putString("securitydomain.host", hostname); + config.putInteger("securitydomain.httpsadminport", + admin_port); } try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChain( config, "securitydomain", hostname, admin_port, - true, context, certApprovalCallback ); + updateCertChain(config, "securitydomain", hostname, admin_port, + true, context, certApprovalCallback); } else { CMS.debug("SecurityDomainPanel: invalid choice " + select); errorString = "Invalid choice"; @@ -425,7 +426,8 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("wizardname", config.getString("preop.wizard.name")); context.put("panelname", "Security Domain Configuration"); context.put("systemname", config.getString("preop.system.name")); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } context.put("errorString", errorString); context.put("updateStatus", "success"); @@ -446,32 +448,33 @@ public class SecurityDomainPanel extends WizardPanelBase { try { default_admin_url = config.getString("preop.securitydomain.admin_url", ""); - } catch (Exception e) {} + } catch (Exception e) { + } - if( default_admin_url != null ) { + if (default_admin_url != null) { String r = null; try { // check to see if "default" security domain exists // on local machine - URL u = new URL( default_admin_url ); + URL u = new URL(default_admin_url); String hostname = u.getHost(); int port = u.getPort(); - ConfigCertApprovalCallback - certApprovalCallback = new ConfigCertApprovalCallback(); - r = pingCS( hostname, port, true, certApprovalCallback ); - } catch (Exception e) {} - - if( r != null ) { + ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); + r = pingCS(hostname, port, true, certApprovalCallback); + } catch (Exception e) { + } + + if (r != null) { // "default" security domain exists on local machine; // refill "sdomainURL" in with "default" security domain // as an initial "guess" - context.put( "sdomainURL", default_admin_url ); + context.put("sdomainURL", default_admin_url); } else { // "default" security domain does NOT exist on local machine; // leave "sdomainURL" blank - context.put( "sdomainURL", "" ); + context.put("sdomainURL", ""); } } @@ -483,19 +486,20 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("https_admin_port", CMS.getAdminPort()); context.put("sdomainAdminURL", config.getString("preop.securitydomain.admin_url")); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } // Information for "existing" Security Domain CAs String initDaemon = "pki-cad"; String instanceId = "<security_domain_instance_name>"; - String os = System.getProperty( "os.name" ); - if( os.equalsIgnoreCase( "Linux" ) ) { - context.put( "initCommand", "/sbin/service " + initDaemon ); - context.put( "instanceId", instanceId ); + String os = System.getProperty("os.name"); + if (os.equalsIgnoreCase("Linux")) { + context.put("initCommand", "/sbin/service " + initDaemon); + context.put("instanceId", instanceId); } else { - /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ - context.put( "initCommand", "/etc/init.d/" + initDaemon ); - context.put( "instanceId", instanceId ); + /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ + context.put("initCommand", "/etc/init.d/" + initDaemon); + context.put("instanceId", instanceId); } context.put("title", "Security Domain"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java index 75cc0fb6..d15ca5ad 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java @@ -27,8 +27,8 @@ import com.netscape.certsrv.base.ISecurityDomainSessionTable; /** * This object stores the values for IP, uid and group based on the cookie id. */ -public class SecurityDomainSessionTable - implements ISecurityDomainSessionTable { +public class SecurityDomainSessionTable + implements ISecurityDomainSessionTable { private Hashtable<String, Vector<Comparable<?>>> m_sessions; private long m_timeToLive; @@ -38,8 +38,8 @@ public class SecurityDomainSessionTable m_timeToLive = timeToLive; } - public int addEntry(String sessionId, String ip, - String uid, String group) { + public int addEntry(String sessionId, String ip, + String uid, String group) { Vector<Comparable<?>> v = new Vector<Comparable<?>>(); v.addElement(ip); v.addElement(uid); @@ -67,28 +67,28 @@ public class SecurityDomainSessionTable public String getIP(String sessionId) { Vector<Comparable<?>> v = m_sessions.get(sessionId); if (v != null) - return (String)v.elementAt(0); + return (String) v.elementAt(0); return null; } public String getUID(String sessionId) { Vector<Comparable<?>> v = m_sessions.get(sessionId); if (v != null) - return (String)v.elementAt(1); + return (String) v.elementAt(1); return null; } public String getGroup(String sessionId) { Vector<Comparable<?>> v = m_sessions.get(sessionId); if (v != null) - return (String)v.elementAt(2); + return (String) v.elementAt(2); return null; } public long getBeginTime(String sessionId) { Vector<Comparable<?>> v = m_sessions.get(sessionId); - if (v != null) { - Long n = (Long)v.elementAt(3); + if (v != null) { + Long n = (Long) v.elementAt(3); if (n != null) return n.longValue(); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java index c3a1e325..49cadb9c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java @@ -29,7 +29,7 @@ public class SessionTimer extends TimerTask { private ISecurityDomainSessionTable m_sessiontable = null; private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = - "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; public SessionTimer(ISecurityDomainSessionTable table) { super(); @@ -39,15 +39,15 @@ public class SessionTimer extends TimerTask { public void run() { Enumeration keys = m_sessiontable.getSessionIds(); while (keys.hasMoreElements()) { - String sessionId = (String)keys.nextElement(); + String sessionId = (String) keys.nextElement(); long beginTime = m_sessiontable.getBeginTime(sessionId); Date nowDate = new Date(); long nowTime = nowDate.getTime(); long timeToLive = m_sessiontable.getTimeToLive(); - if ((nowTime-beginTime) > timeToLive) { + if ((nowTime - beginTime) > timeToLive) { m_sessiontable.removeEntry(sessionId); CMS.debug("SessionTimer run: successfully remove the session id entry from the table."); - + // audit message String auditParams = "operation;;expire_token+token;;" + sessionId; String auditMessage = CMS.getLogMessage( @@ -62,9 +62,7 @@ public class SessionTimer extends TimerTask { ILogger.LL_SECURITY, auditMessage); - } } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java index 0e6a507a..8f5d6808 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.security.KeyPair; import java.security.NoSuchAlgorithmException; @@ -54,13 +53,14 @@ public class SizePanel extends WizardPanelBase { private String default_rsa_key_size; private boolean mShowSigning = false; - public SizePanel() {} + public SizePanel() { + } /** * Initializes this panel. */ - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Key Pairs"); setId(id); @@ -69,25 +69,28 @@ public class SizePanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - + Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, "default,custom", null, /* no default parameter */ "If 'default', the key size will be configured automatically. If 'custom', the key size will be set to the value of the parameter 'custom_size'."); set.add("choice", choiceDesc); - - Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + + Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ null, /* no default parameter */ "Custom Key Size"); set.add("custom_size", customSizeDesc); - + return set; } public void cleanUp() throws IOException { IConfigStore cs = CMS.getConfigStore(); - /* clean up if necessary*/ + /* clean up if necessary */ try { boolean done = cs.getBoolean("preop.SizePanel.done"); cs.putBoolean("preop.SizePanel.done", false); @@ -105,7 +108,8 @@ public class SizePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -118,7 +122,7 @@ public class SizePanel extends WizardPanelBase { Context context) { CMS.debug("SizePanel: display()"); try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } @@ -134,12 +138,12 @@ public class SizePanel extends WizardPanelBase { } try { - default_ecc_curve_name = config.getString("keys.ecc.curve.default", "nistp256"); + default_ecc_curve_name = config.getString("keys.ecc.curve.default", "nistp256"); } catch (Exception e) { } try { - default_rsa_key_size = config.getString("keys.rsa.keysize.default", "2048"); + default_rsa_key_size = config.getString("keys.rsa.keysize.default", "2048"); } catch (Exception e) { } @@ -180,12 +184,13 @@ public class SizePanel extends WizardPanelBase { PCERT_PREFIX + certTag + ".signing.required", false); c.setSigningRequired(signingRequired); - if (signingRequired) mShowSigning = true; + if (signingRequired) + mShowSigning = true; String userfriendlyname = config.getString( PCERT_PREFIX + certTag + ".userfriendlyname"); c.setUserFriendlyName(userfriendlyname); - boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true); c.setEnable(enable); mCerts.addElement(c); }// while @@ -236,13 +241,13 @@ public class SizePanel extends WizardPanelBase { if (select1.equals("clone")) { // preset the sslserver dn for cloning case try { - String val = config.getString("preop.cert.sslserver.dn", ""); - config.putString("preop.cert.sslserver.dn", val+",o=clone"); + String val = config.getString("preop.cert.sslserver.dn", ""); + config.putString("preop.cert.sslserver.dn", val + ",o=clone"); } catch (Exception ee) { } } } - + String token = ""; try { token = config.getString(PRE_CONF_CA_TOKEN, ""); @@ -251,11 +256,13 @@ public class SizePanel extends WizardPanelBase { while (c.hasMoreElements()) { Cert cert = (Cert) c.nextElement(); String ct = cert.getCertTag(); - boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true); if (!enable) continue; - String keytype = HttpInput.getKeyType(request, ct + "_keytype"); // rsa or ecc + String keytype = HttpInput.getKeyType(request, ct + "_keytype"); // rsa + // or + // ecc String keyalgorithm = HttpInput.getString(request, ct + "_keyalgorithm"); if (keyalgorithm == null) { @@ -280,28 +287,28 @@ public class SizePanel extends WizardPanelBase { } CMS.debug( "SizePanel: update() keysize choice selected:" + select); - String oldkeysize = - config.getString(PCERT_PREFIX+ct+".keysize.size", ""); - String oldkeytype = - config.getString(PCERT_PREFIX + ct + ".keytype", ""); - String oldkeyalgorithm = - config.getString(PCERT_PREFIX + ct + ".keyalgorithm", ""); - String oldsigningalgorithm = - config.getString(PCERT_PREFIX + ct + ".signingalgorithm", ""); + String oldkeysize = + config.getString(PCERT_PREFIX + ct + ".keysize.size", ""); + String oldkeytype = + config.getString(PCERT_PREFIX + ct + ".keytype", ""); + String oldkeyalgorithm = + config.getString(PCERT_PREFIX + ct + ".keyalgorithm", ""); + String oldsigningalgorithm = + config.getString(PCERT_PREFIX + ct + ".signingalgorithm", ""); String oldcurvename = - config.getString(PCERT_PREFIX + ct + ".curvename.name", ""); + config.getString(PCERT_PREFIX + ct + ".curvename.name", ""); if (select.equals("default")) { // XXXrenaming these...keep for now just in case config.putString("preop.keysize.select", "default"); if (keytype != null && keytype.equals("ecc")) { - config.putString("preop.curvename.custom_name", - default_ecc_curve_name); - config.putString("preop.curvename.name", default_ecc_curve_name); + config.putString("preop.curvename.custom_name", + default_ecc_curve_name); + config.putString("preop.curvename.name", default_ecc_curve_name); } else { - config.putString("preop.keysize.custom_size", - default_rsa_key_size); - config.putString("preop.keysize.size", default_rsa_key_size); + config.putString("preop.keysize.custom_size", + default_rsa_key_size); + config.putString("preop.keysize.size", default_rsa_key_size); } config.putString(PCERT_PREFIX + ct + ".keytype", keytype); @@ -311,31 +318,31 @@ public class SizePanel extends WizardPanelBase { "default"); if (keytype != null && keytype.equals("ecc")) { - config.putString(PCERT_PREFIX + ct + - ".curvename.custom_name", - default_ecc_curve_name); - config.putString(PCERT_PREFIX + ct + ".curvename.name", - default_ecc_curve_name); + config.putString(PCERT_PREFIX + ct + + ".curvename.custom_name", + default_ecc_curve_name); + config.putString(PCERT_PREFIX + ct + ".curvename.name", + default_ecc_curve_name); } else { - config.putString(PCERT_PREFIX + ct + - ".keysize.custom_size", - default_rsa_key_size); - config.putString(PCERT_PREFIX + ct + ".keysize.size", - default_rsa_key_size); + config.putString(PCERT_PREFIX + ct + + ".keysize.custom_size", + default_rsa_key_size); + config.putString(PCERT_PREFIX + ct + ".keysize.size", + default_rsa_key_size); } } else if (select.equals("custom")) { // XXXrenaming these...keep for now just in case config.putString("preop.keysize.select", "custom"); if (keytype != null && keytype.equals("ecc")) { - config.putString("preop.curvename.name", - HttpInput.getString(request, ct + "_custom_curvename")); + config.putString("preop.curvename.name", + HttpInput.getString(request, ct + "_custom_curvename")); config.putString("preop.curvename.custom_name", - HttpInput.getString(request, ct + "_custom_curvename")); + HttpInput.getString(request, ct + "_custom_curvename")); } else { - config.putString("preop.keysize.size", - HttpInput.getKeySize(request, ct + "_custom_size", keytype)); + config.putString("preop.keysize.size", + HttpInput.getKeySize(request, ct + "_custom_size", keytype)); config.putString("preop.keysize.custom_size", - HttpInput.getKeySize(request, ct + "_custom_size", keytype)); + HttpInput.getKeySize(request, ct + "_custom_size", keytype)); } config.putString(PCERT_PREFIX + ct + ".keytype", keytype); @@ -346,42 +353,42 @@ public class SizePanel extends WizardPanelBase { if (keytype != null && keytype.equals("ecc")) { config.putString(PCERT_PREFIX + ct + ".curvename.custom_name", - HttpInput.getString(request, ct + "_custom_curvename")); + HttpInput.getString(request, ct + "_custom_curvename")); config.putString(PCERT_PREFIX + ct + ".curvename.name", - HttpInput.getString(request, ct + "_custom_curvename")); + HttpInput.getString(request, ct + "_custom_curvename")); } else { config.putString(PCERT_PREFIX + ct + ".keysize.custom_size", - HttpInput.getKeySize(request, ct + "_custom_size")); + HttpInput.getKeySize(request, ct + "_custom_size")); config.putString(PCERT_PREFIX + ct + ".keysize.size", - HttpInput.getKeySize(request, ct + "_custom_size")); + HttpInput.getKeySize(request, ct + "_custom_size")); } } else { CMS.debug("SizePanel: invalid choice " + select); throw new IOException("invalid choice " + select); } - String newkeysize = - config.getString(PCERT_PREFIX+ct+".keysize.size", ""); - String newkeytype = - config.getString(PCERT_PREFIX + ct + ".keytype", ""); - String newkeyalgorithm = - config.getString(PCERT_PREFIX + ct + ".keyalgorithm", ""); - String newsigningalgorithm = - config.getString(PCERT_PREFIX + ct + ".signingalgorithm", ""); - String newcurvename = - config.getString(PCERT_PREFIX+ct+".curvename.name", ""); - - if (!oldkeysize.equals(newkeysize) || - !oldkeytype.equals(newkeytype) || - !oldkeyalgorithm.equals(newkeyalgorithm) || - !oldsigningalgorithm.equals(newsigningalgorithm) || - !oldcurvename.equals(newcurvename)) + String newkeysize = + config.getString(PCERT_PREFIX + ct + ".keysize.size", ""); + String newkeytype = + config.getString(PCERT_PREFIX + ct + ".keytype", ""); + String newkeyalgorithm = + config.getString(PCERT_PREFIX + ct + ".keyalgorithm", ""); + String newsigningalgorithm = + config.getString(PCERT_PREFIX + ct + ".signingalgorithm", ""); + String newcurvename = + config.getString(PCERT_PREFIX + ct + ".curvename.name", ""); + + if (!oldkeysize.equals(newkeysize) || + !oldkeytype.equals(newkeytype) || + !oldkeyalgorithm.equals(newkeyalgorithm) || + !oldsigningalgorithm.equals(newsigningalgorithm) || + !oldcurvename.equals(newcurvename)) hasChanged = true; }// while try { config.commit(false); - } catch (EBaseException e) { + } catch (EBaseException e) { CMS.debug("SizePanel: update() Exception caught at config commit: " + e.toString()); } @@ -393,7 +400,7 @@ public class SizePanel extends WizardPanelBase { context.put("updateStatus", "success"); return; } - } catch (IOException e) { + } catch (IOException e) { CMS.debug("SizePanel: update() IOException caught: " + e.toString()); context.put("updateStatus", "failure"); throw e; @@ -401,11 +408,11 @@ public class SizePanel extends WizardPanelBase { CMS.debug("SizePanel: update() NumberFormatException caught: " + e.toString()); context.put("updateStatus", "failure"); throw e; - } catch (Exception e) { + } catch (Exception e) { CMS.debug("SizePanel: update() Exception caught: " + e.toString()); } - // generate key pair + // generate key pair Enumeration c = mCerts.elements(); while (c.hasMoreElements()) { @@ -414,7 +421,7 @@ public class SizePanel extends WizardPanelBase { String friendlyName = ct; boolean enable = true; try { - enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); + enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true); friendlyName = config.getString(PCERT_PREFIX + ct + ".userfriendlyname", ct); } catch (Exception e) { } @@ -425,15 +432,15 @@ public class SizePanel extends WizardPanelBase { try { String keytype = config.getString(PCERT_PREFIX + ct + ".keytype"); String keyalgorithm = config.getString(PCERT_PREFIX + ct + ".keyalgorithm"); - + if (keytype.equals("rsa")) { int keysize = config.getInteger( - PCERT_PREFIX + ct + ".keysize.size"); + PCERT_PREFIX + ct + ".keysize.size"); createRSAKeyPair(token, keysize, config, ct); } else { String curveName = config.getString( - PCERT_PREFIX + ct + ".curvename.name", default_ecc_curve_name); + PCERT_PREFIX + ct + ".curvename.name", default_ecc_curve_name); createECCKeyPair(token, curveName, config, ct); } config.commit(false); @@ -441,40 +448,39 @@ public class SizePanel extends WizardPanelBase { CMS.debug(e); CMS.debug("SizePanel: key generation failure: " + e.toString()); context.put("updateStatus", "failure"); - throw new IOException("key generation failure for the certificate: " + friendlyName + + throw new IOException("key generation failure for the certificate: " + friendlyName + ". See the logs for details."); } } // while if (hasErr == false) { - config.putBoolean("preop.SizePanel.done", true); - try { - config.commit(false); - } catch (EBaseException e) { - CMS.debug( - "SizePanel: update() Exception caught at config commit: " - + e.toString()); - } - } + config.putBoolean("preop.SizePanel.done", true); + try { + config.commit(false); + } catch (EBaseException e) { + CMS.debug( + "SizePanel: update() Exception caught at config commit: " + + e.toString()); + } + } CMS.debug("SizePanel: update() done"); context.put("updateStatus", "success"); } - public void createECCKeyPair(String token, String curveName, IConfigStore config, String ct) - throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException - { - CMS.debug("Generating ECC key pair with curvename="+ curveName + - ", token="+token); + public void createECCKeyPair(String token, String curveName, IConfigStore config, String ct) + throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException { + CMS.debug("Generating ECC key pair with curvename=" + curveName + + ", token=" + token); KeyPair pair = null; /* - * default ssl server cert to ECDHE unless stated otherwise - * note: IE only supports "ECDHE", but "ECDH" is more efficient - * + * default ssl server cert to ECDHE unless stated otherwise note: IE + * only supports "ECDHE", but "ECDH" is more efficient + * * for "ECDHE", server.xml should have the following for ciphers: * +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, * -TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * + * * for "ECDH", server.xml should have the following for ciphers: * -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, * +TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA @@ -488,48 +494,48 @@ public class SizePanel extends WizardPanelBase { // ECDHE needs "SIGN" but no "DERIVE" org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE }; // ECDH needs "DERIVE" but no any kind of "SIGN" org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = { - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, }; do { - if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) { - CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); - pair = CryptoUtil.generateECCKeyPair(token, curveName, - null, - ECDH_usages_mask); - } else { - if (ct.equals("sslserver")) { - CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); - } - pair = CryptoUtil.generateECCKeyPair(token, curveName, - null, - usages_mask); - } - - // XXX - store curve , w - byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); - String kid = CryptoUtil.byte2string(id); - config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); - - // try to locate the private key - org.mozilla.jss.crypto.PrivateKey privk = - CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid)); - if (privk == null) { - CMS.debug("Found bad ECC key id " + kid); - pair = null; + if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) { + CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); + pair = CryptoUtil.generateECCKeyPair(token, curveName, + null, + ECDH_usages_mask); + } else { + if (ct.equals("sslserver")) { + CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); + } + pair = CryptoUtil.generateECCKeyPair(token, curveName, + null, + usages_mask); + } + + // XXX - store curve , w + byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); + String kid = CryptoUtil.byte2string(id); + config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); + + // try to locate the private key + org.mozilla.jss.crypto.PrivateKey privk = + CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid)); + if (privk == null) { + CMS.debug("Found bad ECC key id " + kid); + pair = null; } } while (pair == null); - CMS.debug("Public key class " + pair.getPublic().getClass().getName()); + CMS.debug("Public key class " + pair.getPublic().getClass().getName()); byte encoded[] = pair.getPublic().getEncoded(); config.putString(PCERT_PREFIX + ct + ".pubkey.encoded", - CryptoUtil.byte2string(encoded)); + CryptoUtil.byte2string(encoded)); String keyAlgo = ""; try { @@ -537,25 +543,24 @@ public class SizePanel extends WizardPanelBase { } catch (Exception e1) { } - setSigningAlgorithm(ct, keyAlgo, config); + setSigningAlgorithm(ct, keyAlgo, config); } - public void createRSAKeyPair(String token, int keysize, IConfigStore config, String ct) - throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException - { + public void createRSAKeyPair(String token, int keysize, IConfigStore config, String ct) + throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException { /* generate key pair */ KeyPair pair = null; do { - pair = CryptoUtil.generateRSAKeyPair(token, keysize); - byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); - String kid = CryptoUtil.byte2string(id); - config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); - // try to locate the private key - org.mozilla.jss.crypto.PrivateKey privk = - CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid)); - if (privk == null) { - CMS.debug("Found bad RSA key id " + kid); - pair = null; + pair = CryptoUtil.generateRSAKeyPair(token, keysize); + byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); + String kid = CryptoUtil.byte2string(id); + config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); + // try to locate the private key + org.mozilla.jss.crypto.PrivateKey privk = + CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid)); + if (privk == null) { + CMS.debug("Found bad RSA key id " + kid); + pair = null; } } while (pair == null); @@ -563,9 +568,9 @@ public class SizePanel extends WizardPanelBase { byte exponent[] = ((RSAPublicKey) pair.getPublic()).getPublicExponent().toByteArray(); config.putString(PCERT_PREFIX + ct + ".pubkey.modulus", - CryptoUtil.byte2string(modulus)); + CryptoUtil.byte2string(modulus)); config.putString(PCERT_PREFIX + ct + ".pubkey.exponent", - CryptoUtil.byte2string(exponent)); + CryptoUtil.byte2string(exponent)); String keyAlgo = ""; try { @@ -573,41 +578,40 @@ public class SizePanel extends WizardPanelBase { } catch (Exception e1) { } - setSigningAlgorithm(ct, keyAlgo, config); + setSigningAlgorithm(ct, keyAlgo, config); } public void setSigningAlgorithm(String ct, String keyAlgo, IConfigStore config) { String systemType = ""; try { - systemType = config.getString("preop.system.name"); + systemType = config.getString("preop.system.name"); } catch (Exception e1) { } if (systemType.equalsIgnoreCase("CA")) { - if (ct.equals("signing")) { - config.putString("ca.signing.defaultSigningAlgorithm", + if (ct.equals("signing")) { + config.putString("ca.signing.defaultSigningAlgorithm", keyAlgo); - config.putString("ca.crl.MasterCRL.signingAlgorithm", + config.putString("ca.crl.MasterCRL.signingAlgorithm", keyAlgo); - } else if (ct.equals("ocsp_signing")) { - config.putString("ca.ocsp_signing.defaultSigningAlgorithm", + } else if (ct.equals("ocsp_signing")) { + config.putString("ca.ocsp_signing.defaultSigningAlgorithm", keyAlgo); - } + } } else if (systemType.equalsIgnoreCase("OCSP")) { - if (ct.equals("signing")) { - config.putString("ocsp.signing.defaultSigningAlgorithm", + if (ct.equals("signing")) { + config.putString("ocsp.signing.defaultSigningAlgorithm", keyAlgo); - } + } } else if (systemType.equalsIgnoreCase("KRA") || - systemType.equalsIgnoreCase("DRM")) { - if (ct.equals("transport")) { + systemType.equalsIgnoreCase("DRM")) { + if (ct.equals("transport")) { config.putString("kra.transportUnit.signingAlgorithm", keyAlgo); - } + } } } public void initParams(HttpServletRequest request, Context context) - throws IOException - { + throws IOException { IConfigStore config = CMS.getConfigStore(); String s = ""; try { @@ -646,7 +650,7 @@ public class SizePanel extends WizardPanelBase { HttpServletResponse response, Context context) { try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java index cf59e07c..027ec305 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java @@ -51,6 +51,7 @@ public class TokenAuthenticate extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -58,13 +59,14 @@ public class TokenAuthenticate extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); - IConfigStore config = CMS.getConfigStore(); + IConfigStore config = CMS.getConfigStore(); String sessionId = httpReq.getParameter("sessionID"); CMS.debug("TokenAuthentication: sessionId=" + sessionId); @@ -85,9 +87,9 @@ public class TokenAuthenticate extends CMSServlet { CMS.debug("TokenAuthentication: found session"); if (checkIP) { String hostname = table.getIP(sessionId); - if (! hostname.equals(givenHost)) { - CMS.debug("TokenAuthentication: hostname=" + hostname + " and givenHost=" - + givenHost + " are different"); + if (!hostname.equals(givenHost)) { + CMS.debug("TokenAuthentication: hostname=" + hostname + " and givenHost=" + + givenHost + " are different"); CMS.debug("TokenAuthenticate authenticate failed, wrong hostname."); outputError(httpResp, "Error: Failed Authentication"); return; @@ -122,7 +124,15 @@ public class TokenAuthenticate extends CMSServlet { } } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java index cf699c61..f6bd23d1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -45,7 +44,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class UpdateConnector extends CMSServlet { /** @@ -62,6 +60,7 @@ public class UpdateConnector extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -71,7 +70,7 @@ public class UpdateConnector extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateConnector: processing..."); @@ -85,9 +84,9 @@ public class UpdateConnector extends CMSServlet { CMS.debug("UpdateConnector authentication successful."); } catch (Exception e) { CMS.debug("UpdateConnector: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -100,19 +99,19 @@ public class UpdateConnector extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); CMS.debug("UpdateConnector authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -125,7 +124,7 @@ public class UpdateConnector extends CMSServlet { Enumeration list = httpReq.getParameterNames(); while (list.hasMoreElements()) { - String name = (String)list.nextElement(); + String name = (String) list.nextElement(); String val = httpReq.getParameter(name); if (name != null && name.startsWith("ca.connector")) { CMS.debug("Adding connector update name=" + name + " val=" + val); @@ -134,24 +133,24 @@ public class UpdateConnector extends CMSServlet { CMS.debug("Skipping connector update name=" + name + " val=" + val); } } - - try { + + try { String nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); if (!tokenname.equals("Internal Key Storage Token")) - nickname = tokenname+":"+nickname; + nickname = tokenname + ":" + nickname; cs.putString("ca.connector.KRA.nickName", nickname); cs.commit(false); } catch (Exception e) { } // start the connector - try { + try { ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem("ca"); - ICAService caService = (ICAService)ca.getCAService(); + CMS.getSubsystem("ca"); + ICAService caService = (ICAService) ca.getCAService(); IConnector kraConnector = caService.getConnector( - cs.getSubStore("ca.connector.KRA")); + cs.getSubStore("ca.connector.KRA")); caService.setKRAConnector(kraConnector); kraConnector.start(); } catch (Exception e) { @@ -173,14 +172,23 @@ public class UpdateConnector extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java index c9fe27ef..4ca53eb5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; @@ -55,7 +54,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class UpdateDomainXML extends CMSServlet { /** @@ -65,9 +63,9 @@ public class UpdateDomainXML extends CMSServlet { private final static String SUCCESS = "0"; private final static String FAILED = "1"; private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = - "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = - "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; public UpdateDomainXML() { super(); @@ -75,6 +73,7 @@ public class UpdateDomainXML extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -101,20 +100,19 @@ public class UpdateDomainXML extends CMSServlet { status = FAILED; CMS.debug("Failed to delete entry" + e.toString()); } - } catch (Exception e) { - CMS.debug("Failed to delete entry" + e.toString()); - } finally { + } catch (Exception e) { + CMS.debug("Failed to delete entry" + e.toString()); + } finally { try { - if ((conn != null) && (connFactory!= null)) { + if ((conn != null) && (connFactory != null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Error releasing the ldap connection" + e.toString()); } - } - return status; + } + return status; } private String modify_ldap(String dn, LDAPModification mod) { @@ -135,23 +133,21 @@ public class UpdateDomainXML extends CMSServlet { status = FAILED; CMS.debug("Failed to modify entry" + e.toString()); } - } catch (Exception e) { + } catch (Exception e) { CMS.debug("Failed to modify entry" + e.toString()); - } finally { + } finally { try { - if ((conn != null) && (connFactory!= null)) { + if ((conn != null) && (connFactory != null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Error releasing the ldap connection" + e.toString()); } - } - return status; + } + return status; } - private String add_to_ldap(LDAPEntry entry, String dn) { CMS.debug("UpdateDomainXML: add_to_ldap: starting"); String status = SUCCESS; @@ -172,37 +168,36 @@ public class UpdateDomainXML extends CMSServlet { conn.delete(dn); conn.add(entry); } catch (LDAPException ee) { - CMS.debug("UpdateDomainXML: Error when replacing existing entry "+ee.toString()); + CMS.debug("UpdateDomainXML: Error when replacing existing entry " + ee.toString()); status = FAILED; } } else { - CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: "+e.toString()); + CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: " + e.toString()); status = FAILED; } } catch (Exception e) { CMS.debug("Failed to add entry" + e.toString()); } finally { try { - if ((conn != null) && (connFactory!= null)) { + if ((conn != null) && (connFactory != null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Error releasing the ldap connection" + e.toString()); } - } - return status; + } + return status; } - - /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -219,7 +214,7 @@ public class UpdateDomainXML extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -233,19 +228,19 @@ public class UpdateDomainXML extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - AUTH_FAILURE, - "Error: Encountered problem during authorization."); + AUTH_FAILURE, + "Error: Encountered problem during authorization."); return; } if (authzToken == null) { @@ -272,7 +267,7 @@ public class UpdateDomainXML extends CMSServlet { String missing = ""; if ((host == null) || host.equals("")) { missing += " host "; - } + } if ((name == null) || name.equals("")) { missing += " name "; } @@ -286,20 +281,20 @@ public class UpdateDomainXML extends CMSServlet { clone = "false"; } - if (! missing.equals("")) { - CMS.debug("UpdateDomainXML process: required parameters:" + missing + + if (!missing.equals("")) { + CMS.debug("UpdateDomainXML process: required parameters:" + missing + "not provided in request"); - outputError(httpResp, "Error: required parameters: " + missing + + outputError(httpResp, "Error: required parameters: " + missing + "not provided in request"); return; } String auditMessage = null; String auditSubjectID = auditSubjectID(); - String auditParams = "host;;"+host+"+name;;"+name+"+sport;;"+sport+ - "+clone;;"+clone+"+type;;"+type; + String auditParams = "host;;" + host + "+name;;" + name + "+sport;;" + sport + + "+clone;;" + clone + "+type;;" + type; if (operation != null) { - auditParams += "+operation;;"+operation; + auditParams += "+operation;;" + operation; } else { auditParams += "+operation;;add"; } @@ -312,8 +307,7 @@ public class UpdateDomainXML extends CMSServlet { try { basedn = cs.getString("internaldb.basedn"); secstore = cs.getString("securitydomain.store"); - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Unable to determine security domain name or basedn. Please run the domaininfo migration script"); } @@ -326,7 +320,7 @@ public class UpdateDomainXML extends CMSServlet { String listName = type + "List"; String cn = host + ":"; - if ((adminsport!= null) && (adminsport != "")) { + if ((adminsport != null) && (adminsport != "")) { cn += adminsport; } else { cn += sport; @@ -361,64 +355,63 @@ public class UpdateDomainXML extends CMSServlet { attrs.add(new LDAPAttribute("clone", clone.toUpperCase())); attrs.add(new LDAPAttribute("SubsystemName", name)); entry = new LDAPEntry(dn, attrs); - - if ((operation != null) && (operation.equals("remove"))) { - status = remove_from_ldap(dn); - String adminUserDN; - if ((agentsport != null) && (!agentsport.equals(""))) { - adminUserDN = "uid=" + type + "-" + host + "-" + agentsport + ",ou=People," + basedn; - } else { - adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn; - } - String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" + - "+resource;;"+adminUserDN; - if (status.equals(SUCCESS)) { - // remove the user for this subsystem's admin - status2 = remove_from_ldap(adminUserDN); - if (status2.equals(SUCCESS)) { - auditMessage = CMS.getLogMessage( + + if ((operation != null) && (operation.equals("remove"))) { + status = remove_from_ldap(dn); + String adminUserDN; + if ((agentsport != null) && (!agentsport.equals(""))) { + adminUserDN = "uid=" + type + "-" + host + "-" + agentsport + ",ou=People," + basedn; + } else { + adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn; + } + String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" + + "+resource;;" + adminUserDN; + if (status.equals(SUCCESS)) { + // remove the user for this subsystem's admin + status2 = remove_from_ldap(adminUserDN); + if (status2.equals(SUCCESS)) { + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.SUCCESS, userAuditParams); - audit(auditMessage); + audit(auditMessage); - // remove this user from the subsystem group - userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" + + // remove this user from the subsystem group + userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" + "+source;;UpdateDomainXML" + - "+resource;;Subsystem Group+user;;"+adminUserDN; - dn = "cn=Subsystem Group, ou=groups," + basedn; - LDAPModification mod = new LDAPModification(LDAPModification.DELETE, + "+resource;;Subsystem Group+user;;" + adminUserDN; + dn = "cn=Subsystem Group, ou=groups," + basedn; + LDAPModification mod = new LDAPModification(LDAPModification.DELETE, new LDAPAttribute("uniqueMember", adminUserDN)); - status2 = modify_ldap(dn, mod); - if (status2.equals(SUCCESS)) { - auditMessage = CMS.getLogMessage( + status2 = modify_ldap(dn, mod); + if (status2.equals(SUCCESS)) { + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.SUCCESS, userAuditParams); - } else { - auditMessage = CMS.getLogMessage( + } else { + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.FAILURE, userAuditParams); - } - audit(auditMessage); - } else { // error deleting user - auditMessage = CMS.getLogMessage( + } + audit(auditMessage); + } else { // error deleting user + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.FAILURE, userAuditParams); - audit(auditMessage); - } + audit(auditMessage); } + } } else { - status = add_to_ldap(entry, dn); + status = add_to_ldap(entry, dn); } - } - else { + } else { // update the domain.xml file String path = CMS.getConfigStore().getString("instanceRoot", "") + "/conf/domain.xml"; @@ -430,7 +423,7 @@ public class UpdateDomainXML extends CMSServlet { CMS.debug("UpdateDomainXML: Inserting new domain info"); XMLObject parser = new XMLObject(new FileInputStream(path)); Node n = parser.getContainer(list); - int count =0; + int count = 0; if ((operation != null) && (operation.equals("remove"))) { // delete node @@ -444,11 +437,11 @@ public class UpdateDomainXML extends CMSServlet { Vector v_host = parser.getValuesFromContainer(nn, "Host"); Vector v_adminport = parser.getValuesFromContainer(nn, "SecureAdminPort"); if ((v_name.elementAt(0).equals(name)) && (v_host.elementAt(0).equals(host)) - && (v_adminport.elementAt(0).equals(adminsport))) { - Node parent = nn.getParentNode(); - Node remNode = parent.removeChild(nn); - count --; - break; + && (v_adminport.elementAt(0).equals(adminsport))) { + Node parent = nn.getParentNode(); + Node remNode = parent.removeChild(nn); + count--; + break; } } } else { @@ -463,33 +456,33 @@ public class UpdateDomainXML extends CMSServlet { parser.addItemToContainer(parent, "UnSecurePort", httpport); parser.addItemToContainer(parent, "DomainManager", domainmgr.toUpperCase()); parser.addItemToContainer(parent, "Clone", clone.toUpperCase()); - count ++; + count++; } - //update count + // update count String countS = ""; NodeList nlist = n.getChildNodes(); Node countnode = null; - for (int i=0; i<nlist.getLength(); i++) { - Element nn = (Element)nlist.item(i); + for (int i = 0; i < nlist.getLength(); i++) { + Element nn = (Element) nlist.item(i); String tagname = nn.getTagName(); if (tagname.equals("SubsystemCount")) { countnode = nn; NodeList nlist1 = nn.getChildNodes(); Node nn1 = nlist1.item(0); - countS = nn1.getNodeValue(); + countS = nn1.getNodeValue(); break; } } - CMS.debug("UpdateDomainXML process: SubsystemCount="+countS); + CMS.debug("UpdateDomainXML process: SubsystemCount=" + countS); try { - count += Integer.parseInt(countS); + count += Integer.parseInt(countS); } catch (Exception ee) { } Node nn2 = n.removeChild(countnode); - parser.addItemToContainer(n, "SubsystemCount", ""+count); + parser.addItemToContainer(n, "SubsystemCount", "" + count); // recreate domain.xml CMS.debug("UpdateDomainXML: Recreating domain.xml"); @@ -503,7 +496,7 @@ public class UpdateDomainXML extends CMSServlet { } } - + if (status.equals(SUCCESS)) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, @@ -520,11 +513,11 @@ public class UpdateDomainXML extends CMSServlet { } audit(auditMessage); - if (status.equals(SUCCESS) && status2.equals(SUCCESS)) { - status = SUCCESS; - } else { - status = FAILED; - } + if (status.equals(SUCCESS) && status2.equals(SUCCESS)) { + status = SUCCESS; + } else { + status = FAILED; + } try { // send success status back to the requestor @@ -537,24 +530,34 @@ public class UpdateDomainXML extends CMSServlet { outputResult(httpResp, "application/xml", cb); } catch (Exception e) { - CMS.debug("UpdateDomainXML: Failed to send the XML output" + e.toString()); + CMS.debug("UpdateDomainXML: Failed to send the XML output" + e.toString()); } } protected String securityDomainXMLtoLDAP(String xmltag) { - if (xmltag.equals("Host")) return "host"; - else return xmltag; + if (xmltag.equals("Host")) + return "host"; + else + return xmltag; } - - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java index 0a1787aa..c0d0db10 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -45,7 +44,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class UpdateNumberRange extends CMSServlet { /** @@ -56,7 +54,7 @@ public class UpdateNumberRange extends CMSServlet { private final static String FAILED = "1"; private final static String AUTH_FAILURE = "2"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER = - "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1"; + "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1"; public UpdateNumberRange() { super(); @@ -64,6 +62,7 @@ public class UpdateNumberRange extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -73,11 +72,13 @@ public class UpdateNumberRange extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -96,18 +97,18 @@ public class UpdateNumberRange extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } if (authzToken == null) { @@ -131,13 +132,13 @@ public class UpdateNumberRange extends CMSServlet { BigInteger oneNum = new BigInteger("1"); String endNumConfig = null; String cloneNumConfig = null; - String nextEndConfig = null; + String nextEndConfig = null; int radix = 10; IRepository repo = null; if (cstype.equals("KRA")) { IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem( - IKeyRecoveryAuthority.ID); + IKeyRecoveryAuthority.ID); if (type.equals("request")) { repo = kra.getRequestQueue().getRequestRepository(); } else if (type.equals("serialNo")) { @@ -147,7 +148,7 @@ public class UpdateNumberRange extends CMSServlet { } } else { // CA ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( - ICertificateAuthority.ID); + ICertificateAuthority.ID); if (type.equals("request")) { repo = ca.getRequestQueue().getRequestRepository(); } else if (type.equals("serialNo")) { @@ -157,26 +158,28 @@ public class UpdateNumberRange extends CMSServlet { } } - // checkRanges for replicaID - we do this each time a replica is created. - // This needs to be done beforehand to ensure that we always have enough + // checkRanges for replicaID - we do this each time a replica is + // created. + // This needs to be done beforehand to ensure that we always have + // enough // replica numbers if (type.equals("replicaId")) { - CMS.debug("Checking replica number ranges"); - repo.checkRanges(); + CMS.debug("Checking replica number ranges"); + repo.checkRanges(); } - + if (type.equals("request")) { radix = 10; endNumConfig = "dbs.endRequestNumber"; cloneNumConfig = "dbs.requestCloneTransferNumber"; nextEndConfig = "dbs.nextEndRequestNumber"; } else if (type.equals("serialNo")) { - radix=16; + radix = 16; endNumConfig = "dbs.endSerialNumber"; cloneNumConfig = "dbs.serialCloneTransferNumber"; nextEndConfig = "dbs.nextEndSerialNumber"; } else if (type.equals("replicaId")) { - radix=10; + radix = 10; endNumConfig = "dbs.endReplicaNumber"; cloneNumConfig = "dbs.replicaCloneTransferNumber"; nextEndConfig = "dbs.nextEndReplicaNumber"; @@ -192,11 +195,11 @@ public class UpdateNumberRange extends CMSServlet { String nextEndNumStr = cs.getString(nextEndConfig, ""); BigInteger endNum2 = new BigInteger(nextEndNumStr, radix); CMS.debug("Transferring from the end of on-deck range"); - String newValStr = endNum2.subtract(decrement).toString(radix); - repo.setNextMaxSerial(newValStr); - cs.putString(nextEndConfig, newValStr); - beginNum = endNum2.subtract(decrement).add(oneNum); - endNum = endNum2; + String newValStr = endNum2.subtract(decrement).toString(radix); + repo.setNextMaxSerial(newValStr); + cs.putString(nextEndConfig, newValStr); + beginNum = endNum2.subtract(decrement).add(oneNum); + endNum = endNum2; } else { CMS.debug("Transferring from the end of the current range"); String newValStr = beginNum.subtract(oneNum).toString(radix); @@ -204,10 +207,9 @@ public class UpdateNumberRange extends CMSServlet { cs.putString(endNumConfig, newValStr); } - - if( beginNum == null ) { - CMS.debug( "UpdateNumberRange::process() - " + - "beginNum is null!" ); + if (beginNum == null) { + CMS.debug("UpdateNumberRange::process() - " + + "beginNum is null!"); auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, auditSubjectID, @@ -219,7 +221,7 @@ public class UpdateNumberRange extends CMSServlet { // Enable serial number management in master for certs and requests if (type.equals("replicaId")) { - repo.setEnableSerialMgmt(true); + repo.setEnableSerialMgmt(true); } // insert info @@ -248,7 +250,7 @@ public class UpdateNumberRange extends CMSServlet { audit(auditMessage); } catch (Exception e) { - CMS.debug("UpdateNumberRange: Failed to update number range. Exception: "+e.toString()); + CMS.debug("UpdateNumberRange: Failed to update number range. Exception: " + e.toString()); auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, @@ -261,14 +263,23 @@ public class UpdateNumberRange extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java index 2339c4c7..10161f1b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java @@ -40,7 +40,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class UpdateOCSPConfig extends CMSServlet { /** @@ -57,6 +56,7 @@ public class UpdateOCSPConfig extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -81,18 +81,18 @@ public class UpdateOCSPConfig extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } if (authzToken == null) { @@ -108,31 +108,31 @@ public class UpdateOCSPConfig extends CMSServlet { nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) - nickname = tokenname+":"+nickname; + nickname = tokenname + ":" + nickname; } catch (Exception e) { } - CMS.debug("UpdateOCSPConfig process: nickname="+nickname); + CMS.debug("UpdateOCSPConfig process: nickname=" + nickname); String ocsphost = httpReq.getParameter("ocsp_host"); String ocspport = httpReq.getParameter("ocsp_port"); try { cs.putString("ca.publish.enable", "true"); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.host", - ocsphost); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.port", - ocspport); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.nickName", - nickname); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.host", + ocsphost); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.port", + ocspport); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.nickName", + nickname); cs.putString("ca.publish.publisher.instance.OCSPPublisher.path", - "/ocsp/agent/ocsp/addCRL"); + "/ocsp/agent/ocsp/addCRL"); cs.putString("ca.publish.publisher.instance.OCSPPublisher.pluginName", "OCSPPublisher"); cs.putString("ca.publish.publisher.instance.OCSPPublisher.enableClientAuth", "true"); cs.putString("ca.publish.rule.instance.ocsprule.enable", "true"); cs.putString("ca.publish.rule.instance.ocsprule.mapper", "NoMap"); cs.putString("ca.publish.rule.instance.ocsprule.pluginName", "Rule"); - cs.putString("ca.publish.rule.instance.ocsprule.publisher", - "OCSPPublisher"); + cs.putString("ca.publish.rule.instance.ocsprule.publisher", + "OCSPPublisher"); cs.putString("ca.publish.rule.instance.ocsprule.type", "crl"); cs.commit(false); // insert info @@ -147,19 +147,28 @@ public class UpdateOCSPConfig extends CMSServlet { outputResult(httpResp, "application/xml", cb); } catch (Exception e) { - CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: "+e.toString()); + CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: " + e.toString()); outputError(httpResp, "Error: Failed to update OCSP configuration."); } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java index 7b1c9959..4224c4eb 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -35,13 +34,14 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class WelcomePanel extends WizardPanelBase { - public WelcomePanel() {} + public WelcomePanel() { + } /** * Initializes this panel. */ - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Welcome"); setId(id); @@ -52,19 +52,20 @@ public class WelcomePanel extends WizardPanelBase { cs.putBoolean("preop.welcome.done", false); } - public boolean isPanelDone() { + public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { return cs.getBoolean("preop.welcome.done"); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -80,7 +81,7 @@ public class WelcomePanel extends WizardPanelBase { try { context.put("cstype", cs.getString("cs.type")); context.put("wizardname", cs.getString("preop.wizard.name")); - context.put("panelname", + context.put("panelname", cs.getString("preop.system.fullname") + " Configuration Wizard"); context.put("systemname", cs.getString("preop.system.name")); @@ -90,7 +91,8 @@ public class WelcomePanel extends WizardPanelBase { cs.getString("preop.product.name")); context.put("productversion", cs.getString("preop.product.version")); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } context.put("panel", "admin/console/config/welcomepanel.vm"); } @@ -112,7 +114,8 @@ public class WelcomePanel extends WizardPanelBase { try { cs.putBoolean("preop.welcome.done", true); cs.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } /** @@ -120,5 +123,6 @@ public class WelcomePanel extends WizardPanelBase { */ public void displayError(HttpServletRequest request, HttpServletResponse response, - Context context) {/* This should never be called */} + Context context) {/* This should never be called */ + } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java index 06eb63ff..f5a96bc8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class WelcomeServlet extends BaseServlet { /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java index a2a7d5df..70b427e5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.net.ConnectException; @@ -79,8 +78,8 @@ public class WizardPanelBase implements IWizardPanel { public static final String PRE_CONF_AGENT_GROUP = "preop.admin.group"; /** - * Definition for "preop" static variables in CS.cfg - * -- "preop" config parameters should not assumed to exist after configuation + * Definition for "preop" static variables in CS.cfg -- "preop" config + * parameters should not assumed to exist after configuation */ public static final String PRE_CONF_CA_TOKEN = "preop.module.token"; @@ -95,15 +94,13 @@ public class WizardPanelBase implements IWizardPanel { /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException - { + public void init(ServletConfig config, int panelno) + throws ServletException { mPanelNo = panelno; } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException - { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { mPanelNo = panelno; } @@ -142,7 +139,7 @@ public class WizardPanelBase implements IWizardPanel { return set; } - + /** * Should we skip this panel? */ @@ -187,7 +184,8 @@ public class WizardPanelBase implements IWizardPanel { */ public void display(HttpServletRequest request, HttpServletResponse response, - Context context) {} + Context context) { + } /** * Checks if the given parameters are valid. @@ -202,14 +200,16 @@ public class WizardPanelBase implements IWizardPanel { */ public void update(HttpServletRequest request, HttpServletResponse response, - Context context) throws IOException {} + Context context) throws IOException { + } /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, HttpServletResponse response, - Context context) {} + Context context) { + } /** * Retrieves locale based on the request. @@ -233,7 +233,8 @@ public class WizardPanelBase implements IWizardPanel { try { instanceID = config.getString("instanceId", ""); - } catch (Exception e) {} + } catch (Exception e) { + } String nickname = certTag + "Cert cert-" + instanceID; String preferredNickname = null; @@ -241,7 +242,8 @@ public class WizardPanelBase implements IWizardPanel { try { preferredNickname = config.getString( PCERT_PREFIX + certTag + ".nickname", null); - } catch (Exception e) {} + } catch (Exception e) { + } if (preferredNickname != null) { nickname = preferredNickname; @@ -250,7 +252,7 @@ public class WizardPanelBase implements IWizardPanel { } public void updateDomainXML(String hostname, int port, boolean https, - String servlet, String uri) throws IOException { + String servlet, String uri) throws IOException { CMS.debug("WizardPanelBase updateDomainXML start hostname=" + hostname + " port=" + port); IConfigStore cs = CMS.getConfigStore(); String nickname = ""; @@ -258,17 +260,18 @@ public class WizardPanelBase implements IWizardPanel { try { nickname = cs.getString("preop.cert.subsystem.nickname", ""); tokenname = cs.getString("preop.module.token", ""); - } catch (Exception e) {} + } catch (Exception e) { + } if (!tokenname.equals("") && - !tokenname.equals("Internal Key Storage Token") && - !tokenname.equals("internal")) { - nickname = tokenname+":"+nickname; + !tokenname.equals("Internal Key Storage Token") && + !tokenname.equals("internal")) { + nickname = tokenname + ":" + nickname; } CMS.debug("WizardPanelBase updateDomainXML nickname=" + nickname); CMS.debug("WizardPanelBase: start sending updateDomainXML request"); - String c = getHttpResponse(hostname, port, https, servlet, uri, nickname); + String c = getHttpResponse(hostname, port, https, servlet, uri, nickname); CMS.debug("WizardPanelBase: done sending updateDomainXML request"); if (c != null) { @@ -278,9 +281,9 @@ public class WizardPanelBase implements IWizardPanel { try { obj = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateDomainXML() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateDomainXML() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = obj.getValue("Status"); @@ -291,7 +294,7 @@ public class WizardPanelBase implements IWizardPanel { } else { String error = obj.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: updateDomainXML: " + e.toString()); throw e; @@ -302,8 +305,8 @@ public class WizardPanelBase implements IWizardPanel { } } - public int getSubsystemCount( String hostname, int https_admin_port, - boolean https, String type ) + public int getSubsystemCount(String hostname, int https_admin_port, + boolean https, String type) throws IOException { CMS.debug("WizardPanelBase getSubsystemCount start"); String c = getDomainXML(hostname, https_admin_port, true); @@ -311,12 +314,12 @@ public class WizardPanelBase implements IWizardPanel { try { ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject obj = new XMLObject(bis); - String containerName = type+"List"; + String containerName = type + "List"; Node n = obj.getContainer(containerName); NodeList nlist = n.getChildNodes(); String countS = ""; - for (int i=0; i<nlist.getLength(); i++) { - Element nn = (Element)nlist.item(i); + for (int i = 0; i < nlist.getLength(); i++) { + Element nn = (Element) nlist.item(i); String tagname = nn.getTagName(); if (tagname.equals("SubsystemCount")) { NodeList nlist1 = nn.getChildNodes(); @@ -325,7 +328,7 @@ public class WizardPanelBase implements IWizardPanel { break; } } - CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount="+countS); + CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount=" + countS); int num = 0; if (countS != null && !countS.equals("")) { @@ -337,7 +340,7 @@ public class WizardPanelBase implements IWizardPanel { return num; } catch (Exception e) { - CMS.debug("WizardPanelBase: getSubsystemCount: "+e.toString()); + CMS.debug("WizardPanelBase: getSubsystemCount: " + e.toString()); throw new IOException(e.toString()); } } @@ -345,12 +348,12 @@ public class WizardPanelBase implements IWizardPanel { return -1; } - public String getDomainXML( String hostname, int https_admin_port, - boolean https ) + public String getDomainXML(String hostname, int https_admin_port, + boolean https) throws IOException { CMS.debug("WizardPanelBase getDomainXML start"); - String c = getHttpResponse( hostname, https_admin_port, https, - "/ca/admin/ca/getDomainXML", null, null ); + String c = getHttpResponse(hostname, https_admin_port, https, + "/ca/admin/ca/getDomainXML", null, null); if (c != null) { try { ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); @@ -359,9 +362,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getDomainXML() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getDomainXML() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -374,12 +377,12 @@ public class WizardPanelBase implements IWizardPanel { CMS.debug( "WizardPanelBase getDomainXML: domainInfo=" + domainInfo); - return domainInfo; + return domainInfo; } else { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: getDomainXML: " + e.toString()); throw e; @@ -392,29 +395,29 @@ public class WizardPanelBase implements IWizardPanel { return null; } - public String getSubsystemCert(String host, int port, boolean https) - throws IOException { + public String getSubsystemCert(String host, int port, boolean https) + throws IOException { CMS.debug("WizardPanelBase getSubsystemCert start"); - String c = getHttpResponse(host, port, https, - "/ca/admin/ca/getSubsystemCert", null, null); + String c = getHttpResponse(host, port, https, + "/ca/admin/ca/getSubsystemCert", null, null); if (c != null) { try { - ByteArrayInputStream bis = - new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = + new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getSubsystemCert() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getSubsystemCert() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); if (status.equals(SUCCESS)) { String s = parser.getValue("Cert"); return s; } else - return null; + return null; } catch (Exception e) { } } @@ -423,10 +426,10 @@ public class WizardPanelBase implements IWizardPanel { } public void updateConnectorInfo(String host, int port, boolean https, - String content) throws IOException { + String content) throws IOException { CMS.debug("WizardPanelBase updateConnectorInfo start"); - String c = getHttpResponse(host, port, https, - "/ca/admin/ca/updateConnector", content, null); + String c = getHttpResponse(host, port, https, + "/ca/admin/ca/updateConnector", content, null); if (c != null) { try { ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); @@ -435,9 +438,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateConnectorInfo() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateConnectorInfo() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -447,7 +450,7 @@ public class WizardPanelBase implements IWizardPanel { if (!status.equals(SUCCESS)) { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: updateConnectorInfo: " + e.toString()); throw e; @@ -458,16 +461,16 @@ public class WizardPanelBase implements IWizardPanel { } } - public String getCertChainUsingSecureAdminPort( String hostname, + public String getCertChainUsingSecureAdminPort(String hostname, int https_admin_port, boolean https, ConfigCertApprovalCallback - certApprovalCallback ) + certApprovalCallback) throws IOException { CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort start"); - String c = getHttpResponse( hostname, https_admin_port, https, + String c = getHttpResponse(hostname, https_admin_port, https, "/ca/admin/ca/getCertChain", null, null, - certApprovalCallback ); + certApprovalCallback); if (c != null) { try { @@ -477,9 +480,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getCertChainUsingSecureAdminPort() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getCertChainUsingSecureAdminPort() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -493,12 +496,12 @@ public class WizardPanelBase implements IWizardPanel { CMS.debug( "WizardPanelBase getCertChainUsingSecureAdminPort: certchain=" + certchain); - return certchain; + return certchain; } else { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + e.toString()); throw e; @@ -511,16 +514,16 @@ public class WizardPanelBase implements IWizardPanel { return null; } - public String getCertChainUsingSecureEEPort( String hostname, + public String getCertChainUsingSecureEEPort(String hostname, int https_ee_port, boolean https, ConfigCertApprovalCallback - certApprovalCallback ) + certApprovalCallback) throws IOException { CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort start"); - String c = getHttpResponse( hostname, https_ee_port, https, + String c = getHttpResponse(hostname, https_ee_port, https, "/ca/ee/ca/getCertChain", null, null, - certApprovalCallback ); + certApprovalCallback); if (c != null) { try { @@ -530,9 +533,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getCertChainUsingSecureEEPort() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getCertChainUsingSecureEEPort() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -546,12 +549,12 @@ public class WizardPanelBase implements IWizardPanel { CMS.debug( "WizardPanelBase getCertChainUsingSecureEEPort: certchain=" + certchain); - return certchain; + return certchain; } else { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " + e.toString()); throw e; @@ -565,8 +568,8 @@ public class WizardPanelBase implements IWizardPanel { } public boolean updateConfigEntries(String hostname, int port, boolean https, - String servlet, String uri, IConfigStore config, - HttpServletResponse response) throws IOException { + String servlet, String uri, IConfigStore config, + HttpServletResponse response) throws IOException { CMS.debug("WizardPanelBase updateConfigEntries start"); String c = getHttpResponse(hostname, port, https, servlet, uri, null); @@ -578,9 +581,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateConfigEntries() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateConfigEntries() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -594,11 +597,11 @@ public class WizardPanelBase implements IWizardPanel { } catch (Exception e) { CMS.debug("WizardPanelBase::updateConfigEntries() - unable to get cs.type: " + e.toString()); } - - Document doc = parser.getDocument(); + + Document doc = parser.getDocument(); NodeList list = doc.getElementsByTagName("name"); int len = list.getLength(); - for (int i=0; i<len; i++) { + for (int i = 0; i < len; i++) { Node n = list.item(i); NodeList nn = n.getChildNodes(); String name = nn.item(0).getNodeValue(); @@ -606,14 +609,14 @@ public class WizardPanelBase implements IWizardPanel { nn = parent.getChildNodes(); int len1 = nn.getLength(); String v = ""; - for (int j=0; j<len1; j++) { + for (int j = 0; j < len1; j++) { Node nv = nn.item(j); String val = nv.getNodeName(); if (val.equals("value")) { NodeList n2 = nv.getChildNodes(); if (n2.getLength() > 0) - v = n2.item(0).getNodeValue(); - break; + v = n2.item(0).getNodeValue(); + break; } } @@ -625,7 +628,7 @@ public class WizardPanelBase implements IWizardPanel { config.putString("preop.internaldb.master.binddn", v); } else if (name.equals("internaldb.basedn")) { config.putString(name, v); - config.putString("preop.internaldb.master.basedn", v); + config.putString("preop.internaldb.master.basedn", v); } else if (name.equals("internaldb.ldapauth.password")) { config.putString("preop.internaldb.master.bindpwd", v); } else if (name.equals("internaldb.replication.password")) { @@ -649,7 +652,7 @@ public class WizardPanelBase implements IWizardPanel { config.putString("preop.master.storage.nickname", v); config.putString("kra.storageUnit.nickName", v); config.putString("preop.cert.storage.nickname", v); - } else if (name.equals("cloning.audit_signing.nickname")) { + } else if (name.equals("cloning.audit_signing.nickname")) { config.putString("preop.master.audit_signing.nickname", v); config.putString("preop.cert.audit_signing.nickname", v); config.putString(name, v); @@ -686,7 +689,7 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: updateConfigEntries: " + e.toString()); throw e; @@ -713,9 +716,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::authenticate() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::authenticate() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -729,7 +732,7 @@ public class WizardPanelBase implements IWizardPanel { } else { String error = parser.getValue("Error"); return false; - } + } } catch (Exception e) { CMS.debug("WizardPanelBase: authenticate: " + e.toString()); throw new IOException(e.toString()); @@ -739,12 +742,12 @@ public class WizardPanelBase implements IWizardPanel { return false; } - public void updateOCSPConfig(String hostname, int port, boolean https, - String content, HttpServletResponse response) - throws IOException { + public void updateOCSPConfig(String hostname, int port, boolean https, + String content, HttpServletResponse response) + throws IOException { CMS.debug("WizardPanelBase updateOCSPConfig start"); - String c = getHttpResponse(hostname, port, https, - "/ca/ee/ca/updateOCSPConfig", content, null); + String c = getHttpResponse(hostname, port, https, + "/ca/ee/ca/updateOCSPConfig", content, null); if (c == null || c.equals("")) { CMS.debug("WizardPanelBase updateOCSPConfig: content is null."); throw new IOException("The server you want to contact is not available"); @@ -756,9 +759,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateOCSPConfig() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateOCSPConfig() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -774,7 +777,7 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase updateOCSPConfig: " + e.toString()); throw e; @@ -785,10 +788,10 @@ public class WizardPanelBase implements IWizardPanel { } } - public void updateNumberRange(String hostname, int port, boolean https, - String content, String type, HttpServletResponse response) - throws IOException { - CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname + + public void updateNumberRange(String hostname, int port, boolean https, + String content, String type, HttpServletResponse response) + throws IOException { + CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname + " port=" + port); IConfigStore cs = CMS.getConfigStore(); String cstype = ""; @@ -798,13 +801,13 @@ public class WizardPanelBase implements IWizardPanel { } cstype = toLowerCaseSubsystemType(cstype); - String c = getHttpResponse(hostname, port, https, - "/"+cstype+"/ee/"+cstype+"/updateNumberRange", content, null); + String c = getHttpResponse(hostname, port, https, + "/" + cstype + "/ee/" + cstype + "/updateNumberRange", content, null); if (c == null || c.equals("")) { CMS.debug("WizardPanelBase updateNumberRange: content is null."); throw new IOException("The server you want to contact is not available"); } else { - CMS.debug("content="+c); + CMS.debug("content=" + c); try { ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; @@ -812,9 +815,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateNumberRange() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateNumberRange() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -843,7 +846,7 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: updateNumberRange: " + e.toString()); CMS.debug(e); @@ -856,9 +859,9 @@ public class WizardPanelBase implements IWizardPanel { } } - public int getPort(String hostname, int port, boolean https, - String portServlet, boolean sport) - throws IOException { + public int getPort(String hostname, int port, boolean https, + String portServlet, boolean sport) + throws IOException { CMS.debug("WizardPanelBase getPort start"); String c = getHttpResponse(hostname, port, https, portServlet, "secure=" + sport, null); @@ -871,9 +874,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getPort() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getPort() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -889,7 +892,7 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: getPort: " + e.toString()); throw e; @@ -903,14 +906,14 @@ public class WizardPanelBase implements IWizardPanel { } public String getHttpResponse(String hostname, int port, boolean secure, - String uri, String content, String clientnickname) throws IOException { + String uri, String content, String clientnickname) throws IOException { return getHttpResponse(hostname, port, secure, uri, content, clientnickname, null); } - public String getHttpResponse(String hostname, int port, boolean secure, - String uri, String content, String clientnickname, - SSLCertificateApprovalCallback certApprovalCallback) - throws IOException { + public String getHttpResponse(String hostname, int port, boolean secure, + String uri, String content, String clientnickname, + SSLCertificateApprovalCallback certApprovalCallback) + throws IOException { HttpClient httpclient = null; String c = null; @@ -960,8 +963,8 @@ public class WizardPanelBase implements IWizardPanel { return c; } - public boolean isSDHostDomainMaster (IConfigStore config) { - String dm="false"; + public boolean isSDHostDomainMaster(IConfigStore config) { + String dm = "false"; try { String hostname = config.getString("securitydomain.host"); int httpsadminport = config.getInteger("securitydomain.httpsadminport"); @@ -971,40 +974,40 @@ public class WizardPanelBase implements IWizardPanel { CMS.debug("Getting DomainMaster from security domain"); - ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); - XMLObject parser = new XMLObject( bis ); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject parser = new XMLObject(bis); Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName( "CA" ); + NodeList nodeList = doc.getElementsByTagName("CA"); int len = nodeList.getLength(); - for( int i = 0; i < len; i++ ) { + for (int i = 0; i < len; i++) { Vector v_hostname = - parser.getValuesFromContainer( nodeList.item(i), - "Host" ); + parser.getValuesFromContainer(nodeList.item(i), + "Host"); Vector v_https_admin_port = - parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); + parser.getValuesFromContainer(nodeList.item(i), + "SecureAdminPort"); Vector v_domain_mgr = - parser.getValuesFromContainer( nodeList.item(i), - "DomainManager" ); + parser.getValuesFromContainer(nodeList.item(i), + "DomainManager"); - if( v_hostname.elementAt( 0 ).equals( hostname ) && - v_https_admin_port.elementAt( 0 ).equals( Integer.toString(httpsadminport) ) ) { - dm = v_domain_mgr.elementAt( 0 ).toString(); + if (v_hostname.elementAt(0).equals(hostname) && + v_https_admin_port.elementAt(0).equals(Integer.toString(httpsadminport))) { + dm = v_domain_mgr.elementAt(0).toString(); break; } } } catch (Exception e) { - CMS.debug( e.toString() ); + CMS.debug(e.toString()); } return dm.equalsIgnoreCase("true"); } - - public Vector getMasterUrlListFromSecurityDomain( IConfigStore config, + + public Vector getMasterUrlListFromSecurityDomain(IConfigStore config, String type, - String portType ) { + String portType) { Vector v = new Vector(); try { @@ -1026,13 +1029,13 @@ public class WizardPanelBase implements IWizardPanel { list = "TKSList"; } - CMS.debug( "Getting " + portType + " from Security Domain ..." ); - if( !portType.equals( "UnSecurePort" ) && - !portType.equals( "SecureAgentPort" ) && - !portType.equals( "SecurePort" ) && - !portType.equals( "SecureAdminPort" ) ) { - CMS.debug( "getPortFromSecurityDomain: " + - "unknown port type " + portType ); + CMS.debug("Getting " + portType + " from Security Domain ..."); + if (!portType.equals("UnSecurePort") && + !portType.equals("SecureAgentPort") && + !portType.equals("SecurePort") && + !portType.equals("SecureAdminPort")) { + CMS.debug("getPortFromSecurityDomain: " + + "unknown port type " + portType); return v; } @@ -1050,8 +1053,8 @@ public class WizardPanelBase implements IWizardPanel { CMS.debug("Len " + len); for (int i = 0; i < len; i++) { Vector v_clone = parser.getValuesFromContainer(nodeList.item(i), - "Clone"); - String clone = (String)v_clone.elementAt(0); + "Clone"); + String clone = (String) v_clone.elementAt(0); if (clone.equalsIgnoreCase("true")) continue; Vector v_name = parser.getValuesFromContainer(nodeList.item(i), @@ -1061,11 +1064,11 @@ public class WizardPanelBase implements IWizardPanel { Vector v_port = parser.getValuesFromContainer(nodeList.item(i), portType); - v.addElement( v_name.elementAt(0) + v.addElement(v_name.elementAt(0) + " - https://" + v_host.elementAt(0) + ":" - + v_port.elementAt(0) ); + + v_port.elementAt(0)); } } catch (Exception e) { CMS.debug(e.toString()); @@ -1074,9 +1077,9 @@ public class WizardPanelBase implements IWizardPanel { return v; } - public Vector getUrlListFromSecurityDomain( IConfigStore config, + public Vector getUrlListFromSecurityDomain(IConfigStore config, String type, - String portType ) { + String portType) { Vector v = new Vector(); try { @@ -1098,13 +1101,13 @@ public class WizardPanelBase implements IWizardPanel { list = "TKSList"; } - CMS.debug( "Getting " + portType + " from Security Domain ..." ); - if( !portType.equals( "UnSecurePort" ) && - !portType.equals( "SecureAgentPort" ) && - !portType.equals( "SecurePort" ) && - !portType.equals( "SecureAdminPort" ) ) { - CMS.debug( "getPortFromSecurityDomain: " + - "unknown port type " + portType ); + CMS.debug("Getting " + portType + " from Security Domain ..."); + if (!portType.equals("UnSecurePort") && + !portType.equals("SecureAgentPort") && + !portType.equals("SecurePort") && + !portType.equals("SecureAdminPort")) { + CMS.debug("getPortFromSecurityDomain: " + + "unknown port type " + portType); return v; } @@ -1132,17 +1135,17 @@ public class WizardPanelBase implements IWizardPanel { if (v_host.elementAt(0).equals(hostname) && v_admin_port.elementAt(0).equals(new Integer(httpsadminport).toString())) { // add security domain CA to the beginning of list - v.add( 0, v_name.elementAt(0) + v.add(0, v_name.elementAt(0) + " - https://" + v_host.elementAt(0) + ":" - + v_port.elementAt(0) ); + + v_port.elementAt(0)); } else { - v.addElement( v_name.elementAt(0) + v.addElement(v_name.elementAt(0) + " - https://" + v_host.elementAt(0) + ":" - + v_port.elementAt(0) ); + + v_port.elementAt(0)); } } } catch (Exception e) { @@ -1154,155 +1157,155 @@ public class WizardPanelBase implements IWizardPanel { // Given an HTTPS Hostname and EE port, // retrieve the associated HTTPS Admin port - public String getSecurityDomainAdminPort( IConfigStore config, + public String getSecurityDomainAdminPort(IConfigStore config, String hostname, String https_ee_port, - String cstype ) { + String cstype) { String https_admin_port = new String(); try { - String sd_hostname = config.getString( "securitydomain.host" ); + String sd_hostname = config.getString("securitydomain.host"); int sd_httpsadminport = - config.getInteger( "securitydomain.httpsadminport" ); + config.getInteger("securitydomain.httpsadminport"); - CMS.debug( "Getting domain.xml from CA ..." ); - String c = getDomainXML( sd_hostname, sd_httpsadminport, true ); + CMS.debug("Getting domain.xml from CA ..."); + String c = getDomainXML(sd_hostname, sd_httpsadminport, true); - CMS.debug( "Getting associated HTTPS Admin port from " + + CMS.debug("Getting associated HTTPS Admin port from " + "HTTPS Hostname '" + hostname + - "' and EE port '" + https_ee_port + "'" ); - ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); - XMLObject parser = new XMLObject( bis ); + "' and EE port '" + https_ee_port + "'"); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject parser = new XMLObject(bis); Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName( cstype.toUpperCase() ); + NodeList nodeList = doc.getElementsByTagName(cstype.toUpperCase()); int len = nodeList.getLength(); - for( int i = 0; i < len; i++ ) { + for (int i = 0; i < len; i++) { Vector v_hostname = - parser.getValuesFromContainer( nodeList.item(i), - "Host" ); + parser.getValuesFromContainer(nodeList.item(i), + "Host"); Vector v_https_ee_port = - parser.getValuesFromContainer( nodeList.item(i), - "SecurePort" ); + parser.getValuesFromContainer(nodeList.item(i), + "SecurePort"); Vector v_https_admin_port = - parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); + parser.getValuesFromContainer(nodeList.item(i), + "SecureAdminPort"); - if( v_hostname.elementAt( 0 ).equals( hostname ) && - v_https_ee_port.elementAt( 0 ).equals( https_ee_port ) ) { + if (v_hostname.elementAt(0).equals(hostname) && + v_https_ee_port.elementAt(0).equals(https_ee_port)) { https_admin_port = - v_https_admin_port.elementAt( 0 ).toString(); + v_https_admin_port.elementAt(0).toString(); break; } } } catch (Exception e) { - CMS.debug( e.toString() ); + CMS.debug(e.toString()); } - return( https_admin_port ); + return (https_admin_port); } - public String getSecurityDomainPort( IConfigStore config, - String portType ) { + public String getSecurityDomainPort(IConfigStore config, + String portType) { String port = new String(); try { - String hostname = config.getString( "securitydomain.host" ); + String hostname = config.getString("securitydomain.host"); int httpsadminport = - config.getInteger( "securitydomain.httpsadminport" ); - - CMS.debug( "Getting domain.xml from CA ..." ); - String c = getDomainXML( hostname, httpsadminport, true ); - - CMS.debug( "Getting " + portType + " from Security Domain ..." ); - if( !portType.equals( "UnSecurePort" ) && - !portType.equals( "SecureAgentPort" ) && - !portType.equals( "SecurePort" ) && - !portType.equals( "SecureAdminPort" ) ) { - CMS.debug( "getPortFromSecurityDomain: " + - "unknown port type " + portType ); + config.getInteger("securitydomain.httpsadminport"); + + CMS.debug("Getting domain.xml from CA ..."); + String c = getDomainXML(hostname, httpsadminport, true); + + CMS.debug("Getting " + portType + " from Security Domain ..."); + if (!portType.equals("UnSecurePort") && + !portType.equals("SecureAgentPort") && + !portType.equals("SecurePort") && + !portType.equals("SecureAdminPort")) { + CMS.debug("getPortFromSecurityDomain: " + + "unknown port type " + portType); return ""; } - ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); - XMLObject parser = new XMLObject( bis ); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject parser = new XMLObject(bis); Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName( "CA" ); + NodeList nodeList = doc.getElementsByTagName("CA"); int len = nodeList.getLength(); - for( int i = 0; i < len; i++ ) { + for (int i = 0; i < len; i++) { Vector v_admin_port = - parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); + parser.getValuesFromContainer(nodeList.item(i), + "SecureAdminPort"); Vector v_port = null; - if( portType.equals( "UnSecurePort" ) ) { - v_port = parser.getValuesFromContainer( nodeList.item(i), - "UnSecurePort" ); - } else if( portType.equals( "SecureAgentPort" ) ) { - v_port = parser.getValuesFromContainer( nodeList.item(i), - "SecureAgentPort" ); - } else if( portType.equals( "SecurePort" ) ) { - v_port = parser.getValuesFromContainer( nodeList.item(i), - "SecurePort" ); - } else if( portType.equals( "SecureAdminPort" ) ) { - v_port = parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); + if (portType.equals("UnSecurePort")) { + v_port = parser.getValuesFromContainer(nodeList.item(i), + "UnSecurePort"); + } else if (portType.equals("SecureAgentPort")) { + v_port = parser.getValuesFromContainer(nodeList.item(i), + "SecureAgentPort"); + } else if (portType.equals("SecurePort")) { + v_port = parser.getValuesFromContainer(nodeList.item(i), + "SecurePort"); + } else if (portType.equals("SecureAdminPort")) { + v_port = parser.getValuesFromContainer(nodeList.item(i), + "SecureAdminPort"); } - if( ( v_port != null ) && - ( v_admin_port.elementAt( 0 ).equals( - Integer.toString( httpsadminport ) ) ) ) { - port = v_port.elementAt( 0 ).toString(); + if ((v_port != null) && + (v_admin_port.elementAt(0).equals( + Integer.toString(httpsadminport)))) { + port = v_port.elementAt(0).toString(); break; } } } catch (Exception e) { - CMS.debug( e.toString() ); + CMS.debug(e.toString()); } - return( port ); + return (port); } - public String pingCS( String hostname, int port, boolean https, - SSLCertificateApprovalCallback certApprovalCallback ) - throws IOException { - CMS.debug( "WizardPanelBase pingCS: started" ); + public String pingCS(String hostname, int port, boolean https, + SSLCertificateApprovalCallback certApprovalCallback) + throws IOException { + CMS.debug("WizardPanelBase pingCS: started"); - String c = getHttpResponse( hostname, port, https, - "/ca/admin/ca/getStatus", - null, null, certApprovalCallback ); + String c = getHttpResponse(hostname, port, https, + "/ca/admin/ca/getStatus", + null, null, certApprovalCallback); - if( c != null ) { + if (c != null) { try { ByteArrayInputStream bis = new - ByteArrayInputStream( c.getBytes() ); + ByteArrayInputStream(c.getBytes()); XMLObject parser = null; String state = null; try { - parser = new XMLObject( bis ); - CMS.debug( "WizardPanelBase pingCS: got XML parsed" ); - state = parser.getValue( "State" ); + parser = new XMLObject(bis); + CMS.debug("WizardPanelBase pingCS: got XML parsed"); + state = parser.getValue("State"); - if( state != null ) { - CMS.debug( "WizardPanelBase pingCS: state=" + state ); + if (state != null) { + CMS.debug("WizardPanelBase pingCS: state=" + state); } } catch (Exception e) { - CMS.debug( "WizardPanelBase: pingCS: parser failed" - + e.toString() ); + CMS.debug("WizardPanelBase: pingCS: parser failed" + + e.toString()); } return state; - } catch( Exception e ) { - CMS.debug( "WizardPanelBase: pingCS: " + e.toString() ); - throw new IOException( e.toString() ); + } catch (Exception e) { + CMS.debug("WizardPanelBase: pingCS: " + e.toString()); + throw new IOException(e.toString()); } } - CMS.debug( "WizardPanelBase pingCS: stopped" ); + CMS.debug("WizardPanelBase pingCS: stopped"); return null; } @@ -1311,7 +1314,7 @@ public class WizardPanelBase implements IWizardPanel { if (s.equals("CA")) { x = "ca"; } else if (s.equals("KRA")) { - x = "kra"; + x = "kra"; } else if (s.equals("OCSP")) { x = "ocsp"; } else if (s.equals("TKS")) { @@ -1321,14 +1324,14 @@ public class WizardPanelBase implements IWizardPanel { return x; } - public void getTokenInfo(IConfigStore config, String type, String host, - int https_ee_port, boolean https, Context context, - ConfigCertApprovalCallback certApprovalCallback) throws IOException { + public void getTokenInfo(IConfigStore config, String type, String host, + int https_ee_port, boolean https, Context context, + ConfigCertApprovalCallback certApprovalCallback) throws IOException { CMS.debug("WizardPanelBase getTokenInfo start"); - String uri = "/"+type+"/ee/"+type+"/getTokenInfo"; - CMS.debug("WizardPanelBase getTokenInfo: uri="+uri); + String uri = "/" + type + "/ee/" + type + "/getTokenInfo"; + CMS.debug("WizardPanelBase getTokenInfo: uri=" + uri); String c = getHttpResponse(host, https_ee_port, https, uri, null, null, - certApprovalCallback); + certApprovalCallback); if (c != null) { try { ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); @@ -1337,9 +1340,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getTokenInfo() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getTokenInfo() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -1350,7 +1353,7 @@ public class WizardPanelBase implements IWizardPanel { Document doc = parser.getDocument(); NodeList list = doc.getElementsByTagName("name"); int len = list.getLength(); - for (int i=0; i<len; i++) { + for (int i = 0; i < len; i++) { Node n = list.item(i); NodeList nn = n.getChildNodes(); String name = nn.item(0).getNodeValue(); @@ -1358,17 +1361,17 @@ public class WizardPanelBase implements IWizardPanel { nn = parent.getChildNodes(); int len1 = nn.getLength(); String v = ""; - for (int j=0; j<len1; j++) { + for (int j = 0; j < len1; j++) { Node nv = nn.item(j); String val = nv.getNodeName(); if (val.equals("value")) { NodeList n2 = nv.getChildNodes(); if (n2.getLength() > 0) v = n2.item(0).getNodeValue(); - break; + break; } } - if (name.equals("cloning.signing.nickname")) { + if (name.equals("cloning.signing.nickname")) { config.putString("preop.master.signing.nickname", v); config.putString(type + ".cert.signing.nickname", v); config.putString(name, v); @@ -1406,19 +1409,20 @@ public class WizardPanelBase implements IWizardPanel { } // reset nicknames for system cert verification - String token = config.getString("preop.module.token", + String token = config.getString("preop.module.token", "Internal Key Storage Token"); - if (! token.equals("Internal Key Storage Token")) { + if (!token.equals("Internal Key Storage Token")) { String certlist = config.getString("preop.cert.list"); StringTokenizer t1 = new StringTokenizer(certlist, ","); while (t1.hasMoreTokens()) { String tag = t1.nextToken(); - if (tag.equals("sslserver")) continue; - config.putString(type + ".cert." + tag + ".nickname", - token + ":" + - config.getString(type + ".cert." + tag + ".nickname", "")); - } + if (tag.equals("sslserver")) + continue; + config.putString(type + ".cert." + tag + ".nickname", + token + ":" + + config.getString(type + ".cert." + tag + ".nickname", "")); + } } } else { String error = parser.getValue("Error"); @@ -1431,7 +1435,7 @@ public class WizardPanelBase implements IWizardPanel { CMS.debug("WizardPanelBase: getTokenInfo: " + e.toString()); throw new IOException(e.toString()); } - } + } } public void importCertChain(String id) throws IOException { @@ -1442,31 +1446,32 @@ public class WizardPanelBase implements IWizardPanel { try { pkcs7 = config.getString(configName, ""); - } catch (Exception e) {} + } catch (Exception e) { + } if (pkcs7.length() > 0) { try { CryptoUtil.importCertificateChain(pkcs7); } catch (Exception e) { - CMS.debug("DisplayCertChainPanel importCertChain: Exception: "+e.toString()); + CMS.debug("DisplayCertChainPanel importCertChain: Exception: " + e.toString()); } } } public void updateCertChain(IConfigStore config, String name, String host, - int https_admin_port, boolean https, Context context) throws IOException { - updateCertChain( config, name, host, https_admin_port, - https, context, null ); + int https_admin_port, boolean https, Context context) throws IOException { + updateCertChain(config, name, host, https_admin_port, + https, context, null); } public void updateCertChain(IConfigStore config, String name, String host, - int https_admin_port, boolean https, Context context, - ConfigCertApprovalCallback certApprovalCallback) throws IOException { - String certchain = getCertChainUsingSecureAdminPort( host, + int https_admin_port, boolean https, Context context, + ConfigCertApprovalCallback certApprovalCallback) throws IOException { + String certchain = getCertChainUsingSecureAdminPort(host, https_admin_port, https, - certApprovalCallback ); - config.putString("preop."+name+".pkcs7", certchain); + certApprovalCallback); + config.putString("preop." + name + ".pkcs7", certchain); byte[] decoded = CryptoUtil.base64Decode(certchain); java.security.cert.X509Certificate[] b_certchain = null; @@ -1475,7 +1480,7 @@ public class WizardPanelBase implements IWizardPanel { b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded); } catch (Exception e) { context.put("errorString", - "Failed to get the certificate chain."); + "Failed to get the certificate chain."); return; } @@ -1483,7 +1488,7 @@ public class WizardPanelBase implements IWizardPanel { if (b_certchain != null) { size = b_certchain.length; } - config.putInteger("preop."+name+".certchain.size", size); + config.putInteger("preop." + name + ".certchain.size", size); for (int i = 0; i < size; i++) { byte[] bb = null; @@ -1491,11 +1496,11 @@ public class WizardPanelBase implements IWizardPanel { bb = b_certchain[i].getEncoded(); } catch (Exception e) { context.put("errorString", - "Failed to get the der-encoded certificate chain."); + "Failed to get the der-encoded certificate chain."); return; } - config.putString("preop."+name+".certchain." + i, - CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); + config.putString("preop." + name + ".certchain." + i, + CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); } try { @@ -1504,16 +1509,16 @@ public class WizardPanelBase implements IWizardPanel { } } - public void updateCertChainUsingSecureEEPort( IConfigStore config, + public void updateCertChainUsingSecureEEPort(IConfigStore config, String name, String host, int https_ee_port, boolean https, - Context context, - ConfigCertApprovalCallback certApprovalCallback ) throws IOException { - String certchain = getCertChainUsingSecureEEPort( host, https_ee_port, + Context context, + ConfigCertApprovalCallback certApprovalCallback) throws IOException { + String certchain = getCertChainUsingSecureEEPort(host, https_ee_port, https, certApprovalCallback); - config.putString("preop."+name+".pkcs7", certchain); + config.putString("preop." + name + ".pkcs7", certchain); byte[] decoded = CryptoUtil.base64Decode(certchain); java.security.cert.X509Certificate[] b_certchain = null; @@ -1522,7 +1527,7 @@ public class WizardPanelBase implements IWizardPanel { b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded); } catch (Exception e) { context.put("errorString", - "Failed to get the certificate chain."); + "Failed to get the certificate chain."); return; } @@ -1530,7 +1535,7 @@ public class WizardPanelBase implements IWizardPanel { if (b_certchain != null) { size = b_certchain.length; } - config.putInteger("preop."+name+".certchain.size", size); + config.putInteger("preop." + name + ".certchain.size", size); for (int i = 0; i < size; i++) { byte[] bb = null; @@ -1538,11 +1543,11 @@ public class WizardPanelBase implements IWizardPanel { bb = b_certchain[i].getEncoded(); } catch (Exception e) { context.put("errorString", - "Failed to get the der-encoded certificate chain."); + "Failed to get the der-encoded certificate chain."); return; } - config.putString("preop."+name+".certchain." + i, - CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); + config.putString("preop." + name + ".certchain." + i, + CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); } try { @@ -1558,26 +1563,26 @@ public class WizardPanelBase implements IWizardPanel { CryptoStore store = tok.getCryptoStore(); String fullnickname = nickname; if (!tokenname.equals("") && - !tokenname.equals("Internal Key Storage Token") && - !tokenname.equals("internal")) - fullnickname = tokenname+":"+nickname; + !tokenname.equals("Internal Key Storage Token") && + !tokenname.equals("internal")) + fullnickname = tokenname + ":" + nickname; - CMS.debug("WizardPanelBase deleteCert: nickname="+fullnickname); + CMS.debug("WizardPanelBase deleteCert: nickname=" + fullnickname); org.mozilla.jss.crypto.X509Certificate cert = cm.findCertByNickname(fullnickname); if (store instanceof PK11Store) { CMS.debug("WizardPanelBase deleteCert: this is pk11store"); - PK11Store pk11store = (PK11Store)store; + PK11Store pk11store = (PK11Store) store; pk11store.deleteCertOnly(cert); CMS.debug("WizardPanelBase deleteCert: cert deleted successfully"); } } catch (Exception e) { - CMS.debug("WizardPanelBase deleteCert: Exception="+e.toString()); + CMS.debug("WizardPanelBase deleteCert: Exception=" + e.toString()); } } public void deleteEntries(LDAPSearchResults res, LDAPConnection conn, - String dn, String[] entries) { + String dn, String[] entries) { String[] attrs = null; LDAPSearchConstraints cons = null; String filter = "objectclass=*"; @@ -1595,23 +1600,23 @@ public class WizardPanelBase implements IWizardPanel { } } } catch (Exception ee) { - CMS.debug("WizardPanelBase deleteEntries: Exception="+ee.toString()); + CMS.debug("WizardPanelBase deleteEntries: Exception=" + ee.toString()); } } public void deleteEntry(LDAPConnection conn, String dn, String[] entries) { try { - for (int i=0; i<entries.length; i++) { + for (int i = 0; i < entries.length; i++) { if (LDAPDN.equals(dn, entries[i])) { - CMS.debug("WizardPanelBase deleteEntry: entry with this dn "+dn+" is not deleted."); + CMS.debug("WizardPanelBase deleteEntry: entry with this dn " + dn + " is not deleted."); return; } } - CMS.debug("WizardPanelBase deleteEntry: deleting dn="+dn); + CMS.debug("WizardPanelBase deleteEntry: deleting dn=" + dn); conn.delete(dn); } catch (Exception e) { - CMS.debug("WizardPanelBase deleteEntry: Exception="+e.toString()); + CMS.debug("WizardPanelBase deleteEntry: Exception=" + e.toString()); } } @@ -1624,12 +1629,12 @@ public class WizardPanelBase implements IWizardPanel { int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1); int panel = getPanelNo(); String subsystem = cs.getString("cs.type", ""); - String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem; + String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + toLowerCaseSubsystemType(subsystem) + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem; String encodedValue = URLEncoder.encode(urlVal, "UTF-8"); - String sdurl = "https://"+hostname+":"+port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue; + String sdurl = "https://" + hostname + ":" + port + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue; response.sendRedirect(sdurl); } catch (Exception e) { - CMS.debug("WizardPanelBase reloginSecurityDomain: Exception="+e.toString()); + CMS.debug("WizardPanelBase reloginSecurityDomain: Exception=" + e.toString()); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java index bbfa4b39..ca184988 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java @@ -28,30 +28,28 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class AdminRequestFilter implements Filter -{ +public class AdminRequestFilter implements Filter { private static final String HTTPS_SCHEME = "https"; private static final String HTTPS_PORT = "https_port"; private static final String HTTPS_ROLE = "Admin"; private static final String PROXY_PORT = "proxy_port"; private FilterConfig config; - + /* Create a new AdminRequestFilter */ - public AdminRequestFilter() {} - - public void init( FilterConfig filterConfig ) - throws ServletException - { + public AdminRequestFilter() { + } + + public void init(FilterConfig filterConfig) + throws ServletException { this.config = filterConfig; } - - public void doFilter( ServletRequest request, + + public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain ) + FilterChain chain) throws java.io.IOException, - ServletException - { + ServletException { String filterName = getClass().getName(); String scheme = null; @@ -64,32 +62,32 @@ public class AdminRequestFilter implements Filter String param_active = null; // CMS.debug("Entering the admin filter"); - param_active = config.getInitParameter( "active"); + param_active = config.getInitParameter("active"); - if( request instanceof HttpServletRequest ) { - HttpServletResponse resp = ( HttpServletResponse ) response; + if (request instanceof HttpServletRequest) { + HttpServletResponse resp = (HttpServletResponse) response; - // RFC 1738: verify that scheme is "https" + // RFC 1738: verify that scheme is "https" scheme = request.getScheme(); - if( ! scheme.equals( HTTPS_SCHEME ) ) { + if (!scheme.equals(HTTPS_SCHEME)) { msg = "The scheme MUST be '" + HTTPS_SCHEME - + "', NOT '" + scheme + "'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); + + "', NOT '" + scheme + "'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); return; } // Always obtain an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString( port ); + request_port = Integer.toString(port); // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter( HTTPS_PORT ); - if( param_https_port == null ) { + param_https_port = config.getInitParameter(HTTPS_PORT); + if (param_https_port == null) { msg = "The <param-name> '" + HTTPS_PORT - + "' </param-name> " + "MUST be specified in 'web.xml'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); return; } @@ -97,29 +95,29 @@ public class AdminRequestFilter implements Filter boolean bad_port = false; // Compare the request and param "https" ports - if( ! param_https_port.equals( request_port ) ) { + if (!param_https_port.equals(request_port)) { String uri = ((HttpServletRequest) request).getRequestURI(); - if (param_proxy_port != null) { + if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + uri); - if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug(filterName + ": " + msg); + CMS.debug(filterName + ": uri is " + uri); + if ((param_active != null) && (param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); return; } } @@ -128,11 +126,9 @@ public class AdminRequestFilter implements Filter // CMS.debug("Exiting the admin filter"); - chain.doFilter( request, response ); + chain.doFilter(request, response); } - - public void destroy() - { + + public void destroy() { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java index 1ae44a64..163e3a18 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java @@ -28,30 +28,28 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class AgentRequestFilter implements Filter -{ +public class AgentRequestFilter implements Filter { private static final String HTTPS_SCHEME = "https"; private static final String HTTPS_PORT = "https_port"; private static final String HTTPS_ROLE = "Agent"; private static final String PROXY_PORT = "proxy_port"; private FilterConfig config; - + /* Create a new AgentRequestFilter */ - public AgentRequestFilter() {} - - public void init( FilterConfig filterConfig ) - throws ServletException - { + public AgentRequestFilter() { + } + + public void init(FilterConfig filterConfig) + throws ServletException { this.config = filterConfig; } - - public void doFilter( ServletRequest request, + + public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain ) + FilterChain chain) throws java.io.IOException, - ServletException - { + ServletException { String filterName = getClass().getName(); String scheme = null; @@ -65,32 +63,32 @@ public class AgentRequestFilter implements Filter String param_active = null; // CMS.debug("Entering the agent filter"); - param_active = config.getInitParameter( "active"); + param_active = config.getInitParameter("active"); - if( request instanceof HttpServletRequest ) { - HttpServletResponse resp = ( HttpServletResponse ) response; + if (request instanceof HttpServletRequest) { + HttpServletResponse resp = (HttpServletResponse) response; - // RFC 1738: verify that scheme is "https" + // RFC 1738: verify that scheme is "https" scheme = request.getScheme(); - if( ! scheme.equals( HTTPS_SCHEME ) ) { + if (!scheme.equals(HTTPS_SCHEME)) { msg = "The scheme MUST be '" + HTTPS_SCHEME - + "', NOT '" + scheme + "'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); + + "', NOT '" + scheme + "'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); return; } // Always obtain an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString( port ); + request_port = Integer.toString(port); // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter( HTTPS_PORT ); - if( param_https_port == null ) { + param_https_port = config.getInitParameter(HTTPS_PORT); + if (param_https_port == null) { msg = "The <param-name> '" + HTTPS_PORT - + "' </param-name> " + "MUST be specified in 'web.xml'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); return; } @@ -98,29 +96,29 @@ public class AgentRequestFilter implements Filter boolean bad_port = false; // Compare the request and param "https" ports - if( ! param_https_port.equals( request_port ) ) { + if (!param_https_port.equals(request_port)) { String uri = ((HttpServletRequest) request).getRequestURI(); if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + uri); - if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug(filterName + ": " + msg); + CMS.debug(filterName + ": uri is " + uri); + if ((param_active != null) && (param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); return; } } @@ -128,11 +126,9 @@ public class AgentRequestFilter implements Filter } // CMS.debug("Exiting the Agent filter"); - chain.doFilter( request, response ); + chain.doFilter(request, response); } - - public void destroy() - { + + public void destroy() { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java index 8b53c6c6..e734458e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java @@ -28,30 +28,28 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class EEClientAuthRequestFilter implements Filter -{ +public class EEClientAuthRequestFilter implements Filter { private static final String HTTPS_SCHEME = "https"; private static final String HTTPS_PORT = "https_port"; private static final String HTTPS_ROLE = "EE Client Auth"; private static final String PROXY_PORT = "proxy_port"; private FilterConfig config; - + /* Create a new EEClientAuthRequestFilter */ - public EEClientAuthRequestFilter() {} - - public void init( FilterConfig filterConfig ) - throws ServletException - { + public EEClientAuthRequestFilter() { + } + + public void init(FilterConfig filterConfig) + throws ServletException { this.config = filterConfig; } - - public void doFilter( ServletRequest request, + + public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain ) + FilterChain chain) throws java.io.IOException, - ServletException - { + ServletException { String filterName = getClass().getName(); String scheme = null; @@ -64,32 +62,32 @@ public class EEClientAuthRequestFilter implements Filter String param_proxy_port = null; // CMS.debug("Entering the EECA filter"); - param_active = config.getInitParameter( "active"); + param_active = config.getInitParameter("active"); - if( request instanceof HttpServletRequest ) { - HttpServletResponse resp = ( HttpServletResponse ) response; + if (request instanceof HttpServletRequest) { + HttpServletResponse resp = (HttpServletResponse) response; - // RFC 1738: verify that scheme is "https" + // RFC 1738: verify that scheme is "https" scheme = request.getScheme(); - if( ! scheme.equals( HTTPS_SCHEME ) ) { + if (!scheme.equals(HTTPS_SCHEME)) { msg = "The scheme MUST be '" + HTTPS_SCHEME - + "', NOT '" + scheme + "'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); + + "', NOT '" + scheme + "'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); return; } // Always obtain an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString( port ); + request_port = Integer.toString(port); // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter( HTTPS_PORT ); - if( param_https_port == null ) { + param_https_port = config.getInitParameter(HTTPS_PORT); + if (param_https_port == null) { msg = "The <param-name> '" + HTTPS_PORT - + "' </param-name> " + "MUST be specified in 'web.xml'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); return; } @@ -97,41 +95,39 @@ public class EEClientAuthRequestFilter implements Filter boolean bad_port = false; // Compare the request and param "https" ports - if( ! param_https_port.equals( request_port ) ) { + if (!param_https_port.equals(request_port)) { String uri = ((HttpServletRequest) request).getRequestURI(); if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + uri); - if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug(filterName + ": " + msg); + CMS.debug(filterName + ": uri is " + uri); + if ((param_active != null) && (param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); return; } } } } - // CMS.debug("exiting the EECA filter"); + // CMS.debug("exiting the EECA filter"); - chain.doFilter( request, response ); + chain.doFilter(request, response); } - - public void destroy() - { + + public void destroy() { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java index f66cf087..4004702b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java @@ -28,8 +28,7 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class EERequestFilter implements Filter -{ +public class EERequestFilter implements Filter { private static final String HTTP_SCHEME = "http"; private static final String HTTP_PORT = "http_port"; private static final String HTTP_ROLE = "EE"; @@ -40,22 +39,21 @@ public class EERequestFilter implements Filter private static final String PROXY_HTTP_PORT = "proxy_http_port"; private FilterConfig config; - + /* Create a new EERequestFilter */ - public EERequestFilter() {} - - public void init( FilterConfig filterConfig ) - throws ServletException - { + public EERequestFilter() { + } + + public void init(FilterConfig filterConfig) + throws ServletException { this.config = filterConfig; } - - public void doFilter( ServletRequest request, + + public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain ) + FilterChain chain) throws java.io.IOException, - ServletException - { + ServletException { String filterName = getClass().getName(); String scheme = null; @@ -70,45 +68,45 @@ public class EERequestFilter implements Filter String param_active = null; // CMS.debug("Entering the EE filter"); - param_active = config.getInitParameter( "active"); + param_active = config.getInitParameter("active"); - if( request instanceof HttpServletRequest ) { - HttpServletResponse resp = ( HttpServletResponse ) response; + if (request instanceof HttpServletRequest) { + HttpServletResponse resp = (HttpServletResponse) response; - // RFC 1738: verify that scheme is either "http" or "https" + // RFC 1738: verify that scheme is either "http" or "https" scheme = request.getScheme(); - if( ( ! scheme.equals( HTTP_SCHEME ) ) && - ( ! scheme.equals( HTTPS_SCHEME ) ) ) { + if ((!scheme.equals(HTTP_SCHEME)) && + (!scheme.equals(HTTPS_SCHEME))) { msg = "The scheme MUST be either '" + HTTP_SCHEME - + "' or '" + HTTPS_SCHEME - + "', NOT '" + scheme + "'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); - return; + + "' or '" + HTTPS_SCHEME + + "', NOT '" + scheme + "'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); + return; } // Always obtain either an "http" or an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString( port ); + request_port = Integer.toString(port); // Always obtain the "http" port passed in as a parameter - param_http_port = config.getInitParameter( HTTP_PORT ); - if( param_http_port == null ) { + param_http_port = config.getInitParameter(HTTP_PORT); + if (param_http_port == null) { msg = "The <param-name> '" + HTTP_PORT - + "' </param-name> " + "MUST be specified in 'web.xml'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); - return; + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); + return; } // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter( HTTPS_PORT ); - if( param_https_port == null ) { + param_https_port = config.getInitParameter(HTTPS_PORT); + if (param_https_port == null) { msg = "The <param-name> '" + HTTPS_PORT - + "' </param-name> " + "MUST be specified in 'web.xml'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); - return; + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); + return; } param_proxy_http_port = config.getInitParameter(PROXY_HTTP_PORT); @@ -119,58 +117,58 @@ public class EERequestFilter implements Filter // the request and param "http" ports; // otherwise, if the scheme is "https", compare // the request and param "https" ports - if( scheme.equals( HTTP_SCHEME ) ) { - if( ! param_http_port.equals( request_port ) ) { + if (scheme.equals(HTTP_SCHEME)) { + if (!param_http_port.equals(request_port)) { String uri = ((HttpServletRequest) request).getRequestURI(); - if (param_proxy_http_port != null) { + if (param_proxy_http_port != null) { if (!param_proxy_http_port.equals(request_port)) { msg = "Use HTTP port '" + param_http_port - + "' or proxy port '" + param_proxy_http_port - + "' instead of '" + request_port - + "' when performing " + HTTP_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_http_port + + "' instead of '" + request_port + + "' when performing " + HTTP_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTP port '" + param_http_port - + "' instead of '" + request_port - + "' when performing " + HTTP_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTP_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + uri); - if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug(filterName + ": " + msg); + CMS.debug(filterName + ": uri is " + uri); + if ((param_active != null) && (param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); return; } } } - } else if( scheme.equals( HTTPS_SCHEME ) ) { - if( ! param_https_port.equals( request_port ) ) { + } else if (scheme.equals(HTTPS_SCHEME)) { + if (!param_https_port.equals(request_port)) { String uri = ((HttpServletRequest) request).getRequestURI(); - if (param_proxy_port != null) { + if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + uri); - if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug(filterName + ": " + msg); + CMS.debug(filterName + ": uri is " + uri); + if ((param_active != null) && (param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); return; } } @@ -180,11 +178,9 @@ public class EERequestFilter implements Filter } // CMS.debug("Exiting the EE filter"); - chain.doFilter( request, response ); + chain.doFilter(request, response); } - - public void destroy() - { + + public void destroy() { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java index 166036a9..a5c17e28 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -43,13 +42,11 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * A class representing a recoverKey servlet. This servlet - * shows key information and presents a list of text boxes - * so that recovery agents can type in their identifiers - * and passwords. - * + * A class representing a recoverKey servlet. This servlet shows key information + * and presents a list of text boxes so that recovery agents can type in their + * identifiers and passwords. + * * @version $Revision$, $Date$ */ public class ConfirmRecoverBySerial extends CMSServlet { @@ -59,8 +56,8 @@ public class ConfirmRecoverBySerial extends CMSServlet { */ private static final long serialVersionUID = 2221819191344494389L; private final static String INFO = "recoverBySerial"; - private final static String TPL_FILE = - "confirmRecoverBySerial.template"; + private final static String TPL_FILE = + "confirmRecoverBySerial.template"; private final static String IN_SERIALNO = "serialNumber"; private final static String OUT_SERIALNO = IN_SERIALNO; @@ -95,22 +92,20 @@ public class ConfirmRecoverBySerial extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** - * Serves HTTP request. The format of this request is - * as follows: - * confirmRecoverBySerial? - * [serialNumber=<serialno>] + * Serves HTTP request. The format of this request is as follows: + * confirmRecoverBySerial? [serialNumber=<serialno>] */ public void process(CMSRequest cmsReq) throws EBaseException { // Note that we should try to handle all the exceptions - // instead of passing it up back to the servlet + // instead of passing it up back to the servlet // framework. - + HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); @@ -123,9 +118,9 @@ public class ConfirmRecoverBySerial extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -147,8 +142,8 @@ public class ConfirmRecoverBySerial extends CMSServlet { process(argSet, header, seqNum, req, resp, locale[0]); } catch (NumberFormatException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + header.addStringValue(OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { @@ -157,10 +152,10 @@ public class ConfirmRecoverBySerial extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -169,17 +164,17 @@ public class ConfirmRecoverBySerial extends CMSServlet { * Requests for a list of agent passwords. */ private void process(CMSTemplateParams argSet, - IArgBlock header, int seq, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + IArgBlock header, int seq, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { try { header.addIntegerValue(OUT_SERIALNO, seq); header.addIntegerValue(OUT_M, - mRecoveryService.getNoOfRequiredAgents()); + mRecoveryService.getNoOfRequiredAgents()); header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); + req.getParameter(OUT_OP)); header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); + req.getRequestURI()); IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger( Integer.toString(seq))); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java index 510f1ac3..41d7b02c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -44,11 +43,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Display a specific Key Archival Request * <P> - * + * * @version $Revision$, $Date$ */ public class DisplayBySerial extends CMSServlet { @@ -78,7 +76,7 @@ public class DisplayBySerial extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "displayBySerial.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -94,8 +92,8 @@ public class DisplayBySerial extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -103,7 +101,7 @@ public class DisplayBySerial extends CMSServlet { * <ul> * <li>http.param serialNumber serial number of the key archival request * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -119,10 +117,10 @@ public class DisplayBySerial extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -137,13 +135,13 @@ public class DisplayBySerial extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } // Note that we should try to handle all the exceptions - // instead of passing it up back to the servlet + // instead of passing it up back to the servlet // framework. IArgBlock header = CMS.createArgBlock(); @@ -159,7 +157,7 @@ public class DisplayBySerial extends CMSServlet { process(argSet, header, seqNum, req, resp, locale[0]); } catch (NumberFormatException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { @@ -169,9 +167,9 @@ public class DisplayBySerial extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } @@ -179,15 +177,15 @@ public class DisplayBySerial extends CMSServlet { * Display information about a particular key. */ private void process(CMSTemplateParams argSet, - IArgBlock header, int seq, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + IArgBlock header, int seq, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { try { header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); + req.getParameter(OUT_OP)); header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); - IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new + req.getRequestURI()); + IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger(Integer.toString(seq))); KeyRecordParser.fillRecordIntoArg(rec, header); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java index 2ef78c64..82d75884 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -45,11 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Display a Specific Key Archival Request, and initiate - * key recovery process - * + * Display a Specific Key Archival Request, and initiate key recovery process + * * @version $Revision$, $Date$ */ public class DisplayBySerialForRecovery extends CMSServlet { @@ -80,7 +77,7 @@ public class DisplayBySerialForRecovery extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "displayBySerialForRecovery.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -95,17 +92,17 @@ public class DisplayBySerialForRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. * <ul> - * <li>http.param serialNumber request ID of key archival request - * <li>http.param publicKeyData + * <li>http.param serialNumber request ID of key archival request + * <li>http.param publicKeyData * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -121,10 +118,10 @@ public class DisplayBySerialForRecovery extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -139,13 +136,13 @@ public class DisplayBySerialForRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } // Note that we should try to handle all the exceptions - // instead of passing it up back to the servlet + // instead of passing it up back to the servlet // framework. IArgBlock header = CMS.createArgBlock(); @@ -159,12 +156,12 @@ public class DisplayBySerialForRecovery extends CMSServlet { seqNum = Integer.parseInt( req.getParameter(IN_SERIALNO)); } - process(argSet, header, - req.getParameter("publicKeyData"), - seqNum, req, resp, locale[0]); + process(argSet, header, + req.getParameter("publicKeyData"), + seqNum, req, resp, locale[0]); } catch (NumberFormatException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (Exception e) { e.printStackTrace(); System.out.println(e.toString()); @@ -176,9 +173,9 @@ public class DisplayBySerialForRecovery extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -187,23 +184,23 @@ public class DisplayBySerialForRecovery extends CMSServlet { * Display information about a particular key. */ private synchronized void process(CMSTemplateParams argSet, - IArgBlock header, String publicKeyData, int seq, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + IArgBlock header, String publicKeyData, int seq, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { try { header.addIntegerValue("noOfRequiredAgents", - mService.getNoOfRequiredAgents()); + mService.getNoOfRequiredAgents()); header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); + req.getParameter(OUT_OP)); header.addStringValue("keySplitting", - CMS.getConfigStore().getString("kra.keySplitting")); + CMS.getConfigStore().getString("kra.keySplitting")); header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); + req.getRequestURI()); if (publicKeyData != null) { header.addStringValue("publicKeyData", - publicKeyData); + publicKeyData); } - IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new + IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger(Integer.toString(seq))); KeyRecordParser.fillRecordIntoArg(rec, header); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java index d4baf181..2fd882b7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -34,11 +33,9 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Retrieve Transport Certificate used to - * wrap Private key Archival requests - * + * Retrieve Transport Certificate used to wrap Private key Archival requests + * * @version $Revision$, $Date$ */ public class DisplayTransport extends CMSServlet { @@ -67,13 +64,13 @@ public class DisplayTransport extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -98,21 +95,21 @@ public class DisplayTransport extends CMSServlet { } try { - IKeyRecoveryAuthority kra = - (IKeyRecoveryAuthority) mAuthority; + IKeyRecoveryAuthority kra = + (IKeyRecoveryAuthority) mAuthority; ITransportKeyUnit tu = kra.getTransportKeyUnit(); org.mozilla.jss.crypto.X509Certificate transportCert = - tu.getCertificate(); + tu.getCertificate(); resp.setStatus(HttpServletResponse.SC_OK); resp.setContentType("text/html"); - String content = ""; + String content = ""; content += "<HTML><PRE>"; - String mime64 = - "-----BEGIN CERTIFICATE-----\n" + - CMS.BtoA(transportCert.getEncoded()) + - "-----END CERTIFICATE-----\n"; + String mime64 = + "-----BEGIN CERTIFICATE-----\n" + + CMS.BtoA(transportCert.getEncoded()) + + "-----END CERTIFICATE-----\n"; content += mime64; content += "</PRE></HTML>"; @@ -120,9 +117,9 @@ public class DisplayTransport extends CMSServlet { resp.getOutputStream().write(content.getBytes()); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java index 9fbad7a6..9d569a0d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.math.BigInteger; import java.util.Hashtable; @@ -46,10 +45,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * View the Key Recovery Request - * + * View the Key Recovery Request + * * @version $Revision$, $Date$ */ public class ExamineRecovery extends CMSServlet { @@ -100,8 +98,8 @@ public class ExamineRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -109,7 +107,7 @@ public class ExamineRecovery extends CMSServlet { * <ul> * <li>http.param recoveryID recovery request ID * </ul> - * + * * @param cmsReq the object holding the request and response information */ @@ -127,10 +125,10 @@ public class ExamineRecovery extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -145,9 +143,9 @@ public class ExamineRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -158,9 +156,9 @@ public class ExamineRecovery extends CMSServlet { EBaseException error = null; try { - process(argSet, header, - req.getParameter("recoveryID"), - req, resp, locale[0]); + process(argSet, header, + req.getParameter("recoveryID"), + req, resp, locale[0]); } catch (EBaseException e) { error = e; } catch (Exception e) { @@ -168,28 +166,23 @@ public class ExamineRecovery extends CMSServlet { } /* - catch (NumberFormatException e) { - error = eBaseException( - - header.addStringValue(OUT_ERROR, - MessageFormatter.getLocalizedString( - locale[0], - BaseResources.class.getName(), - BaseResources.INTERNAL_ERROR_1, - e.toString())); - } + * catch (NumberFormatException e) { error = eBaseException( + * + * header.addStringValue(OUT_ERROR, MessageFormatter.getLocalizedString( + * locale[0], BaseResources.class.getName(), + * BaseResources.INTERNAL_ERROR_1, e.toString())); } */ try { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - ServletOutputStream out = resp.getOutputStream(); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + ServletOutputStream out = resp.getOutputStream(); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); @@ -197,57 +190,55 @@ public class ExamineRecovery extends CMSServlet { } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } /** - * Recovers a key. The p12 will be protected by the password - * provided by the administrator. + * Recovers a key. The p12 will be protected by the password provided by the + * administrator. */ private void process(CMSTemplateParams argSet, - IArgBlock header, String recoveryID, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) - throws EBaseException { + IArgBlock header, String recoveryID, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) + throws EBaseException { try { header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); + req.getParameter(OUT_OP)); header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); + req.getRequestURI()); header.addStringValue("keySplitting", - CMS.getConfigStore().getString("kra.keySplitting")); + CMS.getConfigStore().getString("kra.keySplitting")); Hashtable params = mService.getRecoveryParams( recoveryID); if (params == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); + CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); } - String keyID = (String)params.get("keyID"); - header.addStringValue("serialNumber", keyID); + String keyID = (String) params.get("keyID"); + header.addStringValue("serialNumber", keyID); header.addStringValue("recoveryID", recoveryID); - IKeyRepository mKeyDB = - ((IKeyRecoveryAuthority) mAuthority).getKeyRepository(); + IKeyRepository mKeyDB = + ((IKeyRecoveryAuthority) mAuthority).getKeyRepository(); IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger(keyID)); KeyRecordParser.fillRecordIntoArg(rec, header); - } catch (EBaseException e) { log(ILogger.LL_FAILURE, "Error e " + e); throw e; - } + } /* - catch (Exception e) { - header.addStringValue(OUT_ERROR, e.toString()); - } + * catch (Exception e) { header.addStringValue(OUT_ERROR, e.toString()); + * } */ } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java index 4bd4d45b..09a084b5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Check to see if a Key Recovery Request has been approved - * + * * @version $Revision$, $Date$ */ public class GetApprovalStatus extends CMSServlet { @@ -79,9 +77,9 @@ public class GetApprovalStatus extends CMSServlet { /** * initialize the servlet. This servlet uses the template files - * "getApprovalStatus.template" and "finishRecovery.template" - * to process the response. - * + * "getApprovalStatus.template" and "finishRecovery.template" to process the + * response. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -95,8 +93,8 @@ public class GetApprovalStatus extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -104,7 +102,7 @@ public class GetApprovalStatus extends CMSServlet { * <ul> * <li>http.param recoveryID request ID to check * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -148,12 +146,12 @@ public class GetApprovalStatus extends CMSServlet { if (params == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); + CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); + CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); } header.addStringValue("serialNumber", - (String) params.get("keyID")); + (String) params.get("keyID")); int requiredNumber = mService.getNoOfRequiredAgents(); @@ -174,27 +172,21 @@ public class GetApprovalStatus extends CMSServlet { if (pkcs12 != null) { rComplete = 1; - header.addStringValue(OUT_STATUS, "complete"); + header.addStringValue(OUT_STATUS, "complete"); /* - mService.destroyRecoveryParams(recoveryID); - try { - resp.setContentType("application/x-pkcs12"); - resp.getOutputStream().write(pkcs12); - return; - } catch (IOException e) { - header.addStringValue(OUT_ERROR, - MessageFormatter.getLocalizedString( - locale[0], - BaseResources.class.getName(), - BaseResources.INTERNAL_ERROR_1, - e.toString())); - } + * mService.destroyRecoveryParams(recoveryID); try { + * resp.setContentType("application/x-pkcs12"); + * resp.getOutputStream().write(pkcs12); return; } catch + * (IOException e) { header.addStringValue(OUT_ERROR, + * MessageFormatter.getLocalizedString( locale[0], + * BaseResources.class.getName(), + * BaseResources.INTERNAL_ERROR_1, e.toString())); } */ } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) { - // error in recovery process - header.addStringValue(OUT_ERROR, - ((IKeyRecoveryAuthority) mService).getError(recoveryID)); + // error in recovery process + header.addStringValue(OUT_ERROR, + ((IKeyRecoveryAuthority) mService).getError(recoveryID)); rComplete = 1; } else { // pk12 hasn't been created yet. @@ -210,16 +202,16 @@ public class GetApprovalStatus extends CMSServlet { mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FINISH; } else { mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FILE; - } + } if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } ServletOutputStream out = resp.getOutputStream(); @@ -228,9 +220,9 @@ public class GetApprovalStatus extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java index cea08af3..0a74cb26 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.util.Locale; @@ -42,11 +41,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Get the recovered key in PKCS#12 format - * - for asynchronous key recovery only - * + * Get the recovered key in PKCS#12 format - for asynchronous key recovery only + * */ public class GetAsyncPk12 extends CMSServlet { @@ -67,13 +64,11 @@ public class GetAsyncPk12 extends CMSServlet { private com.netscape.certsrv.kra.IKeyService mService = null; private final static String OUT_STATUS = "status"; - private final static String - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; + private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; - private final static String - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; + private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; private String mFormPath = null; @@ -87,7 +82,7 @@ public class GetAsyncPk12 extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "finishAsyncRecovery.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -103,8 +98,8 @@ public class GetAsyncPk12 extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -112,7 +107,7 @@ public class GetAsyncPk12 extends CMSServlet { * <ul> * <li>http.param reqID request id for recovery * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -132,10 +127,10 @@ public class GetAsyncPk12 extends CMSServlet { mAuthzResourceName, "download"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -150,9 +145,9 @@ public class GetAsyncPk12 extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -173,9 +168,9 @@ public class GetAsyncPk12 extends CMSServlet { agent = (String) sContext.get(SessionContext.USER_ID); } - if (agent == null ) { - CMS.debug( "GetAsyncPk12::process() - agent is null!" ); - throw new EBaseException( "agent is null" ); + if (agent == null) { + CMS.debug("GetAsyncPk12::process() - agent is null!"); + throw new EBaseException("agent is null"); } String initAgent = "undefined"; @@ -183,18 +178,18 @@ public class GetAsyncPk12 extends CMSServlet { if ((initAgent.equals("undefined")) || !agent.equals(initAgent)) { log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_INVALID_AGENT_ASYNC_3", - reqID, initAgent)); + CMS.getLogMessage("CMSGW_INVALID_AGENT_ASYNC_3", + reqID, initAgent)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_AGENT_ASYNC", - reqID, initAgent)); + CMS.getUserMessage("CMS_GW_INVALID_AGENT_ASYNC", + reqID, initAgent)); } // The async recovery request must be in "approved" state - // i.e. all required # of recovery agents approved + // i.e. all required # of recovery agents approved if (mService.isApprovedAsyncKeyRecovery(reqID) != true) { CMS.debug("GetAsyncPk12::process() - # required recovery agents not met"); - throw new EBaseException( "# required recovery agents not met" ); + throw new EBaseException("# required recovery agents not met"); } String password = req.getParameter(IN_PASSWORD); @@ -202,11 +197,11 @@ public class GetAsyncPk12 extends CMSServlet { if (password == null || password.equals("")) { header.addStringValue(OUT_ERROR, "PKCS12 password not found"); - throw new EBaseException( "PKCS12 password not found" ); + throw new EBaseException("PKCS12 password not found"); } if (passwordAgain == null || !passwordAgain.equals(password)) { header.addStringValue(OUT_ERROR, "PKCS12 password not matched"); - throw new EBaseException( "PKCS12 password not matched" ); + throw new EBaseException("PKCS12 password not matched"); } // got all approval, return pk12 @@ -219,23 +214,23 @@ public class GetAsyncPk12 extends CMSServlet { mRenderResult = false; auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, - agent, - ILogger.SUCCESS, - reqID, - ""); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, + agent, + ILogger.SUCCESS, + reqID, + ""); - audit(auditMessage); + audit(auditMessage); return; } catch (IOException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } } else if (((IKeyRecoveryAuthority) mService).getError(reqID) != null) { - // error in recovery process - header.addStringValue(OUT_ERROR, - ((IKeyRecoveryAuthority) mService).getError(reqID)); + // error in recovery process + header.addStringValue(OUT_ERROR, + ((IKeyRecoveryAuthority) mService).getError(reqID)); } else { // pk12 hasn't been created yet. Shouldn't get here } @@ -245,11 +240,11 @@ public class GetAsyncPk12 extends CMSServlet { if ((agent != null) && (reqID != null)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, - agent, - ILogger.FAILURE, - reqID, - ""); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, + agent, + ILogger.FAILURE, + reqID, + ""); audit(auditMessage); } @@ -261,9 +256,9 @@ public class GetAsyncPk12 extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java index b3651774..f27e966d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.util.Hashtable; import java.util.Locale; @@ -43,10 +42,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Get the recovered key in PKCS#12 format - * + * * @version $Revision$, $Date$ */ public class GetPk12 extends CMSServlet { @@ -66,13 +64,11 @@ public class GetPk12 extends CMSServlet { private com.netscape.certsrv.kra.IKeyService mService = null; private final static String OUT_STATUS = "status"; - private final static String - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; + private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; - private final static String - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; + private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; private String mFormPath = null; @@ -86,7 +82,7 @@ public class GetPk12 extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "finishRecovery.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -102,8 +98,8 @@ public class GetPk12 extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -111,7 +107,7 @@ public class GetPk12 extends CMSServlet { * <ul> * <li>http.param recoveryID ID of request to recover * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -131,10 +127,10 @@ public class GetPk12 extends CMSServlet { mAuthzResourceName, "download"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -149,9 +145,9 @@ public class GetPk12 extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -170,9 +166,9 @@ public class GetPk12 extends CMSServlet { if (params == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); + CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); + CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); } // only the init DRM agent can get the pkcs12 @@ -181,26 +177,26 @@ public class GetPk12 extends CMSServlet { agent = (String) sContext.get(SessionContext.USER_ID); } - if (agent == null ) { - CMS.debug( "GetPk12::process() - agent is null!" ); - throw new EBaseException( "agent is null" ); + if (agent == null) { + CMS.debug("GetPk12::process() - agent is null!"); + throw new EBaseException("agent is null"); } - String initAgent = (String) params.get("agent"); + String initAgent = (String) params.get("agent"); if (!agent.equals(initAgent)) { log(ILogger.LL_SECURITY, - - CMS.getLogMessage("CMSGW_INVALID_AGENT_3", + + CMS.getLogMessage("CMSGW_INVALID_AGENT_3", recoveryID, initAgent)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_AGENT", - agent, initAgent, recoveryID)); + CMS.getUserMessage("CMS_GW_INVALID_AGENT", + agent, initAgent, recoveryID)); } header.addStringValue("serialNumber", - (String) params.get("keyID")); + (String) params.get("keyID")); // got all approval, return pk12 byte pkcs12[] = ((IKeyRecoveryAuthority) mService).getPk12(recoveryID); @@ -213,23 +209,23 @@ public class GetPk12 extends CMSServlet { mRenderResult = false; auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, - agent, - ILogger.SUCCESS, - recoveryID, - ""); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, + agent, + ILogger.SUCCESS, + recoveryID, + ""); audit(auditMessage); return; } catch (IOException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) { // error in recovery process - header.addStringValue(OUT_ERROR, - ((IKeyRecoveryAuthority) mService).getError(recoveryID)); + header.addStringValue(OUT_ERROR, + ((IKeyRecoveryAuthority) mService).getError(recoveryID)); } else { // pk12 hasn't been created yet. Shouldn't get here } @@ -239,11 +235,11 @@ public class GetPk12 extends CMSServlet { if ((agent != null) && (recoveryID != null)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, - agent, - ILogger.FAILURE, - recoveryID, - ""); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, + agent, + ILogger.FAILURE, + recoveryID, + ""); audit(auditMessage); } @@ -255,9 +251,9 @@ public class GetPk12 extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java index a868f47c..a6c26dc5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java @@ -40,10 +40,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Approve an asynchronous key recovery request - * + * */ public class GrantAsyncRecovery extends CMSServlet { @@ -69,7 +68,7 @@ public class GrantAsyncRecovery extends CMSServlet { private String mFormPath = null; private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN = - "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; + "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; /** * Constructs EA servlet. @@ -81,7 +80,7 @@ public class GrantAsyncRecovery extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * 'grantAsyncRecovery.template' to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -98,8 +97,8 @@ public class GrantAsyncRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -107,9 +106,9 @@ public class GrantAsyncRecovery extends CMSServlet { * <ul> * <li>http.param reqID request ID of the request to approve * <li>http.param agentID User ID of the agent approving the request - + * * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -128,10 +127,10 @@ public class GrantAsyncRecovery extends CMSServlet { mAuthzResourceName, "recover"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -146,9 +145,9 @@ public class GrantAsyncRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -161,13 +160,13 @@ public class GrantAsyncRecovery extends CMSServlet { CMS.debug("GrantAsyncRecovery: process() agent uid=" + agentID); CMS.debug("GrantAsyncRecovery: process() request id=" + req.getParameter("reqID")); try { - process(argSet, header, - req.getParameter("reqID"), - agentID, - req, resp, locale[0]); + process(argSet, header, + req.getParameter("reqID"), + agentID, + req, resp, locale[0]); } catch (NumberFormatException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { ServletOutputStream out = resp.getOutputStream(); @@ -176,9 +175,9 @@ public class GrantAsyncRecovery extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -186,12 +185,13 @@ public class GrantAsyncRecovery extends CMSServlet { /** * Update agent approval list * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used * whenever DRM agents login as recovery agents to approve key recovery * requests * </ul> + * * @param argSet CMS template parameters * @param header argument block * @param reqID string containing the recovery request ID @@ -201,10 +201,10 @@ public class GrantAsyncRecovery extends CMSServlet { * @param locale the system locale */ private void process(CMSTemplateParams argSet, - IArgBlock header, String reqID, - String agentID, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + IArgBlock header, String reqID, + String agentID, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequestID = reqID; @@ -234,9 +234,9 @@ public class GrantAsyncRecovery extends CMSServlet { try { header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); + req.getParameter(OUT_OP)); header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); + req.getRequestURI()); // update approving agent list mService.addAgentAsyncKeyRecovery(reqID, agentID); @@ -281,4 +281,3 @@ public class GrantAsyncRecovery extends CMSServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java index 9a7238be..a7356b3c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.util.Hashtable; import java.util.Locale; @@ -42,10 +41,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Approve a key recovery request - * + * * @version $Revision$, $Date$ */ public class GrantRecovery extends CMSServlet { @@ -74,7 +72,7 @@ public class GrantRecovery extends CMSServlet { private String mFormPath = null; private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN = - "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; + "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; /** * Constructs EA servlet. @@ -86,7 +84,7 @@ public class GrantRecovery extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * 'grantRecovery.template' to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -103,19 +101,19 @@ public class GrantRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. * <ul> * <li>http.param recoveryID ID of the request to approve - * <li>http.param agentID User ID of the agent approving the request - * <li>http.param agentPWD Password of the agent approving the request - + * <li>http.param agentID User ID of the agent approving the request + * <li>http.param agentPWD Password of the agent approving the request + * * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -132,10 +130,10 @@ public class GrantRecovery extends CMSServlet { mAuthzResourceName, "recover"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -150,9 +148,9 @@ public class GrantRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -166,14 +164,14 @@ public class GrantRecovery extends CMSServlet { agentID = req.getParameter("agentID"); } try { - process(argSet, header, - req.getParameter("recoveryID"), - agentID, - req.getParameter("agentPWD"), - req, resp, locale[0]); + process(argSet, header, + req.getParameter("recoveryID"), + agentID, + req.getParameter("agentPWD"), + req, resp, locale[0]); } catch (NumberFormatException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { ServletOutputStream out = resp.getOutputStream(); @@ -182,23 +180,24 @@ public class GrantRecovery extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } /** - * Recovers a key. The p12 will be protected by the password - * provided by the administrator. + * Recovers a key. The p12 will be protected by the password provided by the + * administrator. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used * whenever DRM agents login as recovery agents to approve key recovery * requests * </ul> + * * @param argSet CMS template parameters * @param header argument block * @param recoveryID string containing the recovery ID @@ -209,10 +208,10 @@ public class GrantRecovery extends CMSServlet { * @param locale the system locale */ private void process(CMSTemplateParams argSet, - IArgBlock header, String recoveryID, - String agentID, String agentPWD, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + IArgBlock header, String recoveryID, + String agentID, String agentPWD, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRecoveryID = recoveryID; @@ -242,15 +241,15 @@ public class GrantRecovery extends CMSServlet { try { header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); + req.getParameter(OUT_OP)); header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); + req.getRequestURI()); Hashtable h = mService.getRecoveryParams(recoveryID); if (h == null) { - header.addStringValue(OUT_ERROR, - "No such token found"); + header.addStringValue(OUT_ERROR, + "No such token found"); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -265,13 +264,13 @@ public class GrantRecovery extends CMSServlet { return; } header.addStringValue("serialNumber", - (String) h.get("keyID")); + (String) h.get("keyID")); mService.addDistributedCredential(recoveryID, agentID, agentPWD); header.addStringValue("agentID", - agentID); + agentID); header.addStringValue("recoveryID", - recoveryID); + recoveryID); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -310,4 +309,3 @@ public class GrantRecovery extends CMSServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java b/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java index 9ce8585f..fc6498f5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.util.Date; import com.netscape.certsrv.apps.CMS; @@ -28,7 +27,7 @@ import com.netscape.certsrv.dbs.keydb.IKeyRecord; /** * Output a 'pretty print' of a Key Archival record - * + * * @version $Revision$, $Date$ */ public class KeyRecordParser { @@ -44,28 +43,27 @@ public class KeyRecordParser { public final static String OUT_RECOVERED_BY = "recoveredBy"; public final static String OUT_RECOVERED_ON = "recoveredOn"; - /** * Fills key record into argument block. */ - public static void fillRecordIntoArg(IKeyRecord rec, IArgBlock rarg) - throws EBaseException { + public static void fillRecordIntoArg(IKeyRecord rec, IArgBlock rarg) + throws EBaseException { if (rec == null) return; rarg.addStringValue(OUT_STATE, - rec.getState().toString()); + rec.getState().toString()); rarg.addStringValue(OUT_OWNER_NAME, - rec.getOwnerName()); + rec.getOwnerName()); rarg.addIntegerValue(OUT_SERIALNO, - rec.getSerialNumber().intValue()); + rec.getSerialNumber().intValue()); rarg.addStringValue(OUT_KEY_ALGORITHM, - rec.getAlgorithm()); - // Possible Enhancement: sun's BASE64Encode is not + rec.getAlgorithm()); + // Possible Enhancement: sun's BASE64Encode is not // fast. We may may to have our native implmenetation. IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":"); rarg.addStringValue(OUT_PUBLIC_KEY, - pp.toHexString(rec.getPublicKeyData(), 0, 20)); + pp.toHexString(rec.getPublicKeyData(), 0, 20)); Integer keySize = rec.getKeySize(); if (keySize == null) { @@ -74,16 +72,16 @@ public class KeyRecordParser { rarg.addIntegerValue(OUT_KEY_LEN, keySize.intValue()); } rarg.addStringValue(OUT_ARCHIVED_BY, - rec.getArchivedBy()); + rec.getArchivedBy()); rarg.addLongValue(OUT_ARCHIVED_ON, - rec.getCreateTime().getTime() / 1000); + rec.getCreateTime().getTime() / 1000); Date dateOfRevocation[] = rec.getDateOfRevocation(); if (dateOfRevocation != null) { - rarg.addStringValue(OUT_RECOVERED_BY, - "null"); - rarg.addStringValue(OUT_RECOVERED_ON, - "null"); + rarg.addStringValue(OUT_RECOVERED_BY, + "null"); + rarg.addStringValue(OUT_RECOVERED_ON, + "null"); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java index edcd2bdf..5a590a8e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.math.BigInteger; import java.util.Hashtable; @@ -51,7 +50,7 @@ import com.netscape.cmsutil.util.Cert; /** * A class representing a recoverBySerial servlet. - * + * * @version $Revision$, $Date$ */ public class RecoverBySerial extends CMSServlet { @@ -108,22 +107,17 @@ public class RecoverBySerial extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Serves HTTP request. The format of this request is as follows: - * recoverBySerial? - * [serialNumber=<number>] - * [uid#=<uid>] - * [pwd#=<password>] - * [localAgents=yes|null] - * [recoveryID=recoveryID] - * [pkcs12Password=<password of pkcs12>] - * [pkcs12PasswordAgain=<password of pkcs12>] - * [pkcs12Delivery=<delivery mechanism for pkcs12>] - * [cert=<encryption certificate>] + * recoverBySerial? [serialNumber=<number>] [uid#=<uid>] [pwd#=<password>] + * [localAgents=yes|null] [recoveryID=recoveryID] [pkcs12Password=<password + * of pkcs12>] [pkcs12PasswordAgain=<password of pkcs12>] + * [pkcs12Delivery=<delivery mechanism for pkcs12>] [cert=<encryption + * certificate>] */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -138,10 +132,10 @@ public class RecoverBySerial extends CMSServlet { mAuthzResourceName, "recover"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -156,9 +150,9 @@ public class RecoverBySerial extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -189,54 +183,52 @@ public class RecoverBySerial extends CMSServlet { ctx = SessionContext.getContext(); /* - When Recovery is first initiated, if it is in asynch mode, - no pkcs#12 password is needed. - The initiating agent uid will be recorded in the recovery - request. - Later, as approving agents submit their approvals, they will - also be listed in the request. + * When Recovery is first initiated, if it is in asynch mode, no + * pkcs#12 password is needed. The initiating agent uid will be + * recorded in the recovery request. Later, as approving agents + * submit their approvals, they will also be listed in the request. */ if ((initAsyncRecovery != null) && - initAsyncRecovery.equalsIgnoreCase("ON")) { - process(form, argSet, header, - req.getParameter(IN_SERIALNO), - req.getParameter(IN_CERT), - req, resp, locale[0]); - - int requiredNumber = mService.getNoOfRequiredAgents(); - header.addIntegerValue("noOfRequiredAgents", requiredNumber); + initAsyncRecovery.equalsIgnoreCase("ON")) { + process(form, argSet, header, + req.getParameter(IN_SERIALNO), + req.getParameter(IN_CERT), + req, resp, locale[0]); + + int requiredNumber = mService.getNoOfRequiredAgents(); + header.addIntegerValue("noOfRequiredAgents", requiredNumber); } else { String recoveryID = req.getParameter("recoveryID"); if (recoveryID != null && !recoveryID.equals("")) { - ctx.put(SessionContext.RECOVERY_ID, - req.getParameter("recoveryID")); + ctx.put(SessionContext.RECOVERY_ID, + req.getParameter("recoveryID")); + } + byte pkcs12[] = process(form, argSet, header, + req.getParameter(IN_SERIALNO), + req.getParameter("localAgents"), + req.getParameter(IN_PASSWORD), + req.getParameter(IN_PASSWORD_AGAIN), + req.getParameter(IN_CERT), + req.getParameter(IN_DELIVERY), + req.getParameter(IN_NICKNAME), + req, resp, locale[0]); + + if (pkcs12 != null) { + // resp.setStatus(HttpServletResponse.SC_OK); + resp.setContentType("application/x-pkcs12"); + // resp.setContentLength(pkcs12.length); + resp.getOutputStream().write(pkcs12); + mRenderResult = false; + return; } - byte pkcs12[] = process(form, argSet, header, - req.getParameter(IN_SERIALNO), - req.getParameter("localAgents"), - req.getParameter(IN_PASSWORD), - req.getParameter(IN_PASSWORD_AGAIN), - req.getParameter(IN_CERT), - req.getParameter(IN_DELIVERY), - req.getParameter(IN_NICKNAME), - req, resp, locale[0]); - - if (pkcs12 != null) { - //resp.setStatus(HttpServletResponse.SC_OK); - resp.setContentType("application/x-pkcs12"); - //resp.setContentLength(pkcs12.length); - resp.getOutputStream().write(pkcs12); - mRenderResult = false; - return; - } } } catch (NumberFormatException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (IOException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } finally { SessionContext.releaseContext(); } @@ -249,9 +241,9 @@ public class RecoverBySerial extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -260,10 +252,10 @@ public class RecoverBySerial extends CMSServlet { /** * Async Key Recovery - request initiation */ - private void process(CMSTemplate form, CMSTemplateParams argSet, - IArgBlock header, String seq, String cert, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + private void process(CMSTemplate form, CMSTemplateParams argSet, + IArgBlock header, String seq, String cert, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { // seq is the key id if (seq == null) { @@ -291,37 +283,37 @@ public class RecoverBySerial extends CMSServlet { try { String reqID = mService.initAsyncKeyRecovery( - new BigInteger(seq), x509cert, + new BigInteger(seq), x509cert, (String) sContext.get(SessionContext.USER_ID)); header.addStringValue(OUT_SERIALNO, req.getParameter(IN_SERIALNO)); header.addStringValue("requestID", reqID); } catch (EBaseException e) { String error = - "Failed to recover key for key id " + - seq + ".\nException: " + e.toString(); + "Failed to recover key for key id " + + seq + ".\nException: " + e.toString(); CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, error); + ILogger.S_KRA, ILogger.LL_FAILURE, error); try { ((IKeyRecoveryAuthority) mService).createError(seq, error); } catch (EBaseException eb) { CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); + ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); } } return; } /** - * Recovers a key. The p12 will be protected by the password - * provided by the administrator. + * Recovers a key. The p12 will be protected by the password provided by the + * administrator. */ private byte[] process(CMSTemplate form, CMSTemplateParams argSet, - IArgBlock header, String seq, String localAgents, - String password, String passwordAgain, - String cert, String delivery, String nickname, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + IArgBlock header, String seq, String localAgents, + String password, String passwordAgain, + String cert, String delivery, String nickname, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { if (seq == null) { header.addStringValue(OUT_ERROR, "sequence number not found"); return null; @@ -360,65 +352,65 @@ public class RecoverBySerial extends CMSServlet { if (sContext != null) { agent = (String) sContext.get(SessionContext.USER_ID); } - if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { - if (localAgents == null) { - String recoveryID = req.getParameter("recoveryID"); + if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { + if (localAgents == null) { + String recoveryID = req.getParameter("recoveryID"); - if (recoveryID == null || recoveryID.equals("")) { - header.addStringValue(OUT_ERROR, "No recovery ID specified"); - return null; - } - Hashtable params = mService.createRecoveryParams(recoveryID); + if (recoveryID == null || recoveryID.equals("")) { + header.addStringValue(OUT_ERROR, "No recovery ID specified"); + return null; + } + Hashtable params = mService.createRecoveryParams(recoveryID); - params.put("keyID", req.getParameter(IN_SERIALNO)); + params.put("keyID", req.getParameter(IN_SERIALNO)); - header.addStringValue("recoveryID", recoveryID); + header.addStringValue("recoveryID", recoveryID); - params.put("agent", agent); + params.put("agent", agent); - // new thread to wait for pk12 - Thread waitThread = new WaitApprovalThread(recoveryID, - seq, password, x509cert, delivery, nickname, - SessionContext.getContext()); + // new thread to wait for pk12 + Thread waitThread = new WaitApprovalThread(recoveryID, + seq, password, x509cert, delivery, nickname, + SessionContext.getContext()); - waitThread.start(); - return null; - } else { - Vector v = new Vector(); - - for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) { - String uid = req.getParameter(IN_UID + i); - String pwd = req.getParameter(IN_PWD + i); - - if (uid != null && pwd != null && !uid.equals("") && - !pwd.equals("")) { - v.addElement(new Credential(uid, pwd)); - } else { + waitThread.start(); + return null; + } else { + Vector v = new Vector(); + + for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) { + String uid = req.getParameter(IN_UID + i); + String pwd = req.getParameter(IN_PWD + i); + + if (uid != null && pwd != null && !uid.equals("") && + !pwd.equals("")) { + v.addElement(new Credential(uid, pwd)); + } else { + header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided"); + return null; + } + } + if (v.size() != mService.getNoOfRequiredAgents()) { header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided"); return null; } + creds = new Credential[v.size()]; + v.copyInto(creds); } - if (v.size() != mService.getNoOfRequiredAgents()) { - header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided"); - return null; - } - creds = new Credential[v.size()]; - v.copyInto(creds); - } - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addIntegerValue(OUT_SERIALNO, - Integer.parseInt(seq)); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); - byte pkcs12[] = mService.doKeyRecovery( - new BigInteger(seq), - creds, password, x509cert, - delivery, nickname, agent); - - return pkcs12; - } else { + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); + header.addIntegerValue(OUT_SERIALNO, + Integer.parseInt(seq)); + header.addStringValue(OUT_SERVICE_URL, + req.getRequestURI()); + byte pkcs12[] = mService.doKeyRecovery( + new BigInteger(seq), + creds, password, x509cert, + delivery, nickname, agent); + + return pkcs12; + } else { String recoveryID = req.getParameter("recoveryID"); if (recoveryID == null || recoveryID.equals("")) { @@ -440,7 +432,7 @@ public class RecoverBySerial extends CMSServlet { waitThread.start(); return null; - } + } } catch (EBaseException e) { header.addStringValue(OUT_ERROR, e.toString(locale)); } catch (Exception e) { @@ -450,8 +442,8 @@ public class RecoverBySerial extends CMSServlet { } /** - * Wait approval thread. Wait for recovery agents' approval - * exit when required number of approval received + * Wait approval thread. Wait for recovery agents' approval exit when + * required number of approval received */ final class WaitApprovalThread extends Thread { String theRecoveryID = null; @@ -462,24 +454,24 @@ public class RecoverBySerial extends CMSServlet { String theNickname = null; SessionContext theSc = null; - /** + /** * Wait approval thread constructor including thread name */ public WaitApprovalThread(String recoveryID, String seq, - String password, X509CertImpl cert, - String delivery, String nickname, SessionContext sc) { + String password, X509CertImpl cert, + String delivery, String nickname, SessionContext sc) { super(); - super.setName("waitApproval." + recoveryID + "-" + - (Thread.activeCount() + 1)); + super.setName("waitApproval." + recoveryID + "-" + + (Thread.activeCount() + 1)); theRecoveryID = recoveryID; theSeq = seq; thePassword = password; theCert = cert; theDelivery = delivery; theNickname = nickname; - theSc = sc; + theSc = sc; } - + public void run() { SessionContext.setContext(theSc); Credential creds[] = null; @@ -487,17 +479,17 @@ public class RecoverBySerial extends CMSServlet { try { creds = mService.getDistributedCredentials(theRecoveryID); } catch (EBaseException e) { - String error = - "Failed to get required approvals for recovery id " + - theRecoveryID + ".\nException: " + e.toString(); + String error = + "Failed to get required approvals for recovery id " + + theRecoveryID + ".\nException: " + e.toString(); CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, error); + ILogger.S_KRA, ILogger.LL_FAILURE, error); try { ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error); } catch (EBaseException eb) { CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); + ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); } return; } @@ -514,16 +506,16 @@ public class RecoverBySerial extends CMSServlet { ((IKeyRecoveryAuthority) mService).createPk12(theRecoveryID, pkcs12); } catch (EBaseException e) { String error = - "Failed to recover key for recovery id " + - theRecoveryID + ".\nException: " + e.toString(); + "Failed to recover key for recovery id " + + theRecoveryID + ".\nException: " + e.toString(); CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, error); + ILogger.S_KRA, ILogger.LL_FAILURE, error); try { ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error); } catch (EBaseException eb) { CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); + ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); } } return; @@ -531,4 +523,3 @@ public class RecoverBySerial extends CMSServlet { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java index c0fdd02e..80eaf9a8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -48,7 +47,7 @@ import com.netscape.cms.servlet.common.ECMSGWException; /** * Retrieve archived keys matching search criteria - * + * * @version $Revision$, $Date$ */ public class SrchKey extends CMSServlet { @@ -74,7 +73,7 @@ public class SrchKey extends CMSServlet { private final static String OUT_ERROR = "errorDetails"; private final static String OUT_ARCHIVER = "archiverName"; private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_TOTAL_COUNT = "totalRecordCount"; + private final static String OUT_TOTAL_COUNT = "totalRecordCount"; private final static String OUT_TEMPLATE = "templateName"; private IKeyRepository mKeyDB = null; @@ -93,20 +92,21 @@ public class SrchKey extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "srchKey.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - /* maxReturns doesn't seem to do anything useful in this - servlet!!! */ + /* + * maxReturns doesn't seem to do anything useful in this servlet!!! + */ try { String tmp = - sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); + sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); - if (tmp == null) + if (tmp == null) mMaxReturns = 100; else mMaxReturns = Integer.parseInt(tmp); @@ -132,20 +132,20 @@ public class SrchKey extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. * <ul> - * <li>http.param maxCount maximum number of matches to show in result - * <li>http.param maxResults maximum number of matches to run in ldapsearch - * <li>http.param queryFilter ldap-style filter to search with + * <li>http.param maxCount maximum number of matches to show in result + * <li>http.param maxResults maximum number of matches to run in ldapsearch + * <li>http.param queryFilter ldap-style filter to search with * <li>http.param querySentinel ID of first request to show - * <li>http.param timeLimit number of seconds to limit ldap search to + * <li>http.param timeLimit number of seconds to limit ldap search to * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -162,10 +162,10 @@ public class SrchKey extends CMSServlet { mAuthzResourceName, "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -180,9 +180,9 @@ public class SrchKey extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } // process query if authentication is successful @@ -213,11 +213,11 @@ public class SrchKey extends CMSServlet { if (timeLimitStr != null && timeLimitStr.length() > 0) timeLimit = Integer.parseInt(timeLimitStr); process(argSet, header, ctx, maxCount, maxResults, - timeLimit, sentinel, - req.getParameter(IN_FILTER), req, resp, locale[0]); + timeLimit, sentinel, + req.getParameter(IN_FILTER), req, resp, locale[0]); } catch (NumberFormatException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { @@ -227,9 +227,9 @@ public class SrchKey extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -238,53 +238,53 @@ public class SrchKey extends CMSServlet { * Process the key search. */ private void process(CMSTemplateParams argSet, - IArgBlock header, IArgBlock ctx, - int maxCount, int maxResults, int timeLimit, int sentinel, String filter, - HttpServletRequest req, HttpServletResponse resp, Locale locale) { + IArgBlock header, IArgBlock ctx, + int maxCount, int maxResults, int timeLimit, int sentinel, String filter, + HttpServletRequest req, HttpServletResponse resp, Locale locale) { try { // Fill header - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); header.addStringValue(OUT_ARCHIVER, - mAuthName.toString()); + mAuthName.toString()); // STRANGE: IE does not like the following: - // header.addStringValue(OUT_SERVICE_URL, - // req.getRequestURI()); + // header.addStringValue(OUT_SERVICE_URL, + // req.getRequestURI()); // XXX header.addStringValue(OUT_SERVICE_URL, - "/kra?"); + "/kra?"); header.addStringValue(OUT_TEMPLATE, - TPL_FILE); + TPL_FILE); header.addStringValue(OUT_FILTER, - filter); + filter); if (timeLimit == -1 || timeLimit > mTimeLimits) { CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits); timeLimit = mTimeLimits; } CMS.debug("Start searching ... timelimit=" + timeLimit); - Enumeration e = mKeyDB.searchKeys(filter, + Enumeration e = mKeyDB.searchKeys(filter, maxResults, timeLimit); int count = 0; if (e == null) { - header.addStringValue(OUT_SENTINEL, - null); + header.addStringValue(OUT_SENTINEL, + null); } else { while (e.hasMoreElements()) { IKeyRecord rec = (IKeyRecord) - e.nextElement(); + e.nextElement(); // rec is null when we specify maxResults // DS will return an err=4, which triggers // a LDAPException.SIZE_LIMIT_ExCEEDED // in DSSearchResults.java if (rec != null) { - IArgBlock rarg = CMS.createArgBlock(); + IArgBlock rarg = CMS.createArgBlock(); - KeyRecordParser.fillRecordIntoArg(rec, rarg); - argSet.addRepeatRecord(rarg); - count++; + KeyRecordParser.fillRecordIntoArg(rec, rarg); + argSet.addRepeatRecord(rarg); + count++; } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java index 56a1817e..bd9e64aa 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -48,8 +47,8 @@ import com.netscape.cms.servlet.common.ECMSGWException; /** * Retrieve archived keys matching given public key material - * - * + * + * * @version $Revision$, $Date$ */ public class SrchKeyForRecovery extends CMSServlet { @@ -75,7 +74,7 @@ public class SrchKeyForRecovery extends CMSServlet { private final static String OUT_ERROR = "errorDetails"; private final static String OUT_ARCHIVER = "archiverName"; private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_TOTAL_COUNT = "totalRecordCount"; + private final static String OUT_TOTAL_COUNT = "totalRecordCount"; private final static String OUT_TEMPLATE = "templateName"; private IKeyRepository mKeyDB = null; @@ -94,7 +93,7 @@ public class SrchKeyForRecovery extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "srchKeyForRecovery.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -103,9 +102,9 @@ public class SrchKeyForRecovery extends CMSServlet { try { String tmp = - sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); + sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); - if (tmp == null) + if (tmp == null) mMaxReturns = 100; else mMaxReturns = Integer.parseInt(tmp); @@ -131,20 +130,20 @@ public class SrchKeyForRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. * <ul> - * <li>http.param maxCount maximum number of matches to show in result - * <li>http.param maxResults maximum number of matches to run in ldapsearch + * <li>http.param maxCount maximum number of matches to show in result + * <li>http.param maxResults maximum number of matches to run in ldapsearch * <li>http.param publicKeyData public key data to search on * <li>http.param querySentinel ID of first request to show - * <li>http.param timeLimit number of seconds to limit ldap search to + * <li>http.param timeLimit number of seconds to limit ldap search to * </ul> - * + * * @param cmsReq the object holding the request and response information */ @@ -161,10 +160,10 @@ public class SrchKeyForRecovery extends CMSServlet { mAuthzResourceName, "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -179,11 +178,11 @@ public class SrchKeyForRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } - + // process query if authentication is successful IArgBlock header = CMS.createArgBlock(); IArgBlock ctx = CMS.createArgBlock(); @@ -213,29 +212,28 @@ public class SrchKeyForRecovery extends CMSServlet { if (timeLimitStr != null && timeLimitStr.length() > 0) timeLimit = Integer.parseInt(timeLimitStr); process(argSet, header, ctx, maxCount, maxResults, timeLimit, sentinel, - req.getParameter("publicKeyData"), req.getParameter(IN_FILTER), req, resp, locale[0]); + req.getParameter("publicKeyData"), req.getParameter(IN_FILTER), req, resp, locale[0]); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); } /* - catch (Exception e) { - error = new EBaseException(BaseResources.INTERNAL_ERROR_1, e); - } + * catch (Exception e) { error = new + * EBaseException(BaseResources.INTERNAL_ERROR_1, e); } */ try { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - ServletOutputStream out = resp.getOutputStream(); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + ServletOutputStream out = resp.getOutputStream(); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); @@ -243,9 +241,9 @@ public class SrchKeyForRecovery extends CMSServlet { } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } @@ -253,31 +251,31 @@ public class SrchKeyForRecovery extends CMSServlet { * Process the key search. */ private void process(CMSTemplateParams argSet, - IArgBlock header, IArgBlock ctx, - int maxCount, int maxResults, int timeLimit, int sentinel, String publicKeyData, - String filter, - HttpServletRequest req, HttpServletResponse resp, Locale locale) - throws EBaseException { + IArgBlock header, IArgBlock ctx, + int maxCount, int maxResults, int timeLimit, int sentinel, String publicKeyData, + String filter, + HttpServletRequest req, HttpServletResponse resp, Locale locale) + throws EBaseException { try { // Fill header - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); header.addStringValue(OUT_ARCHIVER, - mAuthName.toString()); + mAuthName.toString()); // STRANGE: IE does not like the following: - // header.addStringValue(OUT_SERVICE_URL, - // req.getRequestURI()); + // header.addStringValue(OUT_SERVICE_URL, + // req.getRequestURI()); // XXX header.addStringValue(OUT_SERVICE_URL, - "/kra?"); + "/kra?"); header.addStringValue(OUT_TEMPLATE, - TPL_FILE); + TPL_FILE); header.addStringValue(OUT_FILTER, - filter); + filter); if (publicKeyData != null) { header.addStringValue("publicKeyData", - publicKeyData); + publicKeyData); } if (timeLimit == -1 || timeLimit > mTimeLimits) { @@ -290,21 +288,21 @@ public class SrchKeyForRecovery extends CMSServlet { if (e == null) { header.addStringValue(OUT_SENTINEL, - null); + null); } else { while (e.hasMoreElements()) { IKeyRecord rec = (IKeyRecord) - e.nextElement(); + e.nextElement(); // rec is null when we specify maxResults // DS will return an err=4, which triggers - // a LDAPException.SIZE_LIMIT_ExCEEDED + // a LDAPException.SIZE_LIMIT_ExCEEDED // in DSSearchResults.java if (rec != null) { - IArgBlock rarg = CMS.createArgBlock(); + IArgBlock rarg = CMS.createArgBlock(); - KeyRecordParser.fillRecordIntoArg(rec, rarg); - argSet.addRepeatRecord(rarg); - count++; + KeyRecordParser.fillRecordIntoArg(rec, rarg); + argSet.addRepeatRecord(rarg); + count++; } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java index c365d0f8..59303f6e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.X509Certificate; @@ -46,22 +45,21 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cmsutil.util.Cert; - /** * Configure the CA to respond to OCSP requests for a CA - * + * * @version $Revision$ $Date$ */ public class AddCAServlet extends CMSServlet { - + /** * */ private static final long serialVersionUID = 1065151608542115340L; public static final String BEGIN_HEADER = - "-----BEGIN CERTIFICATE-----"; + "-----BEGIN CERTIFICATE-----"; public static final String END_HEADER = - "-----END CERTIFICATE-----"; + "-----END CERTIFICATE-----"; public static final BigInteger BIG_ZERO = new BigInteger("0"); public static final Long MINUS_ONE = Long.valueOf(-1); @@ -71,9 +69,9 @@ public class AddCAServlet extends CMSServlet { private IOCSPAuthority mOCSPAuthority = null; private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST = - "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_3"; + "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_3"; private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED_3"; + "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED_3"; public AddCAServlet() { super(); @@ -82,7 +80,7 @@ public class AddCAServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "addCA.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -100,19 +98,19 @@ public class AddCAServlet extends CMSServlet { /** * Process the HTTP request. * <ul> - * <li>http.param cert ca certificate. The format is base-64, DER - * encoded, wrapped with -----BEGIN CERTIFICATE-----, - * -----END CERTIFICATE----- strings - * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST used when - * a CA is attempted to be added to the OCSP responder - * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED - * used when an add CA request to the OCSP Responder is processed + * <li>http.param cert ca certificate. The format is base-64, DER encoded, + * wrapped with -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- + * strings + * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST used when a CA + * is attempted to be added to the OCSP responder + * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED used + * when an add CA request to the OCSP Responder is processed * </ul> - * + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); String auditMessage = null; @@ -143,9 +141,9 @@ public class AddCAServlet extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -153,10 +151,10 @@ public class AddCAServlet extends CMSServlet { CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); if (auditSubjectID.equals(ILogger.NONROLEUSER) || - auditSubjectID.equals(ILogger.UNIDENTIFIED)) { + auditSubjectID.equals(ILogger.UNIDENTIFIED)) { String uid = authToken.getInString(IAuthToken.USER_ID); if (uid != null) { - CMS.debug("AddCAServlet: auditSubjectID set to "+uid); + CMS.debug("AddCAServlet: auditSubjectID set to " + uid); auditSubjectID = uid; } } @@ -164,12 +162,12 @@ public class AddCAServlet extends CMSServlet { if (b64 == null) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST, - auditSubjectID, - ILogger.FAILURE, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST, + auditSubjectID, + ILogger.FAILURE, + ILogger.SIGNED_AUDIT_EMPTY_VALUE); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_CERT")); } @@ -177,32 +175,32 @@ public class AddCAServlet extends CMSServlet { auditCA = Cert.normalizeCertStr(Cert.stripCertBrackets(b64.trim())); // record the fact that a request to add CA is made auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditCA); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditCA); - audit( auditMessage ); + audit(auditMessage); if (b64.indexOf(BEGIN_HEADER) == -1) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditCASubjectDN); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_HEADER")); } if (b64.indexOf(END_HEADER) == -1) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditCASubjectDN); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_FOOTER")); } @@ -215,17 +213,17 @@ public class AddCAServlet extends CMSServlet { try { X509Certificate cert = Cert.mapCert(b64); - if( cert == null ) { - CMS.debug( "AddCAServlet::process() - cert is null!" ); + if (cert == null) { + CMS.debug("AddCAServlet::process() - cert is null!"); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditCASubjectDN); - audit( auditMessage ); + audit(auditMessage); - throw new EBaseException( "cert is null" ); + throw new EBaseException("cert is null"); } else { certs = new X509Certificate[1]; } @@ -247,15 +245,15 @@ public class AddCAServlet extends CMSServlet { auditCASubjectDN = leafCert.getSubjectDN().getName(); } catch (Exception e) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditCASubjectDN); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); + CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); } } if (certs != null && certs.length > 0) { @@ -264,32 +262,32 @@ public class AddCAServlet extends CMSServlet { // (2) store certificate (and certificate chain) into // database ICRLIssuingPointRecord rec = defStore.createCRLIssuingPointRecord( - leafCert.getSubjectDN().getName(), - BIG_ZERO, + leafCert.getSubjectDN().getName(), + BIG_ZERO, MINUS_ONE, null, null); try { rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, leafCert.getEncoded()); } catch (Exception e) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditCASubjectDN); - audit( auditMessage ); + audit(auditMessage); // error } defStore.addCRLIssuingPoint(leafCert.getSubjectDN().getName(), rec); log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CA certificate " + leafCert.getSubjectDN().getName()); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditCASubjectDN); - audit( auditMessage ); + audit(auditMessage); } try { @@ -297,18 +295,18 @@ public class AddCAServlet extends CMSServlet { String error = null; String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java index 029d396b..6273c8e7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CRLException; @@ -55,10 +54,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cmsutil.util.Cert; - /** * Update the OCSP responder with a new CRL - * + * * @version $Revision$ $Date$ */ public class AddCRLServlet extends CMSServlet { @@ -68,18 +66,18 @@ public class AddCRLServlet extends CMSServlet { */ private static final long serialVersionUID = 1476080474638590902L; public static final String BEGIN_HEADER = - "-----BEGIN CERTIFICATE REVOCATION LIST-----"; + "-----BEGIN CERTIFICATE REVOCATION LIST-----"; public static final String END_HEADER = - "-----END CERTIFICATE REVOCATION LIST-----"; + "-----END CERTIFICATE REVOCATION LIST-----"; private final static String TPL_FILE = "addCRL.template"; private String mFormPath = null; private IOCSPAuthority mOCSPAuthority = null; private final static String LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL = - "LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL_3"; + "LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL_3"; private final static String LOGGING_SIGNED_AUDIT_CRL_VALIDATION = - "LOGGING_SIGNED_AUDIT_CRL_VALIDATION_2"; + "LOGGING_SIGNED_AUDIT_CRL_VALIDATION_2"; public AddCRLServlet() { super(); @@ -88,7 +86,7 @@ public class AddCRLServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "addCRL.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -105,31 +103,32 @@ public class AddCRLServlet extends CMSServlet { /** * Process the HTTP request. * <P> - * + * * <ul> * <li>http.param crl certificate revocation list, base-64, DER encoded - * wrapped in -----BEGIN CERTIFICATE REVOCATION LIST-----, - * -----END CERTIFICATE REVOCATION LIST----- strings + * wrapped in -----BEGIN CERTIFICATE REVOCATION LIST-----, -----END + * CERTIFICATE REVOCATION LIST----- strings * <li>http.param noui if true, use minimal hardcoded text response * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL used when CRLs are * retrieved by the OCSP Responder ("agent" or "EE") * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_VALIDATION used when CRL is * retrieved and validation process occurs ("agent" or "EE") * </ul> + * * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ protected synchronized void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { boolean CRLFetched = false; boolean CRLValidated = false; String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditCRLNum = ILogger.SIGNED_AUDIT_EMPTY_VALUE; - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("add_crl", true /* main action */); + statsSub.startTiming("add_crl", true /* main action */); } try { @@ -152,42 +151,43 @@ public class AddCRLServlet extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum); - audit( auditMessage ); + audit(auditMessage); return; } if (auditSubjectID.equals(ILogger.NONROLEUSER) || - auditSubjectID.equals(ILogger.UNIDENTIFIED)) { + auditSubjectID.equals(ILogger.UNIDENTIFIED)) { if (authToken != null) { String uid = authToken.getInString(IAuthToken.USER_ID); if (uid != null) { - CMS.debug("AddCAServlet: auditSubjectID set to "+uid); + CMS.debug("AddCAServlet: auditSubjectID set to " + uid); auditSubjectID = uid; } - } + } } log(ILogger.LL_INFO, "AddCRLServlet"); String b64 = cmsReq.getHttpReq().getParameter("crl"); - if (CMS.debugOn()) CMS.debug("AddCRLServlet: b64=" + b64); + if (CMS.debugOn()) + CMS.debug("AddCRLServlet: b64=" + b64); if (b64 == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CRL")); + CMS.getUserMessage("CMS_GW_MISSING_CRL")); } String nouiParm = cmsReq.getHttpReq().getParameter("noui"); @@ -209,20 +209,20 @@ public class AddCRLServlet extends CMSServlet { } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -231,32 +231,32 @@ public class AddCRLServlet extends CMSServlet { if (b64.indexOf(BEGIN_HEADER) == -1) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CRL_HEADER")); + CMS.getLogMessage("CMSGW_MISSING_CRL_HEADER")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CRL_HEADER")); } if (b64.indexOf(END_HEADER) == -1) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CRL_FOOTER")); + CMS.getLogMessage("CMSGW_MISSING_CRL_FOOTER")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CRL_FOOTER")); @@ -270,30 +270,30 @@ public class AddCRLServlet extends CMSServlet { long startTime = CMS.getCurrentDate().getTime(); CMS.debug("AddCRLServlet: mapCRL start startTime=" + startTime); if (statsSub != null) { - statsSub.startTiming("decode_crl"); + statsSub.startTiming("decode_crl"); } - crl = mapCRL1( b64 ); + crl = mapCRL1(b64); if (statsSub != null) { - statsSub.endTiming("decode_crl"); + statsSub.endTiming("decode_crl"); } long endTime = CMS.getCurrentDate().getTime(); - CMS.debug("AddCRLServlet: mapCRL done endTime=" + endTime + - " diff=" + (endTime - startTime)); + CMS.debug("AddCRLServlet: mapCRL done endTime=" + endTime + + " diff=" + (endTime - startTime)); // Retrieve the actual CRL number BigInteger crlNum = crl.getCRLNumber(); - if( crlNum != null ) { + if (crlNum != null) { auditCRLNum = crlNum.toString(); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.SUCCESS, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.SUCCESS, + auditCRLNum); - audit( auditMessage ); + audit(auditMessage); // acknowledge that the CRL has been retrieved CRLFetched = true; @@ -302,18 +302,18 @@ public class AddCRLServlet extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); + CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); } - log(ILogger.LL_INFO, "AddCRLServlet: CRL Issuer DN " + - crl.getIssuerDN().getName()); + log(ILogger.LL_INFO, "AddCRLServlet: CRL Issuer DN " + + crl.getIssuerDN().getName()); ICRLIssuingPointRecord pt = null; @@ -322,101 +322,101 @@ public class AddCRLServlet extends CMSServlet { crl.getIssuerDN().getName()); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", - crl.getIssuerDN().getName())); + CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", + crl.getIssuerDN().getName())); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_VALIDATION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_CRL_VALIDATION, + auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); + CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); } log(ILogger.LL_INFO, "AddCRLServlet: IssuingPoint " + - pt.getThisUpdate()); + pt.getThisUpdate()); // verify CRL byte caCertData[] = pt.getCACert(); if (caCertData != null) { - try { - X509CertImpl caCert = new X509CertImpl(caCertData); - CMS.debug("AddCRLServlet: start verify"); - - CryptoManager cmanager = CryptoManager.getInstance(); - org.mozilla.jss.crypto.X509Certificate jssCert = null; try { - jssCert = cmanager.importCACertPackage( - caCert.getEncoded()); - } catch (Exception e2) { - CMS.debug("AddCRLServlet: importCACertPackage " + - e2.toString()); - throw new EBaseException( e2.toString() ); - } + X509CertImpl caCert = new X509CertImpl(caCertData); + CMS.debug("AddCRLServlet: start verify"); - if (statsSub != null) { - statsSub.startTiming("verify_crl"); - } - crl.verify(jssCert.getPublicKey(), "Mozilla-JSS"); - if (statsSub != null) { - statsSub.endTiming("verify_crl"); - } - CMS.debug("AddCRLServlet: done verify"); + CryptoManager cmanager = CryptoManager.getInstance(); + org.mozilla.jss.crypto.X509Certificate jssCert = null; + try { + jssCert = cmanager.importCACertPackage( + caCert.getEncoded()); + } catch (Exception e2) { + CMS.debug("AddCRLServlet: importCACertPackage " + + e2.toString()); + throw new EBaseException(e2.toString()); + } - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_VALIDATION, - auditSubjectID, - ILogger.SUCCESS ); + if (statsSub != null) { + statsSub.startTiming("verify_crl"); + } + crl.verify(jssCert.getPublicKey(), "Mozilla-JSS"); + if (statsSub != null) { + statsSub.endTiming("verify_crl"); + } + CMS.debug("AddCRLServlet: done verify"); - audit( auditMessage ); + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CRL_VALIDATION, + auditSubjectID, + ILogger.SUCCESS); - // acknowledge that the CRL has been validated - CRLValidated = true; - } catch (Exception e) { - CMS.debug("AddCRLServlet: failed to verify CRL " + e.toString()); - CMS.debug(e); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", - crl.getIssuerDN().getName())); + audit(auditMessage); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_VALIDATION, - auditSubjectID, - ILogger.FAILURE ); + // acknowledge that the CRL has been validated + CRLValidated = true; + } catch (Exception e) { + CMS.debug("AddCRLServlet: failed to verify CRL " + e.toString()); + CMS.debug(e); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", + crl.getIssuerDN().getName())); - audit( auditMessage ); + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CRL_VALIDATION, + auditSubjectID, + ILogger.FAILURE); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); - } + audit(auditMessage); + + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); + } } - if ((pt.getThisUpdate() != null) && - (pt.getThisUpdate().getTime() >= - crl.getThisUpdate().getTime())) { + if ((pt.getThisUpdate() != null) && + (pt.getThisUpdate().getTime() >= + crl.getThisUpdate().getTime())) { // error, the uploaded CRL is older than the current CMS.debug("AddCRLServlet: no update, CRL is older"); log(ILogger.LL_INFO, - "AddCRLServlet: no update, received CRL is older " + - "than current CRL"); + "AddCRLServlet: no update, received CRL is older " + + "than current CRL"); if (noUI) { try { resp.setContentType("application/text"); - resp.getOutputStream().write("status=1\n".getBytes()); + resp.getOutputStream().write("status=1\n".getBytes()); resp.getOutputStream().write( - "error=Sent CRL is older than the current CRL\n".getBytes()); + "error=Sent CRL is older than the current CRL\n".getBytes()); resp.getOutputStream().flush(); cmsReq.setStatus(CMSRequest.SUCCESS); - // NOTE: The signed audit events - // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and - // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have - // already been logged at this point! + // NOTE: The signed audit events + // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and + // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have + // already been logged at this point! return; } catch (Exception e) { @@ -424,26 +424,26 @@ public class AddCRLServlet extends CMSServlet { } else { CMS.debug("AddCRLServlet: CRL is older"); - // NOTE: The signed audit events - // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and - // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have - // already been logged at this point! + // NOTE: The signed audit events + // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and + // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have + // already been logged at this point! throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_OLD_CRL_ERROR")); + "CMS_GW_OLD_CRL_ERROR")); } } if (crl.isDeltaCRL()) { CMS.debug("AddCRLServlet: no update, Delta CRLs are not supported."); - log(ILogger.LL_INFO, "AddCRLServlet: no update, "+ - CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED")); + log(ILogger.LL_INFO, "AddCRLServlet: no update, " + + CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED")); if (noUI) { try { resp.setContentType("application/text"); - resp.getOutputStream().write("status=1\n".getBytes()); + resp.getOutputStream().write("status=1\n".getBytes()); resp.getOutputStream().write( - "error=Delta CRLs are not supported.\n".getBytes()); + "error=Delta CRLs are not supported.\n".getBytes()); resp.getOutputStream().flush(); cmsReq.setStatus(CMSRequest.SUCCESS); @@ -465,26 +465,26 @@ public class AddCRLServlet extends CMSServlet { IRepositoryRecord repRec = defStore.createRepositoryRecord(); - repRec.set(IRepositoryRecord.ATTR_SERIALNO, - new BigInteger(Long.toString(crl.getThisUpdate().getTime()))); + repRec.set(IRepositoryRecord.ATTR_SERIALNO, + new BigInteger(Long.toString(crl.getThisUpdate().getTime()))); try { defStore.addRepository( - crl.getIssuerDN().getName(), - Long.toString(crl.getThisUpdate().getTime()), - repRec); + crl.getIssuerDN().getName(), + Long.toString(crl.getThisUpdate().getTime()), + repRec); log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CRL Updated " + - Long.toString(crl.getThisUpdate().getTime())); + Long.toString(crl.getThisUpdate().getTime())); } catch (Exception e) { - CMS.debug("AddCRLServlet: add repository e=" + e.toString()); + CMS.debug("AddCRLServlet: add repository e=" + e.toString()); } - log(ILogger.LL_INFO, "AddCRLServlet: Created CRL Repository " + - Long.toString(crl.getThisUpdate().getTime())); + log(ILogger.LL_INFO, "AddCRLServlet: Created CRL Repository " + + Long.toString(crl.getThisUpdate().getTime())); if (defStore.waitOnCRLUpdate()) { defStore.updateCRL(crl); } else { - // when the CRL large, the thread is terminiated by the - // servlet framework before it can finish its work + // when the CRL large, the thread is terminiated by the + // servlet framework before it can finish its work UpdateCRLThread uct = new UpdateCRLThread(defStore, crl); uct.start(); @@ -496,64 +496,64 @@ public class AddCRLServlet extends CMSServlet { if (noUI) { CMS.debug("AddCRLServlet: return result noUI=true"); resp.setContentType("application/text"); - resp.getOutputStream().write("status=0".getBytes()); + resp.getOutputStream().write("status=0".getBytes()); resp.getOutputStream().flush(); cmsReq.setStatus(CMSRequest.SUCCESS); } else { CMS.debug("AddCRLServlet: return result noUI=false"); String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } } catch (IOException e) { CMS.debug("AddCRLServlet: return result error=" + e.toString()); mOCSPAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", - e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", + e.toString())); - // NOTE: The signed audit events - // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and - // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have - // already been logged at this point! + // NOTE: The signed audit events + // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and + // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have + // already been logged at this point! throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } - } catch( EBaseException eAudit1 ) { - if( !CRLFetched ) { + } catch (EBaseException eAudit1) { + if (!CRLFetched) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum); - audit( auditMessage ); + audit(auditMessage); } else { - if( !CRLValidated ) { + if (!CRLValidated) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_VALIDATION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_CRL_VALIDATION, + auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); } } throw eAudit1; } if (statsSub != null) { - statsSub.endTiming("add_crl"); + statsSub.endTiming("add_crl"); } } public X509CRLImpl mapCRL1(String mime64) - throws IOException { + throws IOException { mime64 = Cert.stripCRLBrackets(mime64.trim()); byte rawPub[] = CMS.AtoB(mime64); @@ -568,21 +568,20 @@ public class AddCRLServlet extends CMSServlet { } } - class UpdateCRLThread extends Thread { private IDefStore mDefStore = null; private X509CRL mCRL = null; public UpdateCRLThread( - IDefStore defStore, X509CRL crl) { + IDefStore defStore, X509CRL crl) { mDefStore = defStore; mCRL = crl; } public void run() { try { - if (!((X509CRLImpl)mCRL).areEntriesIncluded()) - mCRL = new X509CRLImpl(((X509CRLImpl)mCRL).getEncoded()); + if (!((X509CRLImpl) mCRL).areEntriesIncluded()) + mCRL = new X509CRLImpl(((X509CRLImpl) mCRL).getEncoded()); mDefStore.updateCRL(mCRL); } catch (CRLException e) { } catch (X509ExtensionException e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java index 3e5d1f49..212ce6a1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.IOException; import java.security.cert.X509CRLEntry; import java.security.cert.X509Certificate; @@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cmsutil.util.Cert; - /** - * Check the status of a specific certificate - * + * Check the status of a specific certificate + * * @version $Revision$ $Date$ */ public class CheckCertServlet extends CMSServlet { @@ -61,9 +59,9 @@ public class CheckCertServlet extends CMSServlet { */ private static final long serialVersionUID = 7782198059640825050L; public static final String BEGIN_HEADER = - "-----BEGIN CERTIFICATE-----"; + "-----BEGIN CERTIFICATE-----"; public static final String END_HEADER = - "-----END CERTIFICATE-----"; + "-----END CERTIFICATE-----"; public static final String ATTR_STATUS = "status"; public static final String ATTR_ISSUERDN = "issuerDN"; @@ -85,7 +83,7 @@ public class CheckCertServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "checkCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -102,14 +100,14 @@ public class CheckCertServlet extends CMSServlet { /** * Process the HTTP request. * <ul> - * <li>http.param cert certificate to check. Base64, DER encoded, wrapped - * in -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- strings + * <li>http.param cert certificate to check. Base64, DER encoded, wrapped in + * -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- strings * </ul> - * + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); @@ -136,9 +134,9 @@ public class CheckCertServlet extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -177,9 +175,9 @@ public class CheckCertServlet extends CMSServlet { header.addStringValue(ATTR_SUBJECTDN, cert.getSubjectDN().getName()); header.addStringValue(ATTR_SERIALNO, "0x" + cert.getSerialNumber().toString(16)); try { - X509CRLImpl crl = null; + X509CRLImpl crl = null; - crl = new X509CRLImpl(pt.getCRL()); + crl = new X509CRLImpl(pt.getCRL()); X509CRLEntry crlentry = crl.getRevokedCertificate(cert.getSerialNumber()); if (crlentry == null) { @@ -201,18 +199,18 @@ public class CheckCertServlet extends CMSServlet { String error = null; String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java index 704c759c..825416e3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.IOException; import java.util.Locale; @@ -41,11 +40,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Retrieve information about the number of OCSP requests the OCSP - * has serviced - * + * Retrieve information about the number of OCSP requests the OCSP has serviced + * * @version $Revision$, $Date$ */ public class GetOCSPInfo extends CMSServlet { @@ -61,9 +58,9 @@ public class GetOCSPInfo extends CMSServlet { } /** - * initialize the servlet. This servlet uses the template - * file "getOCSPInfo.template" to render the result page. - * + * initialize the servlet. This servlet uses the template file + * "getOCSPInfo.template" to render the result page. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -79,14 +76,13 @@ public class GetOCSPInfo extends CMSServlet { } - /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -98,10 +94,10 @@ public class GetOCSPInfo extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -115,7 +111,7 @@ public class GetOCSPInfo extends CMSServlet { if (!(mAuthority instanceof IOCSPService)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -126,10 +122,10 @@ public class GetOCSPInfo extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -147,8 +143,8 @@ public class GetOCSPInfo extends CMSServlet { header.addLongValue("totalData", ca.getOCSPTotalData()); long secs = 0; if (ca.getOCSPRequestTotalTime() != 0) { - secs = (ca.getNumOCSPRequest() * 1000) / ca.getOCSPRequestTotalTime(); - } + secs = (ca.getNumOCSPRequest() * 1000) / ca.getOCSPRequestTotalTime(); + } header.addLongValue("ReqSec", secs); try { ServletOutputStream out = httpResp.getOutputStream(); @@ -157,10 +153,10 @@ public class GetOCSPInfo extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java index 063d8513..6b9d2094 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.IOException; import java.math.BigInteger; import java.util.Date; @@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Show the list of CA's that the OCSP responder can service - * + * * @version $Revision$ $Date$ */ public class ListCAServlet extends CMSServlet { @@ -58,9 +56,9 @@ public class ListCAServlet extends CMSServlet { */ private static final long serialVersionUID = 3764395161795483452L; public static final String BEGIN_HEADER = - "-----BEGIN CERTIFICATE-----"; + "-----BEGIN CERTIFICATE-----"; public static final String END_HEADER = - "-----END CERTIFICATE-----"; + "-----END CERTIFICATE-----"; private final static String TPL_FILE = "listCAs.template"; private String mFormPath = null; @@ -73,7 +71,7 @@ public class ListCAServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "listCAs.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -89,11 +87,11 @@ public class ListCAServlet extends CMSServlet { /** * Process the HTTP request. - * + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); @@ -120,9 +118,9 @@ public class ListCAServlet extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -133,12 +131,12 @@ public class ListCAServlet extends CMSServlet { Enumeration recs = defStore.searchAllCRLIssuingPointRecord(100); // show the current CRL number if present - header.addStringValue("stateCount", - Integer.toString(defStore.getStateCount())); + header.addStringValue("stateCount", + Integer.toString(defStore.getStateCount())); while (recs.hasMoreElements()) { - ICRLIssuingPointRecord rec = - (ICRLIssuingPointRecord) recs.nextElement(); + ICRLIssuingPointRecord rec = + (ICRLIssuingPointRecord) recs.nextElement(); IArgBlock rarg = CMS.createArgBlock(); String thisId = rec.getId(); @@ -163,17 +161,17 @@ public class ListCAServlet extends CMSServlet { rarg.addLongValue("NumRevoked", 0); } else { if (rc.longValue() == -1) { - rarg.addStringValue("NumRevoked", "UNKNOWN"); - } else { - rarg.addLongValue("NumRevoked", rc.longValue()); + rarg.addStringValue("NumRevoked", "UNKNOWN"); + } else { + rarg.addLongValue("NumRevoked", rc.longValue()); } } BigInteger crlNumber = rec.getCRLNumber(); if (crlNumber == null || crlNumber.equals(new BigInteger("-1"))) { - rarg.addStringValue("CRLNumber", "UNKNOWN"); + rarg.addStringValue("CRLNumber", "UNKNOWN"); } else { - rarg.addStringValue("CRLNumber", crlNumber.toString()); + rarg.addStringValue("CRLNumber", crlNumber.toString()); } rarg.addLongValue("ReqCount", defStore.getReqCount(thisId)); @@ -185,18 +183,18 @@ public class ListCAServlet extends CMSServlet { String error = null; String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java index cfc91975..a11a1739 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.InputStream; @@ -47,11 +46,10 @@ import com.netscape.cmsutil.ocsp.ResponseData; import com.netscape.cmsutil.ocsp.SingleResponse; import com.netscape.cmsutil.ocsp.TBSRequest; - /** - * Process OCSP messages, According to RFC 2560 - * See http://www.ietf.org/rfc/rfc2560.txt - * + * Process OCSP messages, According to RFC 2560 See + * http://www.ietf.org/rfc/rfc2560.txt + * * @version $Revision$ $Date$ */ public class OCSPServlet extends CMSServlet { @@ -65,7 +63,7 @@ public class OCSPServlet extends CMSServlet { public final static String PROP_MAX_REQUEST_SIZE = "MaxRequestSize"; public final static String PROP_ID = "ID"; - private int m_maxRequestSize=5000; + private int m_maxRequestSize = 5000; public OCSPServlet() { super(); @@ -74,35 +72,35 @@ public class OCSPServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); String s = sc.getInitParameter(PROP_MAX_REQUEST_SIZE); if (s != null) { - try { - m_maxRequestSize = Integer.parseInt(s); - } catch (Exception e) {} - } + try { + m_maxRequestSize = Integer.parseInt(s); + } catch (Exception e) { + } + } } /** - * Process the HTTP request. - * This method is invoked when the OCSP service receives a OCSP - * request. Based on RFC 2560, the request should have the OCSP - * request in the HTTP body as binary blob. - * + * Process the HTTP request. This method is invoked when the OCSP service + * receives a OCSP request. Based on RFC 2560, the request should have the + * OCSP request in the HTTP body as binary blob. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("ocsp", true /* main action */); + statsSub.startTiming("ocsp", true /* main action */); } IAuthToken authToken = authenticate(cmsReq); @@ -119,12 +117,12 @@ public class OCSPServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - + CMS.debug("Servlet Path=" + httpReq.getServletPath()); CMS.debug("RequestURI=" + httpReq.getRequestURI()); - String pathInfo = httpReq.getPathInfo(); + String pathInfo = httpReq.getPathInfo(); if (pathInfo != null && pathInfo.indexOf('%') != -1) { - pathInfo = URLDecoder.decode(pathInfo); + pathInfo = URLDecoder.decode(pathInfo); } CMS.debug("PathInfo=" + pathInfo); @@ -136,46 +134,46 @@ public class OCSPServlet extends CMSServlet { String method = httpReq.getMethod(); CMS.debug("Method=" + method); if (method != null && method.equals("POST")) { - int reqlen = httpReq.getContentLength(); - - if (reqlen == -1) { - throw new Exception("OCSPServlet: Content-Length not supplied"); - } - if (reqlen == 0) { - throw new Exception("OCSPServlet: Invalid Content-Length"); - } - if (reqlen > m_maxRequestSize) { - throw new Exception("OCSPServlet: Client sending too much OCSP request data ("+reqlen+")"); - } - - // for debugging - reqbuf = new byte[reqlen]; - int bytesread = 0; - boolean partial = false; - - while (bytesread < reqlen) { - int r = is.read(reqbuf, bytesread, reqlen - bytesread); - if (r == -1) { - throw new Exception("OCSPServlet: Client did not supply enough OCSP data"); + int reqlen = httpReq.getContentLength(); + + if (reqlen == -1) { + throw new Exception("OCSPServlet: Content-Length not supplied"); + } + if (reqlen == 0) { + throw new Exception("OCSPServlet: Invalid Content-Length"); + } + if (reqlen > m_maxRequestSize) { + throw new Exception("OCSPServlet: Client sending too much OCSP request data (" + reqlen + ")"); } - bytesread += r; - if (partial == false) { - if (bytesread < reqlen) { - partial = true; + + // for debugging + reqbuf = new byte[reqlen]; + int bytesread = 0; + boolean partial = false; + + while (bytesread < reqlen) { + int r = is.read(reqbuf, bytesread, reqlen - bytesread); + if (r == -1) { + throw new Exception("OCSPServlet: Client did not supply enough OCSP data"); + } + bytesread += r; + if (partial == false) { + if (bytesread < reqlen) { + partial = true; + } } } - } - is = new ByteArrayInputStream(reqbuf); + is = new ByteArrayInputStream(reqbuf); } else { - // GET method - if ( (pathInfo == null) || - (pathInfo.equals( "" ) ) || - (pathInfo.substring(1) == null) || - (pathInfo.substring(1).equals( "" ) ) ) { - throw new Exception("OCSPServlet: OCSP request not provided in GET method"); - } - is = new ByteArrayInputStream( - com.netscape.osutil.OSUtil.AtoB(pathInfo.substring(1))); + // GET method + if ((pathInfo == null) || + (pathInfo.equals("")) || + (pathInfo.substring(1) == null) || + (pathInfo.substring(1).equals(""))) { + throw new Exception("OCSPServlet: OCSP request not provided in GET method"); + } + is = new ByteArrayInputStream( + com.netscape.osutil.OSUtil.AtoB(pathInfo.substring(1))); } // (1) retrieve OCSP request @@ -183,22 +181,23 @@ public class OCSPServlet extends CMSServlet { OCSPResponse response = null; try { - OCSPRequest.Template reqTemplate = - new OCSPRequest.Template(); + OCSPRequest.Template reqTemplate = + new OCSPRequest.Template(); - if ( (is == null) || - (is.toString().equals( "" ) ) ) { - throw new Exception( "OCSPServlet: OCSP request is " + if ((is == null) || + (is.toString().equals(""))) { + throw new Exception("OCSPServlet: OCSP request is " + "empty or malformed"); } ocspReq = (OCSPRequest) reqTemplate.decode(is); - if ( (ocspReq == null) || - (ocspReq.toString().equals( "" ) ) ) { - throw new Exception( "OCSPServlet: Decoded OCSP request " + if ((ocspReq == null) || + (ocspReq.toString().equals(""))) { + throw new Exception("OCSPServlet: Decoded OCSP request " + "is empty or malformed"); } response = ((IOCSPService) mAuthority).validate(ocspReq); - } catch (Exception e) {; + } catch (Exception e) { + ; CMS.debug("OCSPServlet: " + e.toString()); } @@ -219,8 +218,8 @@ public class OCSPServlet extends CMSServlet { CMS.debug("OCSPServlet: " + CMS.BtoA(ASN1Util.encode(ocspReq))); TBSRequest tbsReq = ocspReq.getTBSRequest(); for (int i = 0; i < tbsReq.getRequestCount(); i++) { - com.netscape.cmsutil.ocsp.Request req = tbsReq.getRequestAt(i); - CMS.debug("Serial Number: " + req.getCertID().getSerialNumber()); + com.netscape.cmsutil.ocsp.Request req = tbsReq.getRequestAt(i); + CMS.debug("Serial Number: " + req.getCertID().getSerialNumber()); } CMS.debug("OCSPServlet: OCSP Response Size:"); CMS.debug("OCSPServlet: " + Integer.toString(respbytes.length)); @@ -232,17 +231,17 @@ public class OCSPServlet extends CMSServlet { } else if (rbytes.getObjectIdentifier().equals( ResponseBytes.OCSP_BASIC)) { BasicOCSPResponse basicRes = (BasicOCSPResponse) - BasicOCSPResponse.getTemplate().decode( - new ByteArrayInputStream(rbytes.getResponse().toByteArray())); + BasicOCSPResponse.getTemplate().decode( + new ByteArrayInputStream(rbytes.getResponse().toByteArray())); if (basicRes == null) { CMS.debug("Basic Res is null"); } else { ResponseData data = basicRes.getResponseData(); for (int i = 0; i < data.getResponseCount(); i++) { SingleResponse res = data.getResponseAt(i); - CMS.debug("Serial Number: " + - res.getCertID().getSerialNumber() + - " Status: " + + CMS.debug("Serial Number: " + + res.getCertID().getSerialNumber() + + " Status: " + res.getCertStatus().getClass().getName()); } } @@ -250,14 +249,14 @@ public class OCSPServlet extends CMSServlet { } httpResp.setContentType("application/ocsp-response"); - + httpResp.setContentLength(respbytes.length); OutputStream ooss = httpResp.getOutputStream(); ooss.write(respbytes); ooss.flush(); if (statsSub != null) { - statsSub.endTiming("ocsp"); + statsSub.endTiming("ocsp"); } mRenderResult = false; diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java index 3ec72bb8..2ecbdf1e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.IOException; import java.util.Locale; @@ -41,11 +40,11 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Configure the CA to no longer respond to OCSP requests for a CA - * - * @version $Revision: 1274 $ $Date: 2010-09-07 22:14:41 -0700 (Tue, 07 Sep 2010) $ + * + * @version $Revision: 1274 $ $Date: 2010-09-07 22:14:41 -0700 (Tue, 07 Sep + * 2010) $ */ public class RemoveCAServlet extends CMSServlet { @@ -58,12 +57,12 @@ public class RemoveCAServlet extends CMSServlet { private IOCSPAuthority mOCSPAuthority = null; private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST = - "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_3"; + "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_3"; private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS_3"; + "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS_3"; private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE_3"; + "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE_3"; public RemoveCAServlet() { super(); @@ -72,7 +71,7 @@ public class RemoveCAServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "addCA.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -90,18 +89,20 @@ public class RemoveCAServlet extends CMSServlet { /** * Process the HTTP request. * <ul> - * <li>http.param ca id. The format is string. - * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST used when - * a CA is attempted to be removed from the OCSP responder - * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS - * and LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE are used when - * a remove CA request to the OCSP Responder is processed successfully or not. + * <li>http.param ca id. The format is string. + * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST used when a + * CA is attempted to be removed from the OCSP responder + * <li>signed.audit + * LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS and + * LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE are used + * when a remove CA request to the OCSP Responder is processed successfully + * or not. * </ul> - * + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); String auditMessage = null; @@ -132,9 +133,9 @@ public class RemoveCAServlet extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -142,79 +143,78 @@ public class RemoveCAServlet extends CMSServlet { CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); if (auditSubjectID.equals(ILogger.NONROLEUSER) || - auditSubjectID.equals(ILogger.UNIDENTIFIED)) { + auditSubjectID.equals(ILogger.UNIDENTIFIED)) { String uid = authToken.getInString(IAuthToken.USER_ID); if (uid != null) { - CMS.debug("RemoveCAServlet: auditSubjectID set to "+uid); + CMS.debug("RemoveCAServlet: auditSubjectID set to " + uid); auditSubjectID = uid; } } - String caID = cmsReq.getHttpReq().getParameter("caID"); - + String caID = cmsReq.getHttpReq().getParameter("caID"); - if (caID == null) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE, - auditSubjectID, - ILogger.FAILURE, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + if (caID == null) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE, + auditSubjectID, + ILogger.FAILURE, + ILogger.SIGNED_AUDIT_EMPTY_VALUE); - throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_ID")); - } + throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_ID")); + } - auditMessage = CMS.getLogMessage( + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST, auditSubjectID, ILogger.SUCCESS, caID); - audit( auditMessage ); + audit(auditMessage); - IDefStore defStore = mOCSPAuthority.getDefaultStore(); + IDefStore defStore = mOCSPAuthority.getDefaultStore(); - try { - defStore.deleteCRLIssuingPointRecord(caID); + try { + defStore.deleteCRLIssuingPointRecord(caID); - } catch (EBaseException e) { + } catch (EBaseException e) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE, - auditSubjectID, - ILogger.FAILURE, - caID); - audit( auditMessage ); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE, + auditSubjectID, + ILogger.FAILURE, + caID); + audit(auditMessage); - CMS.debug("RemoveCAServlet::process: Error deleting CRL IssuingPoint: " + caID); - throw new EBaseException(e.toString()); + CMS.debug("RemoveCAServlet::process: Error deleting CRL IssuingPoint: " + caID); + throw new EBaseException(e.toString()); } CMS.debug("RemoveCAServlet::process: CRL IssuingPoint for CA successfully removed: " + caID); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS, - auditSubjectID, - ILogger.SUCCESS, - caID); - audit( auditMessage ); + LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS, + auditSubjectID, + ILogger.SUCCESS, + caID); + audit(auditMessage); try { ServletOutputStream out = resp.getOutputStream(); String error = null; String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java index 1e44dad1..e7d63602 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -72,11 +71,10 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Process CMC messages according to RFC 2797 - * See http://www.ietf.org/rfc/rfc2797.txt - * + * Process CMC messages according to RFC 2797 See + * http://www.ietf.org/rfc/rfc2797.txt + * * @version $Revision$, $Date$ */ public class CMCProcessor extends PKIProcessor { @@ -95,18 +93,18 @@ public class CMCProcessor extends PKIProcessor { } public void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { } public void fillCertInfo( - String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { } public X509CertInfo[] fillCertInfoArray( - String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { CMS.debug("CMCProcessor: In CMCProcessor.fillCertInfoArray!"); String cmc = protocolString; @@ -114,17 +112,16 @@ public class CMCProcessor extends PKIProcessor { try { byte[] cmcBlob = CMS.AtoB(cmc); ByteArrayInputStream cmcBlobIn = - new ByteArrayInputStream(cmcBlob); + new ByteArrayInputStream(cmcBlob); org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) - org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); + org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); - if - (!cmcReq.getContentType().equals(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) || !cmcReq.hasContent()) + if (!cmcReq.getContentType().equals(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) || !cmcReq.hasContent()) throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT")); SignedData cmcFullReq = (SignedData) - cmcReq.getInterpretedContent(); + cmcReq.getInterpretedContent(); EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); @@ -132,7 +129,7 @@ public class CMCProcessor extends PKIProcessor { if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) || !ci.hasContent()) { throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_PKIDATA")); + CMS.getUserMessage("CMS_GW_NO_PKIDATA")); } OCTET_STRING content = ci.getContent(); @@ -144,7 +141,7 @@ public class CMCProcessor extends PKIProcessor { int numReqs = reqSequence.size(); X509CertInfo[] certInfoArray = new X509CertInfo[numReqs]; String[] reqIdArray = new String[numReqs]; - + for (int i = 0; i < numReqs; i++) { // decode message. TaggedRequest taggedRequest = (TaggedRequest) reqSequence.elementAt(i); @@ -158,7 +155,7 @@ public class CMCProcessor extends PKIProcessor { reqIdArray[i] = String.valueOf(p10Id); CertificationRequest p10 = - tcr.getCertificationRequest(); + tcr.getCertificationRequest(); // transfer to sun class ByteArrayOutputStream ostream = new ByteArrayOutputStream(); @@ -169,13 +166,13 @@ public class CMCProcessor extends PKIProcessor { try { PKCS10 pkcs10 = new PKCS10(ostream.toByteArray()); - //xxx do we need to do anything else? + // xxx do we need to do anything else? X509CertInfo certInfo = CMS.getDefaultX509CertInfo(); pkcs10Processor.fillCertInfo(pkcs10, certInfo, authToken, httpParams); - /* fillPKCS10(pkcs10,certInfo, - authToken, httpParams); + /* + * fillPKCS10(pkcs10,certInfo, authToken, httpParams); */ certInfoArray[i] = certInfo; @@ -195,7 +192,7 @@ public class CMCProcessor extends PKIProcessor { reqIdArray[i] = String.valueOf(srcId); - certInfoArray[i] = crmfProc.processIndividualRequest(crm, authToken, httpParams); + certInfoArray[i] = crmfProc.processIndividualRequest(crm, authToken, httpParams); } else { throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT")); @@ -209,12 +206,12 @@ public class CMCProcessor extends PKIProcessor { for (int i = 0; i < numDig; i++) { AlgorithmIdentifier dai = - (AlgorithmIdentifier) dais.elementAt(i); + (AlgorithmIdentifier) dais.elementAt(i); String name = - DigestAlgorithm.fromOID(dai.getOID()).toString(); + DigestAlgorithm.fromOID(dai.getOID()).toString(); MessageDigest md = - MessageDigest.getInstance(name); + MessageDigest.getInstance(name); byte[] digest = md.digest(content.toByteArray()); @@ -226,8 +223,8 @@ public class CMCProcessor extends PKIProcessor { for (int i = 0; i < numSis; i++) { org.mozilla.jss.pkix.cms.SignerInfo si = - (org.mozilla.jss.pkix.cms.SignerInfo) - sis.elementAt(i); + (org.mozilla.jss.pkix.cms.SignerInfo) + sis.elementAt(i); String name = si.getDigestAlgorithm().toString(); byte[] digest = (byte[]) digs.get(name); @@ -243,8 +240,7 @@ public class CMCProcessor extends PKIProcessor { SignerIdentifier sid = si.getSignerIdentifier(); - if - (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) { + if (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) { IssuerAndSerialNumber issuerAndSerialNumber = sid.getIssuerAndSerialNumber(); // find from the certs in the signedData X509Certificate cert = null; @@ -255,20 +251,19 @@ public class CMCProcessor extends PKIProcessor { for (int j = 0; j < numCerts; j++) { Certificate certJss = - (Certificate) certs.elementAt(j); + (Certificate) certs.elementAt(j); CertificateInfo certI = - certJss.getInfo(); + certJss.getInfo(); Name issuer = certI.getIssuer(); byte[] issuerB = ASN1Util.encode(issuer); INTEGER sn = certI.getSerialNumber(); - if ( - new String(issuerB).equals(new + if (new String(issuerB).equals(new String(ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) - && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { + && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { ByteArrayOutputStream os = new - ByteArrayOutputStream(); + ByteArrayOutputStream(); certJss.encode(os); cert = new X509CertImpl(os.toByteArray()); @@ -296,8 +291,8 @@ public class CMCProcessor extends PKIProcessor { } else { } PK11PubKey pubK = - PK11PubKey.fromRaw(keyType, - ((X509Key) signKey).getKey()); + PK11PubKey.fromRaw(keyType, + ((X509Key) signKey).getKey()); si.verify(digest, id, pubK); } @@ -321,8 +316,7 @@ public class CMCProcessor extends PKIProcessor { j++; } if (signKey == null) { - throw new - ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", "SubjectKeyIdentifier in SignerInfo does not match any publicKey in the request.")); } else { PrivateKey.Type keyType = null; @@ -352,7 +346,7 @@ public class CMCProcessor extends PKIProcessor { for (int i = 0; i < numControls; i++) { TaggedAttribute control = - (TaggedAttribute) controls.elementAt(i); + (TaggedAttribute) controls.elementAt(i); OBJECT_IDENTIFIER type = control.getType(); SET values = control.getValues(); int numVals = values.size(); @@ -364,7 +358,7 @@ public class CMCProcessor extends PKIProcessor { vals = new String[numVals]; for (int j = 0; j < numVals; j++) { ANY val = (ANY) - values.elementAt(j); + values.elementAt(j); INTEGER transId = (INTEGER) ((ANY) val).decodeWith( INTEGER.getTemplate()); @@ -374,17 +368,16 @@ public class CMCProcessor extends PKIProcessor { } if (vals != null) req.setExtData(IRequest.CMC_TRANSID, vals); - } else if - (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { + } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { String[] vals = null; if (numVals > 0) vals = new String[numVals]; for (int j = 0; j < numVals; j++) { ANY val = (ANY) - values.elementAt(j); + values.elementAt(j); OCTET_STRING nonce = (OCTET_STRING) - ((ANY) val).decodeWith(OCTET_STRING.getTemplate()); + ((ANY) val).decodeWith(OCTET_STRING.getTemplate()); if (nonce != null) { vals[j] = new String(nonce.toByteArray()); @@ -409,27 +402,27 @@ public class CMCProcessor extends PKIProcessor { return certInfoArray; } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); } catch (InvalidBERException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); } catch (InvalidKeyException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); - }catch (Exception e) { + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + } catch (Exception e) { throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_ERROR", e.toString())); + CMS.getUserMessage("CMS_GW_CMC_ERROR", e.toString())); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java index 27648758..361bf594 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -56,11 +55,10 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Process CRMF requests, according to RFC 2511 - * See http://www.ietf.org/rfc/rfc2511.txt - * + * Process CRMF requests, according to RFC 2511 See + * http://www.ietf.org/rfc/rfc2511.txt + * * @version $Revision$, $Date$ */ public class CRMFProcessor extends PKIProcessor { @@ -70,7 +68,7 @@ public class CRMFProcessor extends PKIProcessor { private boolean enforcePop = false; private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = - "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; + "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; public CRMFProcessor() { super(); @@ -84,22 +82,23 @@ public class CRMFProcessor extends PKIProcessor { } public void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { } /** * Verify Proof of Possession (POP) * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION used when proof * of possession is checked during certificate enrollment * </ul> + * * @param certReqMsg the certificate request message * @exception EBaseException an error has occurred */ private void verifyPOP(CertReqMsg certReqMsg) - throws EBaseException { + throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -118,59 +117,59 @@ public class CRMFProcessor extends PKIProcessor { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.SUCCESS ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.SUCCESS); - audit( auditMessage ); + audit(auditMessage); } catch (Exception e) { CMS.debug("CRMFProcessor: Failed POP verify!"); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); + CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); + CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); } } } else { if (enforcePop == true) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_NO_POP")); + CMS.getLogMessage("CMSGW_ERROR_NO_POP")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_NO_POP")); + CMS.getLogMessage("CMSGW_ERROR_NO_POP")); } } - } catch( EBaseException eAudit1 ) { + } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); } } - public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg, IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg, IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { CMS.debug("CRMFProcessor::processIndividualRequest!"); try { @@ -205,21 +204,21 @@ public class CRMFProcessor extends PKIProcessor { if (certTemplate.hasSubject()) { Name subjectdn = certTemplate.getSubject(); ByteArrayOutputStream subjectEncStream = - new ByteArrayOutputStream(); + new ByteArrayOutputStream(); subjectdn.encode(subjectEncStream); byte[] subjectEnc = subjectEncStream.toByteArray(); X500Name subject = new X500Name(subjectEnc); certInfo.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(subject)); + new CertificateSubjectName(subject)); } else if (authToken == null || - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { // No subject name - error! log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); } // get extensions @@ -243,10 +242,10 @@ public class CRMFProcessor extends PKIProcessor { for (int j = 0; j < numexts; j++) { org.mozilla.jss.pkix.cert.Extension jssext = - certTemplate.extensionAt(j); + certTemplate.extensionAt(j); boolean isCritical = jssext.getCritical(); org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = - jssext.getExtnId(); + jssext.getExtnId(); long[] numbers = jssoid.getNumbers(); int[] oidNumbers = new int[numbers.length]; @@ -254,23 +253,23 @@ public class CRMFProcessor extends PKIProcessor { oidNumbers[k] = (int) numbers[k]; } ObjectIdentifier oid = - new ObjectIdentifier(oidNumbers); + new ObjectIdentifier(oidNumbers); org.mozilla.jss.asn1.OCTET_STRING jssvalue = - jssext.getExtnValue(); + jssext.getExtnValue(); ByteArrayOutputStream jssvalueout = - new ByteArrayOutputStream(); + new ByteArrayOutputStream(); jssvalue.encode(jssvalueout); byte[] extValue = jssvalueout.toByteArray(); Extension ext = - new Extension(oid, isCritical, extValue); + new Extension(oid, isCritical, extValue); extensions.parseExtension(ext); } certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } @@ -283,7 +282,7 @@ public class CRMFProcessor extends PKIProcessor { // formulation. // -- CRMFfillCert if (authToken != null && - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { // if authenticated override subect name, validity and // extensions if any from authtoken. fillCertInfoFromAuthToken(certInfo, authToken); @@ -300,31 +299,31 @@ public class CRMFProcessor extends PKIProcessor { } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); - } /* catch (InvalidBERException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString())); - throw new ECMSGWException( - CMSGWResources.ERROR_CRMF_TO_CERTINFO); - } */ catch (InvalidKeyException e) { + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + } /* + * catch (InvalidBERException e) { log(ILogger.LL_FAILURE, + * CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString())); + * throw new ECMSGWException( CMSGWResources.ERROR_CRMF_TO_CERTINFO); + * } + */catch (InvalidKeyException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } } public X509CertInfo[] fillCertInfoArray( - String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { CMS.debug("CRMFProcessor.fillCertInfoArray!"); @@ -333,10 +332,10 @@ public class CRMFProcessor extends PKIProcessor { try { byte[] crmfBlob = CMS.AtoB(crmf); ByteArrayInputStream crmfBlobIn = - new ByteArrayInputStream(crmfBlob); + new ByteArrayInputStream(crmfBlob); SEQUENCE crmfMsgs = (SEQUENCE) - new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn); + new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn); int nummsgs = crmfMsgs.size(); X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs]; @@ -344,7 +343,7 @@ public class CRMFProcessor extends PKIProcessor { for (int i = 0; i < nummsgs; i++) { // decode message. CertReqMsg certReqMsg = (CertReqMsg) crmfMsgs.elementAt(i); - + CertRequest certReq = certReqMsg.getCertReq(); INTEGER certReqId = certReq.getCertReqId(); int srcId = certReqId.intValue(); @@ -355,20 +354,19 @@ public class CRMFProcessor extends PKIProcessor { } - //do_testbed_hack(nummsgs, certInfoArray, httpParams); + // do_testbed_hack(nummsgs, certInfoArray, httpParams); return certInfoArray; } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (InvalidBERException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java index d021f653..9139f888 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java @@ -17,19 +17,17 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import com.netscape.certsrv.base.EBaseException; import com.netscape.cms.servlet.common.CMSRequest; - /** * This represents the request parser. - * + * * @version $Revision$, $Date$ */ public interface IPKIProcessor { public void process(CMSRequest cmsReq) - throws EBaseException; + throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java index cc035033..810c3ff2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.IOException; import java.security.cert.CertificateException; @@ -37,11 +36,10 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * KeyGenProcess parses Certificate request matching the - * KEYGEN tag format used by Netscape Communicator 4.x - * + * KeyGenProcess parses Certificate request matching the KEYGEN tag format used + * by Netscape Communicator 4.x + * * @version $Revision$, $Date$ */ public class KeyGenProcessor extends PKIProcessor { @@ -56,13 +54,13 @@ public class KeyGenProcessor extends PKIProcessor { } public void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { } public void fillCertInfo( - String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { CMS.debug("KeyGenProcessor: fillCertInfo"); @@ -72,7 +70,7 @@ public class KeyGenProcessor extends PKIProcessor { KeyGenInfo keyGenInfo = httpParams.getValueAsKeyGenInfo( PKIProcessor.SUBJECT_KEYGEN_INFO, null); - + // fill key X509Key key = null; @@ -80,20 +78,20 @@ public class KeyGenProcessor extends PKIProcessor { if (key == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_KEY_IN_KEYGENINFO")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_KEYGENINFO")); + CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_KEYGENINFO")); } try { certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - "Could not set key into certInfo from keygen. Error " + e); + "Could not set key into certInfo from keygen. Error " + e); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString())); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_KEYGEN_1", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_KEYGEN_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString())); } String authMgr = mServlet.getAuthMgr(); @@ -106,12 +104,12 @@ public class KeyGenProcessor extends PKIProcessor { if (authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { // allow special case for agent gateway in admin enroll // and bulk issuance. - if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID) && - !authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) { + if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID) && + !authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); } fillCertInfoFromForm(certInfo, httpParams); } else { diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java index 53d38455..5079969e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.IOException; import java.security.cert.CertificateException; @@ -46,12 +45,10 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * PKCS10Processor process Certificate Requests in - * PKCS10 format, as defined here: - * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html - * + * PKCS10Processor process Certificate Requests in PKCS10 format, as defined + * here: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html + * * @version $Revision$, $Date$ */ public class PKCS10Processor extends PKIProcessor { @@ -61,7 +58,7 @@ public class PKCS10Processor extends PKIProcessor { private final String USE_INTERNAL_PKCS10 = "internal"; public PKCS10Processor() { - + super(); } @@ -71,24 +68,24 @@ public class PKCS10Processor extends PKIProcessor { } public void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { } - public void fillCertInfo( - PKCS10 pkcs10, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + public void fillCertInfo( + PKCS10 pkcs10, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { mPkcs10 = pkcs10; - - fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams); + + fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams); } public void fillCertInfo( - String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { PKCS10 p10 = null; @@ -99,8 +96,8 @@ public class PKCS10Processor extends PKIProcessor { } else if (protocolString.equals(USE_INTERNAL_PKCS10)) { p10 = mPkcs10; } else { - CMS.debug( "PKCS10Processor::fillCertInfo() - p10 is null!" ); - throw new EBaseException( "p10 is null" ); + CMS.debug("PKCS10Processor::fillCertInfo() - p10 is null!"); + throw new EBaseException("p10 is null"); } if (mServlet == null) { @@ -123,7 +120,7 @@ public class PKCS10Processor extends PKIProcessor { certInfo.set(X509CertInfo.KEY, certKey); } catch (CertificateException e) { EBaseException ex = new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); log(ILogger.LL_FAILURE, ex.toString()); throw ex; @@ -140,31 +137,31 @@ public class PKCS10Processor extends PKIProcessor { if (subject != null) { try { certInfo.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(subject)); + new CertificateSubjectName(subject)); log(ILogger.LL_INFO, - "Setting subject name " + subject + " from p10."); + "Setting subject name " + subject + " from p10."); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); } catch (Exception e) { // if anything bad happens in X500 name parsing, // this will catch it. log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); } } else if (authToken == null || - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10")); + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10")); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_IN_P10")); } @@ -177,12 +174,12 @@ public class PKCS10Processor extends PKIProcessor { if (p10Attrs != null) { PKCS10Attribute p10Attr = (PKCS10Attribute) - (p10Attrs.getAttribute(CertificateExtensions.NAME)); + (p10Attrs.getAttribute(CertificateExtensions.NAME)); if (p10Attr != null && p10Attr.getAttributeId().equals( PKCS9Attribute.EXTENSION_REQUEST_OID)) { Extensions exts0 = (Extensions) - (p10Attr.getAttributeValue()); + (p10Attr.getAttributeValue()); DerOutputStream extOut = new DerOutputStream(); exts0.encode(extOut); @@ -196,23 +193,23 @@ public class PKCS10Processor extends PKIProcessor { } } CMS.debug( - "PKCS10Processor: Seted cert extensions from pkcs10. "); + "PKCS10Processor: Seted cert extensions from pkcs10. "); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); throw new ECMSGWException( CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); throw new ECMSGWException( CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); } catch (Exception e) { // if anything bad happens in extensions parsing, // this will catch it. log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); throw new ECMSGWException( CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); } @@ -223,8 +220,8 @@ public class PKCS10Processor extends PKIProcessor { String authMgr = mServlet.getAuthMgr(); if (authToken != null && - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null && - !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) { + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null && + !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) { fillCertInfoFromAuthToken(certInfo, authToken); } @@ -233,12 +230,12 @@ public class PKCS10Processor extends PKIProcessor { // from the http parameters. if (mServletId.equals(PKIProcessor.ADMIN_ENROLL_SERVLET_ID)) { fillValidityFromForm(certInfo, httpParams); - } - + } + } private PKCS10 getPKCS10(IArgBlock httpParams) - throws EBaseException { + throws EBaseException { PKCS10 pkcs10 = null; @@ -252,7 +249,7 @@ public class PKCS10Processor extends PKIProcessor { } else { // some policies may rely on the fact that // CERT_TYPE is set. So for 3.5.1 or eariler - // we need to set CERT_TYPE but not here. + // we need to set CERT_TYPE but not here. } if (certType.equals("client")) { // coming from MSIE @@ -271,13 +268,13 @@ public class PKCS10Processor extends PKIProcessor { } } - //pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null); + // pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null); } else { try { // coming from server cut & paste blob. pkcs10 = httpParams.getValueAsPKCS10(PKIProcessor.PKCS10_REQUEST, false, null); - }catch (Exception ex) { + } catch (Exception ex) { ex.printStackTrace(); } } @@ -286,4 +283,4 @@ public class PKCS10Processor extends PKIProcessor { } -} +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java index 625808d7..d0861573 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Date; @@ -42,10 +41,9 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Process Certificate Requests - * + * * @version $Revision$, $Date$ */ public class PKIProcessor implements IPKIProcessor { @@ -57,7 +55,7 @@ public class PKIProcessor implements IPKIProcessor { public static final String PKCS10_REQUEST = "pkcs10Request"; public static final String SUBJECT_KEYGEN_INFO = "subjectKeyGenInfo"; - protected CMSRequest mRequest = null; + protected CMSRequest mRequest = null; protected HttpServletRequest httpReq = null; protected String mServletId = null; @@ -84,30 +82,30 @@ public class PKIProcessor implements IPKIProcessor { } public void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { } protected void fillCertInfo( - String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { } protected X509CertInfo[] fillCertInfoArray( - String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { return null; } /** - * fill subject name, validity, extensions from authoken if any, - * overriding what was in pkcs10. - * fill subject name, extensions from http input if not authenticated. - * requests not authenticated will need to be approved by an agent. + * fill subject name, validity, extensions from authoken if any, overriding + * what was in pkcs10. fill subject name, extensions from http input if not + * authenticated. requests not authenticated will need to be approved by an + * agent. */ public static void fillCertInfoFromAuthToken( - X509CertInfo certInfo, IAuthToken authToken) - throws EBaseException { + X509CertInfo certInfo, IAuthToken authToken) + throws EBaseException { // override subject, validity and extensions from auth token // CA determines algorithm, version and issuer. // take key from keygen, cmc, pkcs10 or crmf. @@ -116,60 +114,60 @@ public class PKIProcessor implements IPKIProcessor { // subject name. try { String subjectname = - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT); + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT); if (subjectname != null) { CertificateSubjectName certSubject = (CertificateSubjectName) - new CertificateSubjectName(new X500Name(subjectname)); + new CertificateSubjectName(new X500Name(subjectname)); certInfo.set(X509CertInfo.SUBJECT, certSubject); log(ILogger.LL_INFO, - "cert subject set to " + certSubject + " from authtoken"); + "cert subject set to " + certSubject + " from authtoken"); } } catch (CertificateException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } // validity try { CertificateValidity validity = null; Date notBefore = - authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); + authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); Date notAfter = - authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); + authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); if (notBefore != null && notAfter != null) { validity = new CertificateValidity(notBefore, notAfter); certInfo.set(X509CertInfo.VALIDITY, validity); log(ILogger.LL_INFO, - "cert validity set to " + validity + " from authtoken"); + "cert validity set to " + validity + " from authtoken"); } } catch (CertificateException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } catch (IOException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } // extensions try { CertificateExtensions extensions = - authToken.getInCertExts(X509CertInfo.EXTENSIONS); + authToken.getInCertExts(X509CertInfo.EXTENSIONS); if (extensions != null) { certInfo.set(X509CertInfo.EXTENSIONS, extensions); @@ -177,26 +175,25 @@ public class PKIProcessor implements IPKIProcessor { } } catch (CertificateException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } catch (IOException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } } /** - * fill subject name, extension from form. - * this is done for unauthenticated requests. - * unauthenticated requests must be approved by agents so these will - * all be seen by and agent. + * fill subject name, extension from form. this is done for unauthenticated + * requests. unauthenticated requests must be approved by agents so these + * will all be seen by and agent. */ public static void fillCertInfoFromForm( - X509CertInfo certInfo, IArgBlock httpParams) - throws EBaseException { + X509CertInfo certInfo, IArgBlock httpParams) + throws EBaseException { CMS.debug("PKIProcessor: fillCertInfoFromForm"); // subject name. @@ -205,41 +202,41 @@ public class PKIProcessor implements IPKIProcessor { if (subject == null) { throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM")); } X500Name x500name = new X500Name(subject); certInfo.set( - X509CertInfo.SUBJECT, new CertificateSubjectName(x500name)); + X509CertInfo.SUBJECT, new CertificateSubjectName(x500name)); fillValidityFromForm(certInfo, httpParams); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IllegalArgumentException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS")); + CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR")); + CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR")); } // requested extensions. // let polcies form extensions from http input. } - public static void fillValidityFromForm( - X509CertInfo certInfo, IArgBlock httpParams) - throws EBaseException { + public static void fillValidityFromForm( + X509CertInfo certInfo, IArgBlock httpParams) + throws EBaseException { CMS.debug("PKIProcessor: fillValidityFromForm!"); try { String notValidBeforeStr = httpParams.getValueAsString("notValidBefore", null); @@ -267,43 +264,43 @@ public class PKIProcessor implements IPKIProcessor { validity = new CertificateValidity(notBefore, notAfter); certInfo.set(X509CertInfo.VALIDITY, validity); log(ILogger.LL_INFO, - "cert validity set to " + validity + " from authtoken"); + "cert validity set to " + validity + " from authtoken"); } } } } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } } /** * log according to authority category. */ - public static void log(int event, int level, String msg) { + public static void log(int event, int level, String msg) { CMS.getLogger().log(event, ILogger.S_OTHER, level, - "PKIProcessor " + ": " + msg); + "PKIProcessor " + ": " + msg); } public static void log(int level, String msg) { CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, - "PKIProcessor " + ": " + msg); + "PKIProcessor " + ": " + msg); } /** * Signed Audit Log - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to store messages to the signed audit log. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -315,20 +312,19 @@ public class PKIProcessor implements IPKIProcessor { } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Subject ID - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to obtain the "SubjectID" for - * a signed audit log message. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * obtain the "SubjectID" for a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -358,4 +354,3 @@ public class PKIProcessor implements IPKIProcessor { return subjectID; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java index da24d2c2..b5cec9da 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.util.Enumeration; import java.util.Locale; @@ -46,10 +45,9 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; - /** * Toggle the approval state of a profile - * + * * @version $Revision$, $Date$ */ public class ProfileApproveServlet extends ProfileServlet { @@ -59,10 +57,10 @@ public class ProfileApproveServlet extends ProfileServlet { */ private static final long serialVersionUID = 3956879326742839550L; private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL = - "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4"; + "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4"; private final static String OP_APPROVE = "approve"; private final static String OP_DISAPPROVE = "disapprove"; @@ -73,7 +71,7 @@ public class ProfileApproveServlet extends ProfileServlet { /** * initialize the servlet. This servlet uses the template file * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -84,13 +82,14 @@ public class ProfileApproveServlet extends ProfileServlet { /** * Process the HTTP request. * <P> - * + * * <ul> * <li>http.param profileId the id of the profile to change * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL used when an * agent approves/disapproves a cert profile set by the administrator for * automatic approval * </ul> + * * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ @@ -126,8 +125,8 @@ public class ProfileApproveServlet extends ProfileServlet { auditSubjectID = auditSubjectID(); CMS.debug(e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); @@ -153,12 +152,12 @@ public class ProfileApproveServlet extends ProfileServlet { mAuthzResourceName, "approve"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } if (authzToken == null) { @@ -214,8 +213,8 @@ public class ProfileApproveServlet extends ProfileServlet { IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); if (authority == null) { - CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId + - " not found"); + CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId + + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -236,8 +235,8 @@ public class ProfileApproveServlet extends ProfileServlet { IRequestQueue queue = authority.getRequestQueue(); if (queue == null) { - CMS.debug("ProfileApproveServlet: Request Queue of " + - mAuthorityId + " not found"); + CMS.debug("ProfileApproveServlet: Request Queue of " + + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -265,31 +264,31 @@ public class ProfileApproveServlet extends ProfileServlet { try { if (ps.isProfileEnable(profileId)) { - if (ps.checkOwner()) { - if (ps.getProfileEnableBy(profileId).equals(userid)) { - ps.disableProfile(profileId); - } else { - // only enableBy can disable profile - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_OWNER")); - outputTemplate(request, response, args); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( + if (ps.checkOwner()) { + if (ps.getProfileEnableBy(profileId).equals(userid)) { + ps.disableProfile(profileId); + } else { + // only enableBy can disable profile + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_PROFILE_NOT_OWNER")); + outputTemplate(request, response, args); + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, auditSubjectID, ILogger.FAILURE, auditProfileID, auditProfileOp); - audit(auditMessage); + audit(auditMessage); - return; + return; + } + } else { + ps.disableProfile(profileId); } - } else { - ps.disableProfile(profileId); - } } else { ps.enableProfile(profileId, userid); } @@ -305,8 +304,8 @@ public class ProfileApproveServlet extends ProfileServlet { audit(auditMessage); } catch (EProfileException e) { // profile not enabled - CMS.debug("ProfileApproveServlet: profile not error " + - e.toString()); + CMS.debug("ProfileApproveServlet: profile not error " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -338,26 +337,26 @@ public class ProfileApproveServlet extends ProfileServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - // auditSubjectID, - // ILogger.FAILURE, - // auditProfileID, - // auditProfileOp ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + // auditSubjectID, + // ILogger.FAILURE, + // auditProfileID, + // auditProfileOp ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } try { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileApproveServlet: profile not found " + - e.toString()); + CMS.debug("ProfileApproveServlet: profile not found " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, e.toString()); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, @@ -386,13 +385,13 @@ public class ProfileApproveServlet extends ProfileServlet { while (policyIds.hasMoreElements()) { String id = (String) policyIds.nextElement(); IProfilePolicy policy = (IProfilePolicy) - profile.getProfilePolicy(setId, id); + profile.getProfilePolicy(setId, id); // (3) query all the profile policies // (4) default plugins convert request parameters - // into string http parameters + // into string http parameters handlePolicy(list, response, locale, - id, policy); + id, policy); } ArgSet setArg = new ArgSet(); @@ -403,8 +402,8 @@ public class ProfileApproveServlet extends ProfileServlet { args.set(ARG_POLICY_SET_LIST, setlist); args.set(ARG_PROFILE_ID, profileId); - args.set(ARG_PROFILE_IS_ENABLED, - Boolean.toString(ps.isProfileEnable(profileId))); + args.set(ARG_PROFILE_IS_ENABLED, + Boolean.toString(ps.isProfileEnable(profileId))); args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId)); args.set(ARG_PROFILE_NAME, profile.getName(locale)); args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); @@ -413,8 +412,8 @@ public class ProfileApproveServlet extends ProfileServlet { outputTemplate(request, response, args); } - private void handlePolicy(ArgList list, ServletResponse response, - Locale locale, String id, IProfilePolicy policy) { + private void handlePolicy(ArgList list, ServletResponse response, + Locale locale, String id, IProfilePolicy policy) { ArgSet set = new ArgSet(); set.set(ARG_POLICY_ID, id); @@ -434,19 +433,19 @@ public class ProfileApproveServlet extends ProfileServlet { String defName = (String) defNames.nextElement(); IDescriptor defDesc = def.getValueDescriptor(locale, defName); if (defDesc == null) { - CMS.debug("defName=" + defName); + CMS.debug("defName=" + defName); } else { - String defSyntax = defDesc.getSyntax(); - String defConstraint = defDesc.getConstraint(); - String defValueName = defDesc.getDescription(locale); - String defValue = null; - - defset.set(ARG_DEF_ID, defName); - defset.set(ARG_DEF_SYNTAX, defSyntax); - defset.set(ARG_DEF_CONSTRAINT, defConstraint); - defset.set(ARG_DEF_NAME, defValueName); - defset.set(ARG_DEF_VAL, defValue); - deflist.add(defset); + String defSyntax = defDesc.getSyntax(); + String defConstraint = defDesc.getConstraint(); + String defValueName = defDesc.getDescription(locale); + String defValue = null; + + defset.set(ARG_DEF_ID, defName); + defset.set(ARG_DEF_SYNTAX, defSyntax); + defset.set(ARG_DEF_CONSTRAINT, defConstraint); + defset.set(ARG_DEF_NAME, defValueName); + defset.set(ARG_DEF_VAL, defValue); + deflist.add(defset); } } } @@ -463,11 +462,11 @@ public class ProfileApproveServlet extends ProfileServlet { /** * Signed Audit Log Profile ID - * - * This method is called to obtain the "ProfileID" for - * a signed audit log message. + * + * This method is called to obtain the "ProfileID" for a signed audit log + * message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message ProfileID */ @@ -493,14 +492,14 @@ public class ProfileApproveServlet extends ProfileServlet { /** * Signed Audit Log Profile Operation - * - * This method is called to obtain the "Profile Operation" for - * a signed audit log message. + * + * This method is called to obtain the "Profile Operation" for a signed + * audit log message. * <P> - * + * * @param req HTTP request - * @return operation string containing either OP_APPROVE, OP_DISAPPROVE, - * or SIGNED_AUDIT_EMPTY_VALUE + * @return operation string containing either OP_APPROVE, OP_DISAPPROVE, or + * SIGNED_AUDIT_EMPTY_VALUE */ private String auditProfileOp(HttpServletRequest req) { // if no signed audit object exists, bail @@ -509,12 +508,12 @@ public class ProfileApproveServlet extends ProfileServlet { } if (mProfileSubId == null || - mProfileSubId.equals("")) { + mProfileSubId.equals("")) { mProfileSubId = IProfileSubsystem.ID; } IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + CMS.getSubsystem(mProfileSubId); if (ps == null) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -533,4 +532,3 @@ public class ProfileApproveServlet extends ProfileServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java index 4da41f7a..8581b3ca 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.util.Enumeration; import java.util.Locale; @@ -38,10 +37,9 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; - /** * List all enabled profiles. - * + * * @version $Revision$, $Date$ */ public class ProfileListServlet extends ProfileServlet { @@ -53,7 +51,7 @@ public class ProfileListServlet extends ProfileServlet { private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; public ProfileListServlet() { super(); @@ -62,7 +60,7 @@ public class ProfileListServlet extends ProfileServlet { /** * initialize the servlet. This servlet uses the template file * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -72,7 +70,7 @@ public class ProfileListServlet extends ProfileServlet { /** * Process the HTTP request. - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -93,10 +91,10 @@ public class ProfileListServlet extends ProfileServlet { mAuthzResourceName, "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -115,17 +113,17 @@ public class ProfileListServlet extends ProfileServlet { } CMS.debug("ProfileListServlet: SubId=" + mProfileSubId); IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + CMS.getSubsystem(mProfileSubId); if (ps == null) { - CMS.debug("ProfileListServlet: ProfileSubsystem " + - mProfileSubId + " not found"); + CMS.debug("ProfileListServlet: ProfileSubsystem " + + mProfileSubId + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; - } + } ArgList list = new ArgList(); Enumeration e = ps.getProfileIds(); @@ -139,13 +137,13 @@ public class ProfileListServlet extends ProfileServlet { profile = ps.getProfile(id); } catch (EBaseException e1) { // skip bad profile - CMS.debug("ProfileListServlet: profile " + id + - " not found (skipped) " + e1.toString()); + CMS.debug("ProfileListServlet: profile " + id + + " not found (skipped) " + e1.toString()); continue; } if (profile == null) { - CMS.debug("ProfileListServlet: profile " + id + - " not found (skipped)"); + CMS.debug("ProfileListServlet: profile " + id + + " not found (skipped)"); continue; } @@ -155,16 +153,16 @@ public class ProfileListServlet extends ProfileServlet { ArgSet profileArgs = new ArgSet(); profileArgs.set(ARG_PROFILE_IS_ENABLED, - Boolean.toString(ps.isProfileEnable(id))); + Boolean.toString(ps.isProfileEnable(id))); profileArgs.set(ARG_PROFILE_ENABLED_BY, - ps.getProfileEnableBy(id)); + ps.getProfileEnableBy(id)); profileArgs.set(ARG_PROFILE_ID, id); - profileArgs.set(ARG_PROFILE_IS_VISIBLE, - Boolean.toString(profile.isVisible())); + profileArgs.set(ARG_PROFILE_IS_VISIBLE, + Boolean.toString(profile.isVisible())); profileArgs.set(ARG_PROFILE_NAME, name); profileArgs.set(ARG_PROFILE_DESC, desc); list.add(profileArgs); - + } } args.set(ARG_RECORD, list); diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java index 33233275..ebfc2e9f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Date; @@ -63,10 +62,9 @@ import com.netscape.certsrv.template.ArgSet; import com.netscape.certsrv.util.IStatsSubsystem; import com.netscape.cms.servlet.common.CMSRequest; - /** * This servlet approves profile-based request. - * + * * @version $Revision$, $Date$ */ public class ProfileProcessServlet extends ProfileServlet { @@ -79,9 +77,9 @@ public class ProfileProcessServlet extends ProfileServlet { private Nonces mNonces = null; private final static String SIGNED_AUDIT_CERT_REQUEST_REASON = - "requestNotes"; + "requestNotes"; private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; public ProfileProcessServlet() { } @@ -103,9 +101,9 @@ public class ProfileProcessServlet extends ProfileServlet { HttpServletRequest request = cmsReq.getHttpReq(); HttpServletResponse response = cmsReq.getHttpResp(); - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("approval", true /* main action */); + statsSub.startTiming("approval", true /* main action */); } IAuthToken authToken = null; @@ -119,13 +117,13 @@ public class ProfileProcessServlet extends ProfileServlet { } catch (EBaseException e) { CMS.debug("ProfileProcessServlet: " + e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -138,10 +136,10 @@ public class ProfileProcessServlet extends ProfileServlet { mAuthzResourceName, "approve"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -150,7 +148,7 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -171,7 +169,7 @@ public class ProfileProcessServlet extends ProfileServlet { } else { CMS.debug("ProfileProcessServlet: Missing nonce"); } - CMS.debug("ProfileProcessServlet: nonceVerified="+nonceVerified); + CMS.debug("ProfileProcessServlet: nonceVerified=" + nonceVerified); if (!nonceVerified) { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, @@ -194,7 +192,7 @@ public class ProfileProcessServlet extends ProfileServlet { } CMS.debug("ProfileProcessServlet: SubId=" + mProfileSubId); IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileProcessServlet: ProfileSubsystem not found"); @@ -203,7 +201,7 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -213,13 +211,13 @@ public class ProfileProcessServlet extends ProfileServlet { if (authority == null) { CMS.debug("ProfileProcessServlet: Authority " + mAuthorityId + - " not found"); + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -227,13 +225,13 @@ public class ProfileProcessServlet extends ProfileServlet { if (queue == null) { CMS.debug("ProfileProcessServlet: Request Queue of " + - mAuthorityId + " not found"); + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -247,7 +245,7 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_REQUEST_ID_NOT_FOUND")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -259,8 +257,8 @@ public class ProfileProcessServlet extends ProfileServlet { req = queue.findRequest(new RequestId(requestId)); } catch (EBaseException e) { // request not found - CMS.debug("ProfileProcessServlet: request not found requestId=" + - requestId + " " + e.toString()); + CMS.debug("ProfileProcessServlet: request not found requestId=" + + requestId + " " + e.toString()); } if (req == null) { args.set(ARG_ERROR_CODE, "1"); @@ -268,12 +266,12 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_REQUEST_NOT_FOUND", requestId)); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } - // check if the request is in one of the terminal states + // check if the request is in one of the terminal states if (!req.getRequestStatus().equals(RequestStatus.PENDING)) { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, @@ -281,7 +279,7 @@ public class ProfileProcessServlet extends ProfileServlet { args.set(ARG_REQUEST_ID, requestId); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -296,7 +294,7 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_PROFILE_ID_NOT_FOUND")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -309,20 +307,19 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_OP_NOT_FOUND")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } - IProfile profile = null; try { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileProcessServlet: profile not found " + - " " + " profileId=" + profileId + " " + e.toString()); + CMS.debug("ProfileProcessServlet: profile not found " + + " " + " profileId=" + profileId + " " + e.toString()); } if (profile == null) { args.set(ARG_ERROR_CODE, "1"); @@ -330,7 +327,7 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_PROFILE_NOT_FOUND", profileId)); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -348,12 +345,11 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_PROFILE_ID_NOT_ENABLED")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } - args.set(ARG_ERROR_CODE, "0"); args.set(ARG_ERROR_REASON, ""); @@ -361,7 +357,7 @@ public class ProfileProcessServlet extends ProfileServlet { if (op.equals("assign")) { String owner = req.getRequestOwner(); - // assigned owner + // assigned owner if (owner != null && owner.length() > 0) { if (!grantPermission(req, authToken)) { CMS.debug("ProfileProcessServlet: Permission not granted to assign request."); @@ -375,7 +371,7 @@ public class ProfileProcessServlet extends ProfileServlet { args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -414,14 +410,14 @@ public class ProfileProcessServlet extends ProfileServlet { args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } } // commit request to the storage - if (!op.equals("validate")) { + if (!op.equals("validate")) { try { if (op.equals("approve")) { queue.markAsServiced(req); @@ -429,40 +425,40 @@ public class ProfileProcessServlet extends ProfileServlet { queue.updateRequest(req); } } catch (EBaseException e) { - CMS.debug("ProfileProcessServlet: Request commit error " + - e.toString()); + CMS.debug("ProfileProcessServlet: Request commit error " + + e.toString()); // save request to disk args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } } } catch (ERejectException e) { - CMS.debug("ProfileProcessServlet: execution rejected " + - e.toString()); + CMS.debug("ProfileProcessServlet: execution rejected " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_REJECTED", e.toString())); } catch (EDeferException e) { - CMS.debug("ProfileProcessServlet: execution defered " + - e.toString()); + CMS.debug("ProfileProcessServlet: execution defered " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DEFERRED", e.toString())); } catch (EPropertyException e) { - CMS.debug("ProfileProcessServlet: execution error " + - e.toString()); + CMS.debug("ProfileProcessServlet: execution error " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_PROPERTY_ERROR", e.toString())); } catch (EProfileException e) { - CMS.debug("ProfileProcessServlet: execution error " + - e.toString()); + CMS.debug("ProfileProcessServlet: execution error " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -475,15 +471,15 @@ public class ProfileProcessServlet extends ProfileServlet { args.set(ARG_PROFILE_ID, profileId); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } } - + public boolean grantPermission(IRequest req, IAuthToken token) { try { boolean enable = CMS.getConfigStore().getBoolean("request.assignee.enable", - false); + false); if (!enable) return true; String owner = req.getRequestOwner(); @@ -496,32 +492,32 @@ public class ProfileProcessServlet extends ProfileServlet { return true; } catch (Exception e) { } - + return false; } /** - * Check if the request creation time is older than the profile - * lastModified attribute. + * Check if the request creation time is older than the profile lastModified + * attribute. */ - protected void checkProfileVersion(IProfile profile, IRequest req, - Locale locale) throws EProfileException { + protected void checkProfileVersion(IProfile profile, IRequest req, + Locale locale) throws EProfileException { IConfigStore profileConfig = profile.getConfigStore(); if (profileConfig != null) { String lastModified = null; try { - lastModified = profileConfig.getString("lastModified",""); + lastModified = profileConfig.getString("lastModified", ""); } catch (EBaseException e) { - CMS.debug(e.toString()); - throw new EProfileException( e.toString() ); + CMS.debug(e.toString()); + throw new EProfileException(e.toString()); } if (!lastModified.equals("")) { Date profileModifiedAt = new Date(Long.parseLong(lastModified)); - CMS.debug("ProfileProcessServlet: Profile Last Modified=" + - profileModifiedAt); + CMS.debug("ProfileProcessServlet: Profile Last Modified=" + + profileModifiedAt); Date reqCreatedAt = req.getCreationTime(); - CMS.debug("ProfileProcessServlet: Request Created At=" + - reqCreatedAt); + CMS.debug("ProfileProcessServlet: Request Created At=" + + reqCreatedAt); if (profileModifiedAt.after(reqCreatedAt)) { CMS.debug("Profile Newer Than Request"); throw new ERejectException("Profile Newer Than Request"); @@ -531,18 +527,18 @@ public class ProfileProcessServlet extends ProfileServlet { } protected void assignRequest(ServletRequest request, ArgSet args, - IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { String id = auditSubjectID(); req.setRequestOwner(id); } protected void unassignRequest(ServletRequest request, ArgSet args, - IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { req.setRequestOwner(""); } @@ -552,13 +548,14 @@ public class ProfileProcessServlet extends ProfileServlet { * <P> * * (Certificate Request Processed - a manual "agent" profile based cert - * cancellation) + * cancellation) * <P> * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> + * * @param request the servlet request * @param args argument set * @param req the certificate request @@ -566,12 +563,12 @@ public class ProfileProcessServlet extends ProfileServlet { * @param profile this profile * @param locale the system locale * @exception EProfileException an error related to this profile has - * occurred + * occurred */ protected void cancelRequest(ServletRequest request, ArgSet args, - IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); @@ -591,16 +588,16 @@ public class ProfileProcessServlet extends ProfileServlet { audit(auditMessage); // } catch( EProfileException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - // auditSubjectID, - // ILogger.FAILURE, - // auditRequesterID, - // ILogger.SIGNED_AUDIT_CANCELLATION, - // auditInfoValue ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + // auditSubjectID, + // ILogger.FAILURE, + // auditRequesterID, + // ILogger.SIGNED_AUDIT_CANCELLATION, + // auditInfoValue ); // - // audit( auditMessage ); + // audit( auditMessage ); // } } @@ -609,13 +606,14 @@ public class ProfileProcessServlet extends ProfileServlet { * <P> * * (Certificate Request Processed - a manual "agent" profile based cert - * rejection) + * rejection) * <P> * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> + * * @param request the servlet request * @param args argument set * @param req the certificate request @@ -623,12 +621,12 @@ public class ProfileProcessServlet extends ProfileServlet { * @param profile this profile * @param locale the system locale * @exception EProfileException an error related to this profile has - * occurred + * occurred */ protected void rejectRequest(ServletRequest request, ArgSet args, - IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); @@ -648,16 +646,16 @@ public class ProfileProcessServlet extends ProfileServlet { audit(auditMessage); // } catch( EProfileException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - // auditSubjectID, - // ILogger.FAILURE, - // auditRequesterID, - // ILogger.SIGNED_AUDIT_REJECTION, - // auditInfoValue ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + // auditSubjectID, + // ILogger.FAILURE, + // auditRequesterID, + // ILogger.SIGNED_AUDIT_REJECTION, + // auditInfoValue ); // - // audit( auditMessage ); + // audit( auditMessage ); // } } @@ -666,13 +664,14 @@ public class ProfileProcessServlet extends ProfileServlet { * <P> * * (Certificate Request Processed - a manual "agent" profile based cert - * acceptance) + * acceptance) * <P> * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> + * * @param request the servlet request * @param args argument set * @param req the certificate request @@ -680,12 +679,12 @@ public class ProfileProcessServlet extends ProfileServlet { * @param profile this profile * @param locale the system locale * @exception EProfileException an error related to this profile has - * occurred + * occurred */ - protected void approveRequest(ServletRequest request, ArgSet args, - IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + protected void approveRequest(ServletRequest request, ArgSet args, + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); @@ -709,33 +708,33 @@ public class ProfileProcessServlet extends ProfileServlet { while (outputNames.hasMoreElements()) { ArgSet outputset = new ArgSet(); String outputName = - outputNames.nextElement(); + outputNames.nextElement(); IDescriptor outputDesc = - profileOutput.getValueDescriptor(locale, - outputName); + profileOutput.getValueDescriptor(locale, + outputName); if (outputDesc == null) continue; String outputSyntax = outputDesc.getSyntax(); String outputConstraint = - outputDesc.getConstraint(); + outputDesc.getConstraint(); String outputValueName = - outputDesc.getDescription(locale); + outputDesc.getDescription(locale); String outputValue = null; try { outputValue = profileOutput.getValue( - outputName, + outputName, locale, req); } catch (EProfileException e) { CMS.debug("ProfileSubmitServlet: " + - e.toString()); + e.toString()); } outputset.set(ARG_OUTPUT_ID, outputName); outputset.set(ARG_OUTPUT_SYNTAX, outputSyntax); outputset.set(ARG_OUTPUT_CONSTRAINT, - outputConstraint); + outputConstraint); outputset.set(ARG_OUTPUT_NAME, outputValueName); outputset.set(ARG_OUTPUT_VAL, outputValue); outputlist.add(outputset); @@ -775,13 +774,12 @@ public class ProfileProcessServlet extends ProfileServlet { CMS.debug("ProfileProcessServlet: about to throw EProfileException because of bad profile execute."); throw new EProfileException(eAudit1.toString()); - } } - protected void updateValues(ServletRequest request, IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws ERejectException, EDeferException, EPropertyException { + protected void updateValues(ServletRequest request, IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws ERejectException, EDeferException, EPropertyException { String profileSetId = req.getExtDataInString("profileSetId"); Enumeration policies = profile.getProfilePolicies(profileSetId); @@ -813,17 +811,17 @@ public class ProfileProcessServlet extends ProfileServlet { } } - protected void validate(Locale locale, int count, - IProfilePolicy policy, IRequest req, ServletRequest request) - throws ERejectException, EDeferException { + protected void validate(Locale locale, int count, + IProfilePolicy policy, IRequest req, ServletRequest request) + throws ERejectException, EDeferException { IPolicyConstraint con = policy.getConstraint(); con.validate(req); } - protected void setValue(Locale locale, int count, - IProfilePolicy policy, IRequest req, ServletRequest request) - throws EPropertyException { + protected void setValue(Locale locale, int count, + IProfilePolicy policy, IRequest req, ServletRequest request) + throws EPropertyException { // handle default policy IPolicyDefault def = policy.getDefault(); Enumeration defNames = def.getValueNames(); @@ -838,11 +836,11 @@ public class ProfileProcessServlet extends ProfileServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -868,11 +866,11 @@ public class ProfileProcessServlet extends ProfileServlet { /** * Signed Audit Log Info Value - * - * This method is called to obtain the "reason" for - * a signed audit log message. + * + * This method is called to obtain the "reason" for a signed audit log + * message. * <P> - * + * * @param request the actual request * @return reason string containing the signed audit log message reason */ @@ -887,7 +885,7 @@ public class ProfileProcessServlet extends ProfileServlet { if (request != null) { // overwrite "reason" if and only if "info" != null String info = - request.getExtDataInString(SIGNED_AUDIT_CERT_REQUEST_REASON); + request.getExtDataInString(SIGNED_AUDIT_CERT_REQUEST_REASON); if (info != null) { reason = info.trim(); @@ -904,11 +902,11 @@ public class ProfileProcessServlet extends ProfileServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param x509cert an X509CertImpl * @return cert string containing the certificate */ @@ -941,7 +939,7 @@ public class ProfileProcessServlet extends ProfileServlet { // extract all line separators from the "base64Data" StringBuffer sb = new StringBuffer(); for (int i = 0; i < base64Data.length(); i++) { - if (!Character.isWhitespace(base64Data.charAt(i))) { + if (!Character.isWhitespace(base64Data.charAt(i))) { sb.append(base64Data.charAt(i)); } } @@ -961,4 +959,3 @@ public class ProfileProcessServlet extends ProfileServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java index 00840dd8..7ec8596f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.util.Enumeration; import java.util.Locale; import java.util.Random; @@ -54,10 +53,9 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; - /** * This servlet allows reviewing of profile-based request. - * + * * @version $Revision$, $Date$ */ public class ProfileReviewServlet extends ProfileServlet { @@ -69,7 +67,7 @@ public class ProfileReviewServlet extends ProfileServlet { private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; private Random mRandom = null; private Nonces mNonces = null; @@ -79,7 +77,7 @@ public class ProfileReviewServlet extends ProfileServlet { /** * initialize the servlet. This servlet uses the template file * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -101,7 +99,7 @@ public class ProfileReviewServlet extends ProfileServlet { * <ul> * <li>http.param requestId the ID of the profile to review * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -120,13 +118,13 @@ public class ProfileReviewServlet extends ProfileServlet { } catch (EBaseException e) { CMS.debug("ReviewReqServlet: " + e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); return; - } + } } AuthzToken authzToken = null; @@ -136,15 +134,15 @@ public class ProfileReviewServlet extends ProfileServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); return; @@ -158,7 +156,7 @@ public class ProfileReviewServlet extends ProfileServlet { } CMS.debug("ProfileReviewServlet: SubId=" + mProfileSubId); IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileReviewServlet: ProfileSubsystem not found"); @@ -174,7 +172,7 @@ public class ProfileReviewServlet extends ProfileServlet { if (authority == null) { CMS.debug("ProfileReviewServlet: Authority " + mAuthorityId + - " not found"); + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -185,7 +183,7 @@ public class ProfileReviewServlet extends ProfileServlet { if (queue == null) { CMS.debug("ProfileReviewServlet: Request Queue of " + - mAuthorityId + " not found"); + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -201,8 +199,8 @@ public class ProfileReviewServlet extends ProfileServlet { req = queue.findRequest(new RequestId(requestId)); } catch (EBaseException e) { // request not found - CMS.debug("ProfileReviewServlet: request not found requestId=" + - requestId + " " + e.toString()); + CMS.debug("ProfileReviewServlet: request not found requestId=" + + requestId + " " + e.toString()); } if (req == null) { args.set(ARG_ERROR_CODE, "1"); @@ -214,16 +212,16 @@ public class ProfileReviewServlet extends ProfileServlet { String profileId = req.getExtDataInString("profileId"); - CMS.debug("ProfileReviewServlet: requestId=" + - requestId + " profileId=" + profileId); + CMS.debug("ProfileReviewServlet: requestId=" + + requestId + " profileId=" + profileId); IProfile profile = null; try { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileReviewServlet: profile not found requestId=" + - requestId + " profileId=" + profileId + " " + e.toString()); + CMS.debug("ProfileReviewServlet: profile not found requestId=" + + requestId + " profileId=" + profileId + " " + e.toString()); } if (profile == null) { args.set(ARG_ERROR_CODE, "1"); @@ -232,27 +230,27 @@ public class ProfileReviewServlet extends ProfileServlet { outputTemplate(request, response, args); return; } - + String profileSetId = req.getExtDataInString("profileSetId"); CMS.debug("ProfileReviewServlet: profileSetId=" + profileSetId); - Enumeration policyIds = (profileSetId != null && profileSetId.length() > 0)? - profile.getProfilePolicyIds(profileSetId): null; + Enumeration policyIds = (profileSetId != null && profileSetId.length() > 0) ? + profile.getProfilePolicyIds(profileSetId) : null; int count = 0; ArgList list = new ArgList(); if (policyIds != null) { - while (policyIds.hasMoreElements()) { + while (policyIds.hasMoreElements()) { String id = (String) policyIds.nextElement(); IProfilePolicy policy = (IProfilePolicy) - profile.getProfilePolicy(req.getExtDataInString("profileSetId"), - id); + profile.getProfilePolicy(req.getExtDataInString("profileSetId"), + id); // (3) query all the profile policies // (4) default plugins convert request parameters into string - // http parameters + // http parameters handlePolicy(list, response, locale, - id, policy, req); + id, policy, req); count++; } } @@ -269,34 +267,34 @@ public class ProfileReviewServlet extends ProfileServlet { args.set(ARG_REQUEST_TYPE, req.getRequestType()); args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString()); if (req.getRequestOwner() == null) { - args.set(ARG_REQUEST_OWNER, ""); + args.set(ARG_REQUEST_OWNER, ""); } else { - args.set(ARG_REQUEST_OWNER, req.getRequestOwner()); + args.set(ARG_REQUEST_OWNER, req.getRequestOwner()); } args.set(ARG_REQUEST_CREATION_TIME, req.getCreationTime().toString()); - args.set(ARG_REQUEST_MODIFICATION_TIME, - req.getModificationTime().toString()); + args.set(ARG_REQUEST_MODIFICATION_TIME, + req.getModificationTime().toString()); args.set(ARG_PROFILE_ID, profileId); - args.set(ARG_PROFILE_APPROVED_BY, - req.getExtDataInString("profileApprovedBy")); + args.set(ARG_PROFILE_APPROVED_BY, + req.getExtDataInString("profileApprovedBy")); args.set(ARG_PROFILE_SET_ID, req.getExtDataInString("profileSetId")); if (profile.isVisible()) { - args.set(ARG_PROFILE_IS_VISIBLE, "true"); + args.set(ARG_PROFILE_IS_VISIBLE, "true"); } else { - args.set(ARG_PROFILE_IS_VISIBLE, "false"); + args.set(ARG_PROFILE_IS_VISIBLE, "false"); } args.set(ARG_PROFILE_NAME, profile.getName(locale)); args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); - args.set(ARG_PROFILE_REMOTE_HOST, - req.getExtDataInString("profileRemoteHost")); - args.set(ARG_PROFILE_REMOTE_ADDR, - req.getExtDataInString("profileRemoteAddr")); + args.set(ARG_PROFILE_REMOTE_HOST, + req.getExtDataInString("profileRemoteHost")); + args.set(ARG_PROFILE_REMOTE_ADDR, + req.getExtDataInString("profileRemoteAddr")); if (req.getExtDataInString("requestNotes") == null) { args.set(ARG_REQUEST_NOTES, ""); } else { - args.set(ARG_REQUEST_NOTES, - req.getExtDataInString("requestNotes")); + args.set(ARG_REQUEST_NOTES, + req.getExtDataInString("requestNotes")); } args.set(ARG_RECORD, list); @@ -358,7 +356,7 @@ public class ProfileReviewServlet extends ProfileServlet { while (outputIds.hasMoreElements()) { String outputId = (String) outputIds.nextElement(); IProfileOutput profileOutput = profile.getProfileOutput(outputId - ); + ); Enumeration outputNames = profileOutput.getValueNames(); @@ -366,9 +364,9 @@ public class ProfileReviewServlet extends ProfileServlet { while (outputNames.hasMoreElements()) { ArgSet outputset = new ArgSet(); String outputName = (String) outputNames.nextElement - (); + (); IDescriptor outputDesc = - profileOutput.getValueDescriptor(locale, outputName); + profileOutput.getValueDescriptor(locale, outputName); if (outputDesc == null) continue; @@ -382,7 +380,7 @@ public class ProfileReviewServlet extends ProfileServlet { locale, req); } catch (EProfileException e) { CMS.debug("ProfileSubmitServlet: " + e.toString( - )); + )); } outputset.set(ARG_OUTPUT_ID, outputName); @@ -401,9 +399,9 @@ public class ProfileReviewServlet extends ProfileServlet { outputTemplate(request, response, args); } - private void handlePolicy(ArgList list, ServletResponse response, - Locale locale, String id, IProfilePolicy policy, - IRequest req) { + private void handlePolicy(ArgList list, ServletResponse response, + Locale locale, String id, IProfilePolicy policy, + IRequest req) { ArgSet set = new ArgSet(); set.set(ARG_POLICY_ID, id); diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java index 813af8f6..d18336ae 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.util.Enumeration; import java.util.Locale; @@ -48,10 +47,9 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; - /** * Retrieve detailed information of a particular profile. - * + * * @version $Revision$, $Date$ */ public class ProfileSelectServlet extends ProfileServlet { @@ -61,7 +59,7 @@ public class ProfileSelectServlet extends ProfileServlet { */ private static final long serialVersionUID = -3765390650830903602L; private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; public ProfileSelectServlet() { } @@ -76,7 +74,7 @@ public class ProfileSelectServlet extends ProfileServlet { * <ul> * <li>http.param profileId the id of the profile to select * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -96,7 +94,7 @@ public class ProfileSelectServlet extends ProfileServlet { } catch (EBaseException e) { CMS.debug("ProcessReqServlet: " + e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); @@ -112,10 +110,10 @@ public class ProfileSelectServlet extends ProfileServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -134,7 +132,7 @@ public class ProfileSelectServlet extends ProfileServlet { } CMS.debug("ProfileSelectServlet: SubId=" + mProfileSubId); IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileSelectServlet: ProfileSubsystem not found"); @@ -150,7 +148,7 @@ public class ProfileSelectServlet extends ProfileServlet { if (authority == null) { CMS.debug("ProfileSelectServlet: Authority " + mAuthorityId + - " not found"); + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -161,7 +159,7 @@ public class ProfileSelectServlet extends ProfileServlet { if (queue == null) { CMS.debug("ProfileSelectServlet: Request Queue of " + - mAuthorityId + " not found"); + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -179,8 +177,8 @@ public class ProfileSelectServlet extends ProfileServlet { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileSelectServlet: profile not found profileId=" + - profileId + " " + e.toString()); + CMS.debug("ProfileSelectServlet: profile not found profileId=" + + profileId + " " + e.toString()); } if (profile == null) { args.set(ARG_ERROR_CODE, "1"); @@ -189,7 +187,7 @@ public class ProfileSelectServlet extends ProfileServlet { outputTemplate(request, response, args); return; } - + ArgList setlist = new ArgList(); Enumeration policySetIds = profile.getProfilePolicySetIds(); @@ -204,13 +202,14 @@ public class ProfileSelectServlet extends ProfileServlet { while (policyIds.hasMoreElements()) { String id = (String) policyIds.nextElement(); IProfilePolicy policy = (IProfilePolicy) - profile.getProfilePolicy(setId, id); + profile.getProfilePolicy(setId, id); // (3) query all the profile policies - // (4) default plugins convert request parameters into string - // http parameters + // (4) default plugins convert request parameters into + // string + // http parameters handlePolicy(list, response, locale, - id, policy); + id, policy); } } ArgSet setArg = new ArgSet(); @@ -224,29 +223,29 @@ public class ProfileSelectServlet extends ProfileServlet { args.set(ARG_PROFILE_ID, profileId); args.set(ARG_PROFILE_IS_ENABLED, - Boolean.toString(ps.isProfileEnable(profileId))); + Boolean.toString(ps.isProfileEnable(profileId))); args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId)); args.set(ARG_PROFILE_NAME, profile.getName(locale)); - args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); - args.set(ARG_PROFILE_IS_VISIBLE, - Boolean.toString(profile.isVisible())); + args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); + args.set(ARG_PROFILE_IS_VISIBLE, + Boolean.toString(profile.isVisible())); args.set(ARG_ERROR_CODE, "0"); args.set(ARG_ERROR_REASON, ""); try { - boolean keyArchivalEnabled = CMS.getConfigStore().getBoolean("ca.connector.KRA.enable", false); - if (keyArchivalEnabled == true) { - CMS.debug("ProfileSelectServlet: keyArchivalEnabled is true"); - - // output transport certificate if present - args.set("transportCert", - CMS.getConfigStore().getString("ca.connector.KRA.transportCert", "")); - } else { - CMS.debug("ProfileSelectServlet: keyArchivalEnabled is false"); - args.set("transportCert", ""); - } + boolean keyArchivalEnabled = CMS.getConfigStore().getBoolean("ca.connector.KRA.enable", false); + if (keyArchivalEnabled == true) { + CMS.debug("ProfileSelectServlet: keyArchivalEnabled is true"); + + // output transport certificate if present + args.set("transportCert", + CMS.getConfigStore().getString("ca.connector.KRA.transportCert", "")); + } else { + CMS.debug("ProfileSelectServlet: keyArchivalEnabled is false"); + args.set("transportCert", ""); + } } catch (EBaseException e) { - CMS.debug("ProfileSelectServlet: exception caught:"+e.toString()); + CMS.debug("ProfileSelectServlet: exception caught:" + e.toString()); } // build authentication @@ -259,7 +258,7 @@ public class ProfileSelectServlet extends ProfileServlet { // authenticator not installed correctly args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_MANAGER_NOT_FOUND", + "CMS_AUTHENTICATION_MANAGER_NOT_FOUND", profile.getAuthenticatorId())); outputTemplate(request, response, args); return; @@ -272,8 +271,8 @@ public class ProfileSelectServlet extends ProfileServlet { while (authNames.hasMoreElements()) { ArgSet authset = new ArgSet(); String authName = (String) authNames.nextElement(); - IDescriptor authDesc = - authenticator.getValueDescriptor(locale, authName); + IDescriptor authDesc = + authenticator.getValueDescriptor(locale, authName); if (authDesc == null) continue; @@ -291,8 +290,8 @@ public class ProfileSelectServlet extends ProfileServlet { args.set(ARG_AUTH_LIST, authlist); args.set(ARG_AUTH_NAME, authenticator.getName(locale)); args.set(ARG_AUTH_DESC, authenticator.getText(locale)); - args.set(ARG_AUTH_IS_SSL, - Boolean.toString(authenticator.isSSLClientRequired())); + args.set(ARG_AUTH_IS_SSL, + Boolean.toString(authenticator.isSSLClientRequired())); } // build input list @@ -309,10 +308,10 @@ public class ProfileSelectServlet extends ProfileServlet { ArgSet inputpluginset = new ArgSet(); inputpluginset.set(ARG_INPUT_PLUGIN_ID, inputId); - inputpluginset.set(ARG_INPUT_PLUGIN_NAME, - profileInput.getName(locale)); - inputpluginset.set(ARG_INPUT_PLUGIN_DESC, - profileInput.getText(locale)); + inputpluginset.set(ARG_INPUT_PLUGIN_NAME, + profileInput.getName(locale)); + inputpluginset.set(ARG_INPUT_PLUGIN_DESC, + profileInput.getText(locale)); inputPluginlist.add(inputpluginset); Enumeration inputNames = profileInput.getValueNames(); @@ -352,8 +351,8 @@ public class ProfileSelectServlet extends ProfileServlet { outputTemplate(request, response, args); } - private void handlePolicy(ArgList list, ServletResponse response, - Locale locale, String id, IProfilePolicy policy) { + private void handlePolicy(ArgList list, ServletResponse response, + Locale locale, String id, IProfilePolicy policy) { ArgSet set = new ArgSet(); set.set(ARG_POLICY_ID, id); diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java index 46f3797d..37f501b4 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.io.BufferedReader; import java.io.ByteArrayOutputStream; import java.io.FileReader; @@ -46,10 +45,9 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.Utils; - /** * This servlet is the base class of all profile servlets. - * + * * @version $Revision$, $Date$ */ public class ProfileServlet extends CMSServlet { @@ -67,12 +65,12 @@ public class ProfileServlet extends CMSServlet { public final static String ARG_REQUEST_ID = "requestId"; public final static String ARG_REQUEST_TYPE = "requestType"; public final static String ARG_REQUEST_STATUS = "requestStatus"; - public final static String ARG_REQUEST_OWNER = - "requestOwner"; - public final static String ARG_REQUEST_CREATION_TIME = - "requestCreationTime"; - public final static String ARG_REQUEST_MODIFICATION_TIME = - "requestModificationTime"; + public final static String ARG_REQUEST_OWNER = + "requestOwner"; + public final static String ARG_REQUEST_CREATION_TIME = + "requestCreationTime"; + public final static String ARG_REQUEST_MODIFICATION_TIME = + "requestModificationTime"; public final static String ARG_REQUEST_NONCE = "nonce"; public final static String ARG_AUTH_ID = "authId"; @@ -166,15 +164,15 @@ public class ProfileServlet extends CMSServlet { super(); } - /** - * initialize the servlet. Servlets implementing this method - * must specify the template to use as a parameter called - * "templatePath" in the servletConfig - * + /** + * initialize the servlet. Servlets implementing this method must specify + * the template to use as a parameter called "templatePath" in the + * servletConfig + * * @param sc servlet configuration, read from the web.xml file */ - public void init(ServletConfig sc) throws ServletException { + public void init(ServletConfig sc) throws ServletException { super.init(sc); mTemplate = sc.getServletContext().getRealPath( sc.getInitParameter(PROP_TEMPLATE)); @@ -193,47 +191,44 @@ public class ProfileServlet extends CMSServlet { } } - protected String escapeXML(String v) - { - if (v == null) { - return ""; - } - v = v.replaceAll("&", "&"); - return v; + protected String escapeXML(String v) { + if (v == null) { + return ""; + } + v = v.replaceAll("&", "&"); + return v; } - protected void outputArgValueAsXML(PrintStream ps, String name, IArgValue v) - { - ps.println("<" + name + ">"); - if (v != null) { - if (v instanceof ArgList) { - ArgList list = (ArgList)v; - ps.println("<list>"); - for (int i = 0; i < list.size(); i++) { - outputArgValueAsXML(ps, name, list.get(i)); - } - ps.println("</list>"); - } else if (v instanceof ArgString) { - ArgString str = (ArgString)v; - ps.println(escapeXML(str.getValue())); - } else if (v instanceof ArgSet) { - ArgSet set = (ArgSet)v; - ps.println("<set>"); - Enumeration names = set.getNames(); - while (names.hasMoreElements()) { - String n = (String)names.nextElement(); + protected void outputArgValueAsXML(PrintStream ps, String name, IArgValue v) { + ps.println("<" + name + ">"); + if (v != null) { + if (v instanceof ArgList) { + ArgList list = (ArgList) v; + ps.println("<list>"); + for (int i = 0; i < list.size(); i++) { + outputArgValueAsXML(ps, name, list.get(i)); + } + ps.println("</list>"); + } else if (v instanceof ArgString) { + ArgString str = (ArgString) v; + ps.println(escapeXML(str.getValue())); + } else if (v instanceof ArgSet) { + ArgSet set = (ArgSet) v; + ps.println("<set>"); + Enumeration names = set.getNames(); + while (names.hasMoreElements()) { + String n = (String) names.nextElement(); outputArgValueAsXML(ps, n, set.get(n)); - } - ps.println("</set>"); - } else { - ps.println(v); - } + } + ps.println("</set>"); + } else { + ps.println(v); } - ps.println("</" + name + ">"); + } + ps.println("</" + name + ">"); } - protected void outputThisAsXML(ByteArrayOutputStream bos, ArgSet args) - { + protected void outputThisAsXML(ByteArrayOutputStream bos, ArgSet args) { PrintStream ps = new PrintStream(bos); ps.println("<xml>"); outputArgValueAsXML(ps, "output", args); @@ -241,9 +236,9 @@ public class ProfileServlet extends CMSServlet { ps.flush(); } - public void outputTemplate(HttpServletRequest request, + public void outputTemplate(HttpServletRequest request, HttpServletResponse response, ArgSet args) - throws EBaseException { + throws EBaseException { String xmlOutput = request.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { @@ -251,32 +246,31 @@ public class ProfileServlet extends CMSServlet { ByteArrayOutputStream bos = new ByteArrayOutputStream(); outputThisAsXML(bos, args); try { - response.setContentLength(bos.size()); - bos.writeTo(response.getOutputStream()); + response.setContentLength(bos.size()); + bos.writeTo(response.getOutputStream()); } catch (Exception e) { CMS.debug("outputTemplate error " + e); } return; } - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("output_template"); + statsSub.startTiming("output_template"); } BufferedReader reader = null; try { reader = new BufferedReader( - new FileReader(mTemplate)); + new FileReader(mTemplate)); response.setContentType("text/html; charset=UTF-8"); PrintWriter writer = response.getWriter(); - // output template String line = null; do { - line = reader.readLine(); + line = reader.readLine(); if (line != null) { if (line.indexOf("<CMS_TEMPLATE>") == -1) { writer.println(line); @@ -287,21 +281,20 @@ public class ProfileServlet extends CMSServlet { writer.println("</script>"); } } - } - while (line != null); + } while (line != null); reader.close(); } catch (IOException e) { - CMS.debug(e); - throw new EBaseException(e.toString()); + CMS.debug(e); + throw new EBaseException(e.toString()); } finally { - if (statsSub != null) { - statsSub.endTiming("output_template"); - } + if (statsSub != null) { + statsSub.endTiming("output_template"); + } } } protected void outputArgList(PrintWriter writer, String name, ArgList list) - throws IOException { + throws IOException { String h_name = null; @@ -311,7 +304,7 @@ public class ProfileServlet extends CMSServlet { h_name = name.substring(name.indexOf('.') + 1); } writer.println(name + "Set = new Array;"); - // writer.println(h_name + "Count = 0;"); + // writer.println(h_name + "Count = 0;"); for (int i = 0; i < list.size(); i++) { writer.println(h_name + " = new Object;"); @@ -342,27 +335,27 @@ public class ProfileServlet extends CMSServlet { char c = in[i]; /* presumably this gives better performance */ - if ((c > 0x23) && (c!= 0x5c) && (c!= 0x3c) && (c!= 0x3e)) { + if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e)) { out[j++] = c; continue; } /* some inputs are coming in as '\' and 'n' */ /* see BZ 500736 for details */ - if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' || - in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' || - in[i+1] == '<' || in[i+1] == '>' || - in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) { - if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' && - (in[i+3] == 'c' || in[i+3] == 'e')) { + if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' || + in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' || + in[i + 1] == '<' || in[i + 1] == '>' || + in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) { + if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' && + (in[i + 3] == 'c' || in[i + 3] == 'e')) { out[j++] = '\\'; - out[j++] = in[i+1]; - out[j++] = in[i+2]; - out[j++] = in[i+3]; + out[j++] = in[i + 1]; + out[j++] = in[i + 2]; + out[j++] = in[i + 3]; i += 3; - } else { + } else { out[j++] = '\\'; - out[j++] = in[i+1]; + out[j++] = in[i + 1]; i++; } continue; @@ -421,18 +414,18 @@ public class ProfileServlet extends CMSServlet { } protected void outputArgString(PrintWriter writer, String name, ArgString str) - throws IOException { + throws IOException { String s = str.getValue(); // sub \n with "\n" if (s != null) { - s = escapeJavaScriptString(s); + s = escapeJavaScriptString(s); } writer.println(name + "=\"" + s + "\";"); } protected void outputArgSet(PrintWriter writer, String name, ArgSet set) - throws IOException { + throws IOException { Enumeration e = set.getNames(); while (e.hasMoreElements()) { @@ -456,7 +449,7 @@ public class ProfileServlet extends CMSServlet { } protected void outputData(PrintWriter writer, ArgSet set) - throws IOException { + throws IOException { if (set == null) return; Enumeration e = set.getNames(); @@ -486,12 +479,12 @@ public class ProfileServlet extends CMSServlet { */ protected void log(int event, int level, String msg) { mLogger.log(event, mLogCategory, level, - "Servlet " + mId + ": " + msg); + "Servlet " + mId + ": " + msg); } protected void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level, - "Servlet " + mId + ": " + msg); + "Servlet " + mId + ": " + msg); } /** @@ -512,8 +505,7 @@ public class ProfileServlet extends CMSServlet { } protected void renderResult(CMSRequest cmsReq) - throws IOException { + throws IOException { // do nothing } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java index b00b13a9..d7dcb8ad 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.io.InputStream; import java.io.OutputStream; import java.security.cert.CertificateEncodingException; @@ -65,10 +64,9 @@ import com.netscape.cms.servlet.common.AuthCredentials; import com.netscape.cms.servlet.common.CMCOutputTemplate; import com.netscape.cms.servlet.common.CMSRequest; - /** * This servlet submits end-user request into the profile framework. - * + * * @version $Revision$, $Date$ */ public class ProfileSubmitCMCServlet extends ProfileServlet { @@ -89,27 +87,26 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { private String requestBinary = null; private String requestB64 = null; - private final static String[] - SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { - - /* 0 */ "automated profile cert request rejection: " + private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { + + /* 0 */"automated profile cert request rejection: " + "indeterminate reason for inability to process " + "cert request due to an EBaseException" }; private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; public ProfileSubmitCMCServlet() { } /** - * initialize the servlet. And instance of this servlet can - * be set up to always issue certificates against a certain profile - * by setting the 'profileId' configuration in the servletConfig - * If not, the user must specify the profileID when submitting the request + * initialize the servlet. And instance of this servlet can be set up to + * always issue certificates against a certain profile by setting the + * 'profileId' configuration in the servletConfig If not, the user must + * specify the profileID when submitting the request * * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -158,7 +155,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { } public IAuthToken authenticate(IProfileAuthenticator authenticator, - HttpServletRequest request) throws EBaseException { + HttpServletRequest request) throws EBaseException { AuthCredentials credentials = new AuthCredentials(); // build credential @@ -177,19 +174,19 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { IAuthToken authToken = authenticator.authenticate(credentials); SessionContext sc = SessionContext.getContext(); - if (sc != null) { - sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); - String userid = authToken.getInString(IAuthToken.USER_ID); - if (userid != null) { - sc.put(SessionContext.USER_ID, userid); - } + if (sc != null) { + sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); + String userid = authToken.getInString(IAuthToken.USER_ID); + if (userid != null) { + sc.put(SessionContext.USER_ID, userid); + } } return authToken; } private void setInputsIntoRequest(HttpServletRequest request, IProfile -profile, IRequest req) { + profile, IRequest req) { Enumeration inputIds = profile.getProfileInputIds(); if (inputIds != null) { @@ -216,7 +213,7 @@ profile, IRequest req) { * <P> * * (Certificate Request Processed - either an automated "EE" profile based - * cert acceptance, or an automated "EE" profile based cert rejection) + * cert acceptance, or an automated "EE" profile based cert rejection) * <P> * * <ul> @@ -224,6 +221,7 @@ profile, IRequest req) { * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> + * * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ @@ -233,8 +231,8 @@ profile, IRequest req) { Locale locale = getLocale(request); ArgSet args = new ArgSet(); - String cert_request_type = - mServletConfig.getInitParameter("cert_request_type"); + String cert_request_type = + mServletConfig.getInitParameter("cert_request_type"); String outputFormat = mServletConfig.getInitParameter("outputFormat"); int reqlen = request.getContentLength(); @@ -268,29 +266,29 @@ profile, IRequest req) { while (paramNames.hasMoreElements()) { String paramName = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( paramName.startsWith("__") || - paramName.endsWith("password") || - paramName.endsWith("passwd") || - paramName.endsWith("pwd") || - paramName.equalsIgnoreCase("admin_password_again") || - paramName.equalsIgnoreCase("directoryManagerPwd") || - paramName.equalsIgnoreCase("bindpassword") || - paramName.equalsIgnoreCase("bindpwd") || - paramName.equalsIgnoreCase("passwd") || - paramName.equalsIgnoreCase("password") || - paramName.equalsIgnoreCase("pin") || - paramName.equalsIgnoreCase("pwd") || - paramName.equalsIgnoreCase("pwdagain") || - paramName.equalsIgnoreCase("uPasswd") ) { + if (paramName.startsWith("__") || + paramName.endsWith("password") || + paramName.endsWith("passwd") || + paramName.endsWith("pwd") || + paramName.equalsIgnoreCase("admin_password_again") || + paramName.equalsIgnoreCase("directoryManagerPwd") || + paramName.equalsIgnoreCase("bindpassword") || + paramName.equalsIgnoreCase("bindpwd") || + paramName.equalsIgnoreCase("passwd") || + paramName.equalsIgnoreCase("password") || + paramName.equalsIgnoreCase("pin") || + paramName.equalsIgnoreCase("pwd") || + paramName.equalsIgnoreCase("pwdagain") || + paramName.equalsIgnoreCase("uPasswd")) { CMS.debug("ProfileSubmitCMCServlet Input Parameter " + paramName + "='(sensitive)'"); } else { CMS.debug("ProfileSubmitCMCServlet Input Parameter " + - paramName + "='" + + paramName + "='" + request.getParameter(paramName) + "'"); } } @@ -303,8 +301,8 @@ profile, IRequest req) { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileSubmitCMCServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileSubmitCMCServlet: ProfileSubsystem not found"); @@ -317,7 +315,7 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } @@ -331,14 +329,14 @@ profile, IRequest req) { profileId = mProfileId; } - IProfile profile = null; + IProfile profile = null; - try { + try { CMS.debug("ProfileSubmitCMCServlet: profileId " + profileId); - profile = ps.getProfile(profileId); - } catch (EProfileException e) { - CMS.debug("ProfileSubmitCMCServlet: profile not found profileId " + - profileId + " " + e.toString()); + profile = ps.getProfile(profileId); + } catch (EProfileException e) { + CMS.debug("ProfileSubmitCMCServlet: profile not found profileId " + + profileId + " " + e.toString()); } if (profile == null) { CMCOutputTemplate template = new CMCOutputTemplate(); @@ -350,13 +348,13 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } if (!ps.isProfileEnable(profileId)) { - CMS.debug("ProfileSubmitCMCServlet: Profile " + profileId + - " not enabled"); + CMS.debug("ProfileSubmitCMCServlet: Profile " + profileId + + " not enabled"); CMCOutputTemplate template = new CMCOutputTemplate(); SEQUENCE seq = new SEQUENCE(); seq.addElement(new INTEGER(0)); @@ -366,7 +364,7 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } @@ -386,8 +384,8 @@ profile, IRequest req) { if (authenticator == null) { CMS.debug("ProfileSubmitCMCServlet: authenticator not found"); } else { - CMS.debug("ProfileSubmitCMCServlet: authenticator " + - authenticator.getName() + " found"); + CMS.debug("ProfileSubmitCMCServlet: authenticator " + + authenticator.getName() + " found"); setCredentialsIntoContext(request, authenticator, ctx); } @@ -403,39 +401,39 @@ profile, IRequest req) { SessionContext context = SessionContext.getContext(); // insert profile context so that input parameter can be retrieved - context.put("profileContext", ctx); - context.put("sslClientCertProvider", - new SSLClientCertProvider(request)); + context.put("profileContext", ctx); + context.put("sslClientCertProvider", + new SSLClientCertProvider(request)); CMS.debug("ProfileSubmitCMCServlet: set sslClientCertProvider"); - if (authenticator != null) { + if (authenticator != null) { try { authToken = authenticate(authenticator, request); // authentication success } catch (EBaseException e) { CMCOutputTemplate template = new CMCOutputTemplate(); SEQUENCE seq = new SEQUENCE(); - seq.addElement(new INTEGER(0)); + seq.addElement(new INTEGER(0)); UTF8String s = null; try { - s = new UTF8String(e.toString()); + s = new UTF8String(e.toString()); } catch (Exception ee) { } - template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.BAD_REQUEST, s); - CMS.debug("ProfileSubmitCMCServlet: authentication error " + - e.toString()); + template.createFullResponseWithFailedStatus(response, seq, + OtherInfo.BAD_REQUEST, s); + CMS.debug("ProfileSubmitCMCServlet: authentication error " + + e.toString()); return; } - //authorization only makes sense when request is authenticated + // authorization only makes sense when request is authenticated AuthzToken authzToken = null; if (authToken != null) { CMS.debug("ProfileSubmitCMCServlet authToken not null"); try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "submit"); + mAuthzResourceName, "submit"); } catch (Exception e) { - CMS.debug("ProfileSubmitCMCServlet authorization failure: "+e.toString()); + CMS.debug("ProfileSubmitCMCServlet authorization failure: " + e.toString()); } } @@ -450,16 +448,16 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.BAD_REQUEST, s); + OtherInfo.BAD_REQUEST, s); return; } } IRequest reqs[] = null; - /////////////////////////////////////////////// + // ///////////////////////////////////////////// // create request - /////////////////////////////////////////////// + // ///////////////////////////////////////////// try { reqs = profile.createRequests(ctx, locale); } catch (EProfileException e) { @@ -473,7 +471,7 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } catch (Throwable e) { CMS.debug("ProfileSubmitCMCServlet: createRequests " + e.toString()); @@ -486,17 +484,17 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } TaggedAttribute attr = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); + (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); if (attr != null) { boolean verifyAllow = true; try { verifyAllow = CMS.getConfigStore().getBoolean( - "cmc.lraPopWitness.verify.allow", true); + "cmc.lraPopWitness.verify.allow", true); } catch (EBaseException ee) { } @@ -505,18 +503,18 @@ profile, IRequest req) { SET vals = attr.getValues(); if (vals.size() > 0) { try { - lraPop = (LraPopWitness)(ASN1Util.decode(LraPopWitness.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + lraPop = (LraPopWitness) (ASN1Util.decode(LraPopWitness.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); } catch (InvalidBERException e) { CMS.debug( - CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR")); + CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR")); } SEQUENCE bodyIds = lraPop.getBodyIds(); CMCOutputTemplate template = new CMCOutputTemplate(); template.createFullResponseWithFailedStatus(response, bodyIds, - OtherInfo.POP_FAILED, null); + OtherInfo.POP_FAILED, null); return; } } @@ -524,53 +522,53 @@ profile, IRequest req) { // for CMC, requests may be zero. Then check if controls exist. if (reqs == null) { - Integer nums = (Integer)(context.get("numOfControls")); + Integer nums = (Integer) (context.get("numOfControls")); CMCOutputTemplate template = new CMCOutputTemplate(); // if there is only one control GetCert, then simple response - // must be returned. + // must be returned. if (nums != null && nums.intValue() == 1) { - TaggedAttribute attr1 = (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); + TaggedAttribute attr1 = (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); if (attr1 != null) { template.createSimpleResponse(response, reqs); } else - template.createFullResponse(response, reqs, - cert_request_type, null); + template.createFullResponse(response, reqs, + cert_request_type, null); } else - template.createFullResponse(response, reqs, - cert_request_type, null); + template.createFullResponse(response, reqs, + cert_request_type, null); return; } String errorCode = null; - String errorReason = null; + String errorReason = null; - /////////////////////////////////////////////// + // ///////////////////////////////////////////// // populate request - /////////////////////////////////////////////// + // ///////////////////////////////////////////// for (int k = 0; k < reqs.length; k++) { // adding parameters to request setInputsIntoRequest(request, profile, reqs[k]); // serial auth token into request if (authToken != null) { - Enumeration tokenNames = authToken.getElements(); - while (tokenNames.hasMoreElements()) { - String tokenName = (String)tokenNames.nextElement(); - String[] vals = authToken.getInStringArray(tokenName); - if (vals != null) { - for (int i = 0; i < vals.length; i++) { - reqs[k].setExtData(ARG_AUTH_TOKEN + "." + - tokenName + "[" + i + "]", vals[i]); - } - } else { - String val = authToken.getInString(tokenName); - if (val != null) { - reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName, - val); - } - } - } - } + Enumeration tokenNames = authToken.getElements(); + while (tokenNames.hasMoreElements()) { + String tokenName = (String) tokenNames.nextElement(); + String[] vals = authToken.getInStringArray(tokenName); + if (vals != null) { + for (int i = 0; i < vals.length; i++) { + reqs[k].setExtData(ARG_AUTH_TOKEN + "." + + tokenName + "[" + i + "]", vals[i]); + } + } else { + String val = authToken.getInString(tokenName); + if (val != null) { + reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName, + val); + } + } + } + } // put profile framework parameters into the request reqs[k].setExtData(ARG_PROFILE, "true"); @@ -589,7 +587,7 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } @@ -598,13 +596,13 @@ profile, IRequest req) { reqs[k].setExtData(ARG_PROFILE_REMOTE_HOST, request.getRemoteHost()); reqs[k].setExtData(ARG_PROFILE_REMOTE_ADDR, request.getRemoteAddr()); - CMS.debug("ProfileSubmitCMCServlet: request " + - reqs[k].getRequestId().toString()); + CMS.debug("ProfileSubmitCMCServlet: request " + + reqs[k].getRequestId().toString()); try { CMS.debug("ProfileSubmitCMCServlet: populating request inputs"); // give authenticator a chance to populate the request - if (authenticator != null) { + if (authenticator != null) { authenticator.populate(authToken, reqs[k]); } profile.populateInput(ctx, reqs[k]); @@ -620,12 +618,12 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.BAD_REQUEST, s); + OtherInfo.BAD_REQUEST, s); return; } catch (Throwable e) { CMS.debug("ProfileSubmitCMCServlet: populate " + e.toString()); - // throw new IOException("Profile " + profileId + - // " cannot populate"); + // throw new IOException("Profile " + profileId + + // " cannot populate"); CMCOutputTemplate template = new CMCOutputTemplate(); SEQUENCE seq = new SEQUENCE(); seq.addElement(new INTEGER(0)); @@ -635,7 +633,7 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } } @@ -647,28 +645,27 @@ profile, IRequest req) { int responseType = 0; try { - /////////////////////////////////////////////// + // ///////////////////////////////////////////// // submit request - /////////////////////////////////////////////// + // ///////////////////////////////////////////// int error_codes[] = null; if (reqs != null && reqs.length > 0) - error_codes = new int[reqs.length]; + error_codes = new int[reqs.length]; for (int k = 0; k < reqs.length; k++) { try { // reset the "auditRequesterID" auditRequesterID = auditRequesterID(reqs[k]); - // print request debug if (reqs[k] != null) { - Enumeration reqKeys = reqs[k].getExtDataKeys(); - while (reqKeys.hasMoreElements()) { - String reqKey = (String)reqKeys.nextElement(); - String reqVal = reqs[k].getExtDataInString(reqKey); - if (reqVal != null) { - CMS.debug("ProfileSubmitCMCServlet: key=$request." + reqKey + "$ value=" + reqVal); + Enumeration reqKeys = reqs[k].getExtDataKeys(); + while (reqKeys.hasMoreElements()) { + String reqKey = (String) reqKeys.nextElement(); + String reqVal = reqs[k].getExtDataInString(reqKey); + if (reqVal != null) { + CMS.debug("ProfileSubmitCMCServlet: key=$request." + reqKey + "$ value=" + reqVal); + } } - } } profile.submit(authToken, reqs[k]); @@ -698,16 +695,16 @@ profile, IRequest req) { // need to notify INotify notify = profile.getRequestQueue().getPendingNotify(); if (notify != null) { - notify.notify(reqs[k]); + notify.notify(reqs[k]); } - + CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString()); errorCode = "2"; errorReason = CMS.getUserMessage(locale, "CMS_PROFILE_DEFERRED", e.toString()); } catch (ERejectException e) { - // return error to the user + // return error to the user reqs[k].setRequestStatus(RequestStatus.REJECTED); CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString()); errorCode = "3"; @@ -722,7 +719,7 @@ profile, IRequest req) { "CMS_INTERNAL_ERROR"); } - try { + try { if (errorCode == null) { profile.getRequestQueue().markAsServiced(reqs[k]); } else { @@ -730,7 +727,7 @@ profile, IRequest req) { } } catch (EBaseException e) { CMS.debug("ProfileSubmitCMCServlet: updateRequest " + - e.toString()); + e.toString()); } if (errorCode != null) { @@ -774,40 +771,40 @@ profile, IRequest req) { return; } - /////////////////////////////////////////////// - // output output list - /////////////////////////////////////////////// - - CMS.debug("ProfileSubmitCMCServlet: done serving"); - CMCOutputTemplate template = new CMCOutputTemplate(); - if (cert_request_type.equals("pkcs10") || cert_request_type.equals("crmf")) { - - if (outputFormat != null &&outputFormat.equals("pkcs7")) { - byte[] pkcs7 = CMS.getPKCS7(locale, reqs[0]); - response.setContentType("application/pkcs7-mime"); - response.setContentLength(pkcs7.length); - try { - OutputStream os = response.getOutputStream(); - os.write(pkcs7); - os.flush(); - } catch (Exception ee) { - } - return; - } - template.createSimpleResponse(response, reqs); - } else if (cert_request_type.equals("cmc")) { - Integer nums = (Integer)(context.get("numOfControls")); - if (nums != null && nums.intValue() == 1) { - TaggedAttribute attr1 = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); - if (attr1 != null) { - template.createSimpleResponse(response, reqs); - return; - } - } - template.createFullResponse(response, reqs, cert_request_type, - error_codes); - } + // ///////////////////////////////////////////// + // output output list + // ///////////////////////////////////////////// + + CMS.debug("ProfileSubmitCMCServlet: done serving"); + CMCOutputTemplate template = new CMCOutputTemplate(); + if (cert_request_type.equals("pkcs10") || cert_request_type.equals("crmf")) { + + if (outputFormat != null && outputFormat.equals("pkcs7")) { + byte[] pkcs7 = CMS.getPKCS7(locale, reqs[0]); + response.setContentType("application/pkcs7-mime"); + response.setContentLength(pkcs7.length); + try { + OutputStream os = response.getOutputStream(); + os.write(pkcs7); + os.flush(); + } catch (Exception ee) { + } + return; + } + template.createSimpleResponse(response, reqs); + } else if (cert_request_type.equals("cmc")) { + Integer nums = (Integer) (context.get("numOfControls")); + if (nums != null && nums.intValue() == 1) { + TaggedAttribute attr1 = + (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); + if (attr1 != null) { + template.createSimpleResponse(response, reqs); + return; + } + } + template.createFullResponse(response, reqs, cert_request_type, + error_codes); + } } finally { SessionContext.releaseContext(); } @@ -815,11 +812,11 @@ profile, IRequest req) { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -845,11 +842,11 @@ profile, IRequest req) { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param request request containing an X509CertImpl * @return cert string containing the certificate */ diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java index 3f663619..9a830dbf 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.math.BigInteger; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; @@ -72,10 +71,9 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.util.Cert; import com.netscape.cmsutil.xml.XMLObject; - /** * This servlet submits end-user request into the profile framework. - * + * * @author Christina Fu (renewal support) * @version $Revision$, $Date$ */ @@ -97,34 +95,31 @@ public class ProfileSubmitServlet extends ProfileServlet { private String mReqType = null; private String mAuthorityId = null; - private final static String[] - SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { - - /* 0 */ "automated profile cert request rejection: " + private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { + + /* 0 */"automated profile cert request rejection: " + "indeterminate reason for inability to process " + "cert request due to an EBaseException" }; private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; - - - private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = - "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; - private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = + "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; + private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = + "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; public ProfileSubmitServlet() { } /** - * initialize the servlet. And instance of this servlet can - * be set up to always issue certificates against a certain profile - * by setting the 'profileId' configuration in the servletConfig - * If not, the user must specify the profileID when submitting the request + * initialize the servlet. And instance of this servlet can be set up to + * always issue certificates against a certain profile by setting the + * 'profileId' configuration in the servletConfig If not, the user must + * specify the profileID when submitting the request * * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -146,7 +141,8 @@ public class ProfileSubmitServlet extends ProfileServlet { while (inputNames.hasMoreElements()) { String inputName = (String) inputNames.nextElement(); if (request.getParameter(inputName) != null) { - // all subject name parameters start with sn_, no other input parameters do + // all subject name parameters start with sn_, no other + // input parameters do if (inputName.matches("^sn_.*")) { ctx.set(inputName, escapeValueRfc1779(request.getParameter(inputName), false).toString()); } else { @@ -159,10 +155,9 @@ public class ProfileSubmitServlet extends ProfileServlet { } - /* - * fill input info from "request" to context. - * This is expected to be used by renewal where the request - * is retrieved from request record + /* + * fill input info from "request" to context. This is expected to be used by + * renewal where the request is retrieved from request record */ private void setInputsIntoContext(IRequest request, IProfile profile, IProfileContext ctx, Locale locale) { // passing inputs into context @@ -185,7 +180,7 @@ public class ProfileSubmitServlet extends ProfileServlet { } if (inputValue != null) { - CMS.debug("ProfileSubmitServlet: setInputsIntoContext() setting value in ctx:"+ inputValue); + CMS.debug("ProfileSubmitServlet: setInputsIntoContext() setting value in ctx:" + inputValue); ctx.set(inputName, inputValue); } else { CMS.debug("ProfileSubmitServlet: setInputsIntoContext() value null"); @@ -196,8 +191,6 @@ public class ProfileSubmitServlet extends ProfileServlet { } - - private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator, IProfileContext ctx) { Enumeration<String> authIds = authenticator.getValueNames(); @@ -206,8 +199,8 @@ public class ProfileSubmitServlet extends ProfileServlet { while (authIds.hasMoreElements()) { String authName = (String) authIds.nextElement(); - CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName:"+ - authName); + CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName:" + + authName); if (request.getParameter(authName) != null) { CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName found in request"); ctx.set(authName, request.getParameter(authName)); @@ -232,7 +225,7 @@ public class ProfileSubmitServlet extends ProfileServlet { String n = t.substring(0, i); if (n.equalsIgnoreCase("uid")) { String v = t.substring(i + 1); - CMS.debug("ProfileSubmitServlet:: getUidFromDN(): uid found:"+v); + CMS.debug("ProfileSubmitServlet:: getUidFromDN(): uid found:" + v); return v; } else { continue; @@ -242,70 +235,70 @@ public class ProfileSubmitServlet extends ProfileServlet { } /* - * authenticate for renewal - more to add necessary params/values - * to the session context + * authenticate for renewal - more to add necessary params/values to the + * session context */ public IAuthToken authenticate(IProfileAuthenticator authenticator, - HttpServletRequest request, IRequest origReq, SessionContext context) - throws EBaseException { - IAuthToken authToken = authenticate(authenticator, request); - // For renewal, fill in necessary params - if (authToken!= null) { - String ouid = origReq.getExtDataInString("auth_token.uid"); - // if the orig cert was manually approved, then there was - // no auth token uid. Try to get the uid from the cert dn - // itself, if possible - if (ouid == null) { - String sdn = (String) context.get("origSubjectDN"); - if (sdn != null) { - ouid = getUidFromDN(sdn); - if (ouid != null) - CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found"); - } - } else { - CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found in orig request auth_token"); - } - String auid = authToken.getInString("uid"); - if (auid != null) { // not through ssl client auth - CMS.debug("ProfileSubmitServlet: renewal: authToken uid found:"+auid); - // authenticated with uid - // put "orig_req.auth_token.uid" so that authz with - // UserOrigReqAccessEvaluator will work - if (ouid != null) { - context.put("orig_req.auth_token.uid", ouid); - CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found:"+ouid); - } else { - CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found"); - } - } else { // through ssl client auth? - CMS.debug("ProfileSubmitServlet: renewal: authToken uid not found:"); - // put in orig_req's uid - if (ouid != null) { - CMS.debug("ProfileSubmitServlet: renewal: origReq uid not null:" +ouid+". Setting authtoken"); - authToken.set("uid", ouid); - context.put(SessionContext.USER_ID, ouid); - } else { - CMS.debug("ProfileSubmitServlet: renewal: origReq uid not found"); -// throw new EBaseException("origReq uid not found"); - } - } - - String userdn = origReq.getExtDataInString("auth_token.userdn"); - if (userdn != null) { - CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not null:"+userdn+". Setting authtoken"); - authToken.set("userdn", userdn); - } else { - CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not found"); -// throw new EBaseException("origReq userdn not found"); - } + HttpServletRequest request, IRequest origReq, SessionContext context) + throws EBaseException { + IAuthToken authToken = authenticate(authenticator, request); + // For renewal, fill in necessary params + if (authToken != null) { + String ouid = origReq.getExtDataInString("auth_token.uid"); + // if the orig cert was manually approved, then there was + // no auth token uid. Try to get the uid from the cert dn + // itself, if possible + if (ouid == null) { + String sdn = (String) context.get("origSubjectDN"); + if (sdn != null) { + ouid = getUidFromDN(sdn); + if (ouid != null) + CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found"); + } + } else { + CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found in orig request auth_token"); + } + String auid = authToken.getInString("uid"); + if (auid != null) { // not through ssl client auth + CMS.debug("ProfileSubmitServlet: renewal: authToken uid found:" + auid); + // authenticated with uid + // put "orig_req.auth_token.uid" so that authz with + // UserOrigReqAccessEvaluator will work + if (ouid != null) { + context.put("orig_req.auth_token.uid", ouid); + CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found:" + ouid); + } else { + CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found"); + } + } else { // through ssl client auth? + CMS.debug("ProfileSubmitServlet: renewal: authToken uid not found:"); + // put in orig_req's uid + if (ouid != null) { + CMS.debug("ProfileSubmitServlet: renewal: origReq uid not null:" + ouid + ". Setting authtoken"); + authToken.set("uid", ouid); + context.put(SessionContext.USER_ID, ouid); } else { - CMS.debug("ProfileSubmitServlet: renewal: authToken null"); + CMS.debug("ProfileSubmitServlet: renewal: origReq uid not found"); + // throw new EBaseException("origReq uid not found"); } - return authToken; + } + + String userdn = origReq.getExtDataInString("auth_token.userdn"); + if (userdn != null) { + CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not null:" + userdn + ". Setting authtoken"); + authToken.set("userdn", userdn); + } else { + CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not found"); + // throw new EBaseException("origReq userdn not found"); + } + } else { + CMS.debug("ProfileSubmitServlet: renewal: authToken null"); + } + return authToken; } public IAuthToken authenticate(IProfileAuthenticator authenticator, - HttpServletRequest request) throws EBaseException { + HttpServletRequest request) throws EBaseException { AuthCredentials credentials = new AuthCredentials(); // build credential @@ -323,12 +316,12 @@ public class ProfileSubmitServlet extends ProfileServlet { IAuthToken authToken = authenticator.authenticate(credentials); SessionContext sc = SessionContext.getContext(); - if (sc != null) { - sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); - String userid = authToken.getInString(IAuthToken.USER_ID); - if (userid != null) { - sc.put(SessionContext.USER_ID, userid); - } + if (sc != null) { + sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); + String userid = authToken.getInString(IAuthToken.USER_ID); + if (userid != null) { + sc.put(SessionContext.USER_ID, userid); + } } return authToken; @@ -348,7 +341,8 @@ public class ProfileSubmitServlet extends ProfileServlet { String inputName = (String) inputNames.nextElement(); if (request.getParameter(inputName) != null) { - // special characters in subject names parameters must be escaped + // special characters in subject names parameters + // must be escaped if (inputName.matches("^sn_.*")) { req.setExtData(inputName, escapeValueRfc1779(request.getParameter(inputName), false).toString()); } else { @@ -361,10 +355,9 @@ public class ProfileSubmitServlet extends ProfileServlet { } } - /* - * fill input info from orig request to the renew request. - * This is expected to be used by renewal where the request - * is retrieved from request record + /* + * fill input info from orig request to the renew request. This is expected + * to be used by renewal where the request is retrieved from request record */ private void setInputsIntoRequest(IRequest request, IProfile profile, IRequest req, Locale locale) { // passing inputs into request @@ -387,7 +380,7 @@ public class ProfileSubmitServlet extends ProfileServlet { } if (inputValue != null) { - CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() setting value in ctx:"+ inputValue); + CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() setting value in ctx:" + inputValue); req.setExtData(inputName, inputValue); } else { CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() value null"); @@ -412,8 +405,8 @@ public class ProfileSubmitServlet extends ProfileServlet { while (outputNames.hasMoreElements()) { ArgSet outputset = new ArgSet(); String outputName = (String) outputNames.nextElement(); - IDescriptor outputDesc = - profileOutput.getValueDescriptor(locale, outputName); + IDescriptor outputDesc = + profileOutput.getValueDescriptor(locale, outputName); if (outputDesc == null) continue; @@ -423,7 +416,7 @@ public class ProfileSubmitServlet extends ProfileServlet { String outputValue = null; try { - outputValue = profileOutput.getValue(outputName, + outputValue = profileOutput.getValue(outputName, locale, req); } catch (EProfileException e) { CMS.debug("ProfileSubmitServlet: " + e.toString()); @@ -446,7 +439,7 @@ public class ProfileSubmitServlet extends ProfileServlet { * <P> * * (Certificate Request Processed - either an automated "EE" profile based - * cert acceptance, or an automated "EE" profile based cert rejection) + * cert acceptance, or an automated "EE" profile based cert rejection) * <P> * * <ul> @@ -454,6 +447,7 @@ public class ProfileSubmitServlet extends ProfileServlet { * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> + * * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ @@ -476,9 +470,9 @@ public class ProfileSubmitServlet extends ProfileServlet { CMS.debug("xmlOutput false"); } - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("enrollment", true /* main action */); + statsSub.startTiming("enrollment", true /* main action */); } long startTime = CMS.getCurrentDate().getTime(); @@ -488,34 +482,34 @@ public class ProfileSubmitServlet extends ProfileServlet { if (CMS.debugOn()) { CMS.debug("Start of ProfileSubmitServlet Input Parameters"); @SuppressWarnings("unchecked") - Enumeration<String> paramNames = request.getParameterNames(); + Enumeration<String> paramNames = request.getParameterNames(); while (paramNames.hasMoreElements()) { String paramName = paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( paramName.startsWith("__") || - paramName.endsWith("password") || - paramName.endsWith("passwd") || - paramName.endsWith("pwd") || - paramName.equalsIgnoreCase("admin_password_again") || - paramName.equalsIgnoreCase("directoryManagerPwd") || - paramName.equalsIgnoreCase("bindpassword") || - paramName.equalsIgnoreCase("bindpwd") || - paramName.equalsIgnoreCase("passwd") || - paramName.equalsIgnoreCase("password") || - paramName.equalsIgnoreCase("pin") || - paramName.equalsIgnoreCase("pwd") || - paramName.equalsIgnoreCase("pwdagain") || - paramName.equalsIgnoreCase("uPasswd") ) { + if (paramName.startsWith("__") || + paramName.endsWith("password") || + paramName.endsWith("passwd") || + paramName.endsWith("pwd") || + paramName.equalsIgnoreCase("admin_password_again") || + paramName.equalsIgnoreCase("directoryManagerPwd") || + paramName.equalsIgnoreCase("bindpassword") || + paramName.equalsIgnoreCase("bindpwd") || + paramName.equalsIgnoreCase("passwd") || + paramName.equalsIgnoreCase("password") || + paramName.equalsIgnoreCase("pin") || + paramName.equalsIgnoreCase("pwd") || + paramName.equalsIgnoreCase("pwdagain") || + paramName.equalsIgnoreCase("uPasswd")) { CMS.debug("ProfileSubmitServlet Input Parameter " + paramName + "='(sensitive)'"); } else { CMS.debug("ProfileSubmitServlet Input Parameter " + - paramName + "='" + + paramName + "='" + request.getParameter(paramName) + "'"); } } @@ -528,44 +522,42 @@ public class ProfileSubmitServlet extends ProfileServlet { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileSubmitServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileSubmitServlet: ProfileSubsystem not found"); if (xmlOutput) { outputError(response, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } return; } /* * Renewal - Renewal is retrofitted into the Profile Enrollment - * Framework. The authentication and authorization are taken from - * the renewal profile, while the input (with requests) and grace - * period constraint are taken from the original cert's request record. + * Framework. The authentication and authorization are taken from the + * renewal profile, while the input (with requests) and grace period + * constraint are taken from the original cert's request record. * - * Things to note: - * * the renew request will contain the original profile instead - * of the new - * * there is no request for system and admin certs generated at - * time of installation configuration. + * Things to note: * the renew request will contain the original profile + * instead of the new * there is no request for system and admin certs + * generated at time of installation configuration. */ String renewal = request.getParameter("renewal"); boolean isRenewal = false; - if ((renewal!= null) && (renewal.equalsIgnoreCase("true"))) { + if ((renewal != null) && (renewal.equalsIgnoreCase("true"))) { CMS.debug("ProfileSubmitServlet: isRenewal true"); isRenewal = true; - request.setAttribute("reqType", (Object)"renewal"); + request.setAttribute("reqType", (Object) "renewal"); } else { CMS.debug("ProfileSubmitServlet: isRenewal false"); } @@ -593,11 +585,11 @@ public class ProfileSubmitServlet extends ProfileServlet { if (isRenewal) { // dig up the original request to "clone" renewProfileId = profileId; - CMS.debug("ProfileSubmitServlet: renewProfileId ="+renewProfileId); + CMS.debug("ProfileSubmitServlet: renewProfileId =" + renewProfileId); IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); if (authority == null) { CMS.debug("ProfileSubmitServlet: renewal: Authority " + mAuthorityId + - " not found"); + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -608,7 +600,7 @@ public class ProfileSubmitServlet extends ProfileServlet { if (queue == null) { CMS.debug("ProfileSubmitServlet: renewal: Request Queue of " + - mAuthorityId + " not found"); + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -619,7 +611,7 @@ public class ProfileSubmitServlet extends ProfileServlet { String serial = request.getParameter("serial_num"); BigInteger certSerial = null; // if serial number is sent with request, then the authentication - // method is not ssl client auth. In this case, an alternative + // method is not ssl client auth. In this case, an alternative // authentication method is used (default: ldap based) if (serial != null) { CMS.debug("ProfileSubmitServlet: renewal: found serial_num"); @@ -638,7 +630,7 @@ public class ProfileSubmitServlet extends ProfileServlet { CMS.debug("ProfileSubmitServlet: renewal: no ssl client cert chain"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } else { // has ssl client cert @@ -646,45 +638,45 @@ public class ProfileSubmitServlet extends ProfileServlet { // shouldn't expect leaf cert to be always at the // same location X509Certificate clientCert = null; - for (int i = 0; i< certs.length; i++) { + for (int i = 0; i < certs.length; i++) { clientCert = certs[i]; - byte [] extBytes = clientCert.getExtensionValue("2.5.29.19"); + byte[] extBytes = clientCert.getExtensionValue("2.5.29.19"); // try to see if this is a leaf cert // look for BasicConstraint extension if (extBytes == null) { // found leaf cert - CMS.debug("ProfileSubmitServlet: renewal: found leaf cert"); + CMS.debug("ProfileSubmitServlet: renewal: found leaf cert"); break; } else { - CMS.debug("ProfileSubmitServlet: renewal: found cert having BasicConstraints ext"); - // it's got BasicConstraints extension - // so it's not likely to be a leaf cert, - // however, check the isCA field regardless - try { - BasicConstraintsExtension bce = - new BasicConstraintsExtension(true, extBytes); - if (bce != null) { - if (!(Boolean)bce.get("is_ca")) { - CMS.debug("ProfileSubmitServlet: renewal: found CA cert in chain"); - break; - } // else found a ca cert, continue - } - } catch (Exception e) { - CMS.debug("ProfileSubmitServlet: renewal: exception:"+ + CMS.debug("ProfileSubmitServlet: renewal: found cert having BasicConstraints ext"); + // it's got BasicConstraints extension + // so it's not likely to be a leaf cert, + // however, check the isCA field regardless + try { + BasicConstraintsExtension bce = + new BasicConstraintsExtension(true, extBytes); + if (bce != null) { + if (!(Boolean) bce.get("is_ca")) { + CMS.debug("ProfileSubmitServlet: renewal: found CA cert in chain"); + break; + } // else found a ca cert, continue + } + } catch (Exception e) { + CMS.debug("ProfileSubmitServlet: renewal: exception:" + e.toString()); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); - outputTemplate(request, response, args); - return; - } + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); + outputTemplate(request, response, args); + return; + } } } if (clientCert == null) { CMS.debug("ProfileSubmitServlet: renewal: no client cert in chain"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -694,10 +686,10 @@ public class ProfileSubmitServlet extends ProfileServlet { clientCert = new X509CertImpl(certEncoded); } catch (Exception e) { - CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString()); + CMS.debug("ProfileSubmitServlet: renewal: exception:" + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -706,7 +698,7 @@ public class ProfileSubmitServlet extends ProfileServlet { } } - CMS.debug("ProfileSubmitServlet: renewal: serial number of cert to renew:"+ certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal: serial number of cert to renew:" + certSerial.toString()); try { ICertificateRepository certDB = null; @@ -716,28 +708,28 @@ public class ProfileSubmitServlet extends ProfileServlet { if (certDB == null) { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } ICertRecord rec = (ICertRecord) certDB.readCertificateRecord(certSerial); - if (rec == null) { - CMS.debug("ProfileSubmitServlet: renewal cert record not found for serial number "+ certSerial.toString()); + if (rec == null) { + CMS.debug("ProfileSubmitServlet: renewal cert record not found for serial number " + certSerial.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } else { - CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:"+ certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:" + certSerial.toString()); // check to see if the cert is revoked or revoked_expired if ((rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) || (rec.getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED))) { - CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = "+ certSerial.toString()); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_CA_CANNOT_RENEW_REVOKED_CERT", certSerial.toString())); - outputTemplate(request, response, args); - return; + CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = " + certSerial.toString()); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_CA_CANNOT_RENEW_REVOKED_CERT", certSerial.toString())); + outputTemplate(request, response, args); + return; } MetaInfo metaInfo = (MetaInfo) rec.get(ICertRecord.ATTR_META_INFO); // note: CA's internal certs don't have request ids @@ -748,54 +740,56 @@ public class ProfileSubmitServlet extends ProfileServlet { if (rid != null) { origReq = queue.findRequest(new RequestId(rid)); if (origReq != null) { - CMS.debug("ProfileSubmitServlet: renewal: found original enrollment request id:"+ rid); + CMS.debug("ProfileSubmitServlet: renewal: found original enrollment request id:" + rid); // debug: print the extData keys Enumeration<String> en = origReq.getExtDataKeys(); -/* - CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print BEGINS"); - while (en.hasMoreElements()) { - String next = (String) en.nextElement(); - CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key:"+ next); - } - CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print ENDS"); -*/ + /* + * CMS.debug( + * "ProfileSubmitServlet: renewal: origRequest extdata key print BEGINS" + * ); while (en.hasMoreElements()) { String next + * = (String) en.nextElement(); CMS.debug( + * "ProfileSubmitServlet: renewal: origRequest extdata key:" + * + next); } CMS.debug( + * "ProfileSubmitServlet: renewal: origRequest extdata key print ENDS" + * ); + */ String requestorE = origReq.getExtDataInString("requestor_email"); - CMS.debug("ProfileSubmitServlet: renewal original requestor email="+requestorE); + CMS.debug("ProfileSubmitServlet: renewal original requestor email=" + requestorE); profileId = origReq.getExtDataInString("profileId"); if (profileId != null) - CMS.debug("ProfileSubmitServlet: renewal original profileId="+profileId); + CMS.debug("ProfileSubmitServlet: renewal original profileId=" + profileId); else { - CMS.debug("ProfileSubmitServlet: renewal original profileId not found"); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); - outputTemplate(request, response, args); - return; + CMS.debug("ProfileSubmitServlet: renewal original profileId not found"); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); + outputTemplate(request, response, args); + return; } origSeqNum = origReq.getExtDataInInteger(IEnrollProfile.REQUEST_SEQ_NUM); - - } else { //if origReq - CMS.debug("ProfileSubmitServlet: renewal original request not found for request id "+ rid); + + } else { // if origReq + CMS.debug("ProfileSubmitServlet: renewal original request not found for request id " + rid); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } } else { - CMS.debug("ProfileSubmitServlet: renewal: cert record locating request id in MetaInfo failed for serial number "+ certSerial.toString()); - CMS.debug("ProfileSubmitServlet: renewal: cert may be bootstrapped system cert during installation/configuration - no request record exists"); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR"+": original request not found")); - outputTemplate(request, response, args); - return; + CMS.debug("ProfileSubmitServlet: renewal: cert record locating request id in MetaInfo failed for serial number " + certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal: cert may be bootstrapped system cert during installation/configuration - no request record exists"); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR" + ": original request not found")); + outputTemplate(request, response, args); + return; } } else { - CMS.debug("ProfileSubmitServlet: renewal: cert record locating MetaInfo failed for serial number "+ certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal: cert record locating MetaInfo failed for serial number " + certSerial.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -803,96 +797,96 @@ public class ProfileSubmitServlet extends ProfileServlet { CMS.debug("ProfileSubmitServlet: renewal: before getting origNotAfter"); X509CertImpl origCert = rec.getCertificate(); origNotAfter = origCert.getNotAfter(); - CMS.debug("ProfileSubmitServlet: renewal: origNotAfter ="+ - origNotAfter.toString()); + CMS.debug("ProfileSubmitServlet: renewal: origNotAfter =" + + origNotAfter.toString()); origSubjectDN = origCert.getSubjectDN().getName(); - CMS.debug("ProfileSubmitServlet: renewal: orig subj dn ="+ - origSubjectDN); + CMS.debug("ProfileSubmitServlet: renewal: orig subj dn =" + + origSubjectDN); } } catch (Exception e) { - CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString()); + CMS.debug("ProfileSubmitServlet: renewal: exception:" + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } } // end isRenewal - IProfile profile = null; + IProfile profile = null; IProfile renewProfile = null; - try { - profile = ps.getProfile(profileId); + try { + profile = ps.getProfile(profileId); if (isRenewal) { // in case of renew, "profile" is the orig profile // while "renewProfile" is the current profile used for renewal - renewProfile = ps.getProfile(renewProfileId); + renewProfile = ps.getProfile(renewProfileId); } - } catch (EProfileException e) { - if(profile == null) { - CMS.debug("ProfileSubmitServlet: profile not found profileId " + - profileId + " " + e.toString()); + } catch (EProfileException e) { + if (profile == null) { + CMS.debug("ProfileSubmitServlet: profile not found profileId " + + profileId + " " + e.toString()); } if (renewProfile == null) { CMS.debug("ProfileSubmitServlet: profile not found renewProfileId " + - renewProfileId + " " + e.toString()); + renewProfileId + " " + e.toString()); } } if (profile == null) { if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale,"CMS_PROFILE_NOT_FOUND", profileId)); + outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); + "CMS_PROFILE_NOT_FOUND", profileId)); outputTemplate(request, response, args); } return; } if (isRenewal && (renewProfile == null)) { if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale,"CMS_PROFILE_NOT_FOUND", renewProfileId)); + outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId)); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", renewProfileId)); + "CMS_PROFILE_NOT_FOUND", renewProfileId)); outputTemplate(request, response, args); } return; } if (!ps.isProfileEnable(profileId)) { - CMS.debug("ProfileSubmitServlet: Profile " + profileId + - " not enabled"); + CMS.debug("ProfileSubmitServlet: Profile " + profileId + + " not enabled"); if (xmlOutput) { outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); + "CMS_PROFILE_NOT_FOUND", profileId)); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } return; } if (isRenewal) { - if (!ps.isProfileEnable(renewProfileId)) { - CMS.debug("ProfileSubmitServlet: renewal Profile " + renewProfileId + - " not enabled"); - if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId)); - } else { - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", renewProfileId)); - outputTemplate(request, response, args); + if (!ps.isProfileEnable(renewProfileId)) { + CMS.debug("ProfileSubmitServlet: renewal Profile " + renewProfileId + + " not enabled"); + if (xmlOutput) { + outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId)); + } else { + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_PROFILE_NOT_FOUND", renewProfileId)); + outputTemplate(request, response, args); + } + return; } - return; - } } IProfileContext ctx = profile.createContext(); @@ -909,40 +903,41 @@ public class ProfileSubmitServlet extends ProfileServlet { } } catch (EProfileException e) { // authenticator not installed correctly - CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString()); + CMS.debug("ProfileSubmitServlet: renewal: exception:" + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } if (authenticator == null) { CMS.debug("ProfileSubmitServlet: authenticator not found"); } else { - CMS.debug("ProfileSubmitServlet: authenticator " + - authenticator.getName() + " found"); + CMS.debug("ProfileSubmitServlet: authenticator " + + authenticator.getName() + " found"); setCredentialsIntoContext(request, authenticator, ctx); } - // for renewal, this will override or add auth info to the profile context + // for renewal, this will override or add auth info to the profile + // context if (isRenewal) { - if (origAuthenticator!= null) { - CMS.debug("ProfileSubmitServlet: for renewal, original authenticator " + - origAuthenticator.getName() + " found"); - setCredentialsIntoContext(request, origAuthenticator, ctx); - } else { - CMS.debug("ProfileSubmitServlet: for renewal, original authenticator not found"); - } + if (origAuthenticator != null) { + CMS.debug("ProfileSubmitServlet: for renewal, original authenticator " + + origAuthenticator.getName() + " found"); + setCredentialsIntoContext(request, origAuthenticator, ctx); + } else { + CMS.debug("ProfileSubmitServlet: for renewal, original authenticator not found"); + } } CMS.debug("ProfileSubmistServlet: set Inputs into profile Context"); if (isRenewal) { - // for renewal, input needs to be retrieved from the orig req record + // for renewal, input needs to be retrieved from the orig req record CMS.debug("ProfileSubmitServlet: set original Inputs into profile Context"); setInputsIntoContext(origReq, profile, ctx, locale); ctx.set(IEnrollProfile.CTX_RENEWAL, "true"); ctx.set("renewProfileId", renewProfileId); - ctx.set(IEnrollProfile.CTX_RENEWAL_SEQ_NUM, origSeqNum.toString()); + ctx.set(IEnrollProfile.CTX_RENEWAL_SEQ_NUM, origSeqNum.toString()); } else { setInputsIntoContext(request, profile, ctx); } @@ -956,14 +951,14 @@ public class ProfileSubmitServlet extends ProfileServlet { SessionContext context = SessionContext.getContext(); // insert profile context so that input parameter can be retrieved - context.put("profileContext", ctx); - context.put("sslClientCertProvider", - new SSLClientCertProvider(request)); + context.put("profileContext", ctx); + context.put("sslClientCertProvider", + new SSLClientCertProvider(request)); CMS.debug("ProfileSubmitServlet: set sslClientCertProvider"); if ((isRenewal == true) && (origSubjectDN != null)) - context.put("origSubjectDN", origSubjectDN); + context.put("origSubjectDN", origSubjectDN); if (statsSub != null) { - statsSub.startTiming("profile_authentication"); + statsSub.startTiming("profile_authentication"); } if (authenticator != null) { @@ -972,23 +967,24 @@ public class ProfileSubmitServlet extends ProfileServlet { String uid_cred = "Unidentified"; String uid_attempted_cred = "Unidentified"; Enumeration<String> authIds = authenticator.getValueNames(); - //Attempt to possibly fetch attemped uid, may not always be available. + // Attempt to possibly fetch attemped uid, may not always be + // available. if (authIds != null) { while (authIds.hasMoreElements()) { - String authName = authIds.nextElement(); - String value = request.getParameter(authName); + String authName = authIds.nextElement(); + String value = request.getParameter(authName); if (value != null) { - if (authName.equals("uid")) { - uid_attempted_cred = value; - } + if (authName.equals("uid")) { + uid_attempted_cred = value; + } } } } - String authSubjectID = auditSubjectID(); + String authSubjectID = auditSubjectID(); - String authMgrID = authenticator.getName(); - String auditMessage = null; + String authMgrID = authenticator.getName(); + String auditMessage = null; try { if (isRenewal) { CMS.debug("ProfileSubmitServlet: renewal authenticate begins"); @@ -998,25 +994,25 @@ public class ProfileSubmitServlet extends ProfileServlet { authToken = authenticate(authenticator, request); } } catch (EBaseException e) { - CMS.debug("ProfileSubmitServlet: authentication error " + - e.toString()); + CMS.debug("ProfileSubmitServlet: authentication error " + + e.toString()); // authentication error if (xmlOutput) { outputError(response, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_ERROR")); + "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("authentication"); + statsSub.endTiming("authentication"); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } - //audit log our authentication failure + // audit log our authentication failure authSubjectID += " : " + uid_cred; auditMessage = CMS.getLogMessage( @@ -1030,9 +1026,10 @@ public class ProfileSubmitServlet extends ProfileServlet { return; } - //Log successful authentication + // Log successful authentication - //Attempt to get uid from authToken, most tokens respond to the "uid" cred. + // Attempt to get uid from authToken, most tokens respond to the + // "uid" cred. uid_cred = authToken.getInString("uid"); if (uid_cred == null || uid_cred.length() == 0) { @@ -1040,7 +1037,7 @@ public class ProfileSubmitServlet extends ProfileServlet { } authSubjectID = authSubjectID + " : " + uid_cred; - + // store a message in the signed audit log file auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, @@ -1052,7 +1049,7 @@ public class ProfileSubmitServlet extends ProfileServlet { } if (statsSub != null) { - statsSub.endTiming("profile_authentication"); + statsSub.endTiming("profile_authentication"); } // authentication success @@ -1061,23 +1058,23 @@ public class ProfileSubmitServlet extends ProfileServlet { // do profile authorization String acl = null; if (isRenewal) - acl = renewProfile.getAuthzAcl(); + acl = renewProfile.getAuthzAcl(); else - acl = profile.getAuthzAcl(); - CMS.debug("ProfileSubmitServlet: authz using acl: "+acl); + acl = profile.getAuthzAcl(); + CMS.debug("ProfileSubmitServlet: authz using acl: " + acl); if (acl != null && acl.length() > 0) { try { String resource = profileId + ".authz.acl"; AuthzToken authzToken = authorize(mAclMethod, resource, authToken, acl); } catch (Exception e) { - CMS.debug("ProfileSubmitServlet authorize: "+e.toString()); + CMS.debug("ProfileSubmitServlet authorize: " + e.toString()); if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale, - "CMS_AUTHORIZATION_ERROR")); + outputError(response, CMS.getUserMessage(locale, + "CMS_AUTHORIZATION_ERROR")); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHORIZATION_ERROR")); + "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); } @@ -1089,11 +1086,11 @@ public class ProfileSubmitServlet extends ProfileServlet { IRequest reqs[] = null; if (statsSub != null) { - statsSub.startTiming("request_population"); + statsSub.startTiming("request_population"); } - /////////////////////////////////////////////// + // ///////////////////////////////////////////// // create request - /////////////////////////////////////////////// + // ///////////////////////////////////////////// try { reqs = profile.createRequests(ctx, locale); } catch (EProfileException e) { @@ -1107,8 +1104,8 @@ public class ProfileSubmitServlet extends ProfileServlet { outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } catch (Throwable e) { @@ -1119,44 +1116,44 @@ public class ProfileSubmitServlet extends ProfileServlet { } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } String errorCode = null; - String errorReason = null; + String errorReason = null; - /////////////////////////////////////////////// + // ///////////////////////////////////////////// // populate request - /////////////////////////////////////////////// + // ///////////////////////////////////////////// for (int k = 0; k < reqs.length; k++) { boolean fromRA = false; String uid = ""; // adding parameters to request if (isRenewal) { - setInputsIntoRequest(origReq, profile, reqs[k], locale); - // set orig expiration date to be used in Validity constraint - reqs[k].setExtData("origNotAfter", - BigInteger.valueOf(origNotAfter.getTime())); - // set subjectDN to be used in subject name default - reqs[k].setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, origSubjectDN); - // set request type - reqs[k].setRequestType("renewal"); + setInputsIntoRequest(origReq, profile, reqs[k], locale); + // set orig expiration date to be used in Validity constraint + reqs[k].setExtData("origNotAfter", + BigInteger.valueOf(origNotAfter.getTime())); + // set subjectDN to be used in subject name default + reqs[k].setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, origSubjectDN); + // set request type + reqs[k].setRequestType("renewal"); } else - setInputsIntoRequest(request, profile, reqs[k]); + setInputsIntoRequest(request, profile, reqs[k]); // serial auth token into request if (authToken != null) { Enumeration<String> tokenNames = authToken.getElements(); while (tokenNames.hasMoreElements()) { - String tokenName = tokenNames.nextElement(); + String tokenName = tokenNames.nextElement(); String[] tokenVals = authToken.getInStringArray(tokenName); if (tokenVals != null) { for (int i = 0; i < tokenVals.length; i++) { @@ -1181,7 +1178,7 @@ public class ProfileSubmitServlet extends ProfileServlet { } if (fromRA) { - CMS.debug("ProfileSubmitServlet: request from RA: "+ uid); + CMS.debug("ProfileSubmitServlet: request from RA: " + uid); reqs[k].setExtData(ARG_REQUEST_OWNER, uid); } @@ -1200,13 +1197,13 @@ public class ProfileSubmitServlet extends ProfileServlet { outputError(response, FAILED, CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"), reqs[k].getRequestId().toString()); } else { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } @@ -1216,13 +1213,13 @@ public class ProfileSubmitServlet extends ProfileServlet { reqs[k].setExtData(ARG_PROFILE_REMOTE_HOST, request.getRemoteHost()); reqs[k].setExtData(ARG_PROFILE_REMOTE_ADDR, request.getRemoteAddr()); - CMS.debug("ProfileSubmitServlet: request " + - reqs[k].getRequestId().toString()); + CMS.debug("ProfileSubmitServlet: request " + + reqs[k].getRequestId().toString()); try { CMS.debug("ProfileSubmitServlet: populating request inputs"); // give authenticator a chance to populate the request - if (authenticator != null) { + if (authenticator != null) { authenticator.populate(authToken, reqs[k]); } profile.populateInput(ctx, reqs[k]); @@ -1237,31 +1234,31 @@ public class ProfileSubmitServlet extends ProfileServlet { outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } catch (Throwable e) { CMS.debug("ProfileSubmitServlet: populate " + e.toString()); - // throw new IOException("Profile " + profileId + - // " cannot populate"); + // throw new IOException("Profile " + profileId + + // " cannot populate"); if (xmlOutput) { outputError(response, FAILED, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"), reqs[k].getRequestId().toString()); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } } if (statsSub != null) { - statsSub.endTiming("request_population"); + statsSub.endTiming("request_population"); } String auditMessage = null; @@ -1270,9 +1267,9 @@ public class ProfileSubmitServlet extends ProfileServlet { String auditInfoCertValue = ILogger.SIGNED_AUDIT_EMPTY_VALUE; try { - /////////////////////////////////////////////// + // ///////////////////////////////////////////// // submit request - /////////////////////////////////////////////// + // ///////////////////////////////////////////// String requestIds = ""; // deliminated with double space for (int k = 0; k < reqs.length; k++) { try { @@ -1281,15 +1278,15 @@ public class ProfileSubmitServlet extends ProfileServlet { // print request debug if (reqs[k] != null) { - requestIds += " "+reqs[k].getRequestId().toString(); - Enumeration<String> reqKeys = reqs[k].getExtDataKeys(); - while (reqKeys.hasMoreElements()) { - String reqKey = reqKeys.nextElement(); - String reqVal = reqs[k].getExtDataInString(reqKey); - if (reqVal != null) { - CMS.debug("ProfileSubmitServlet: key=$request." + reqKey + "$ value=" + reqVal); + requestIds += " " + reqs[k].getRequestId().toString(); + Enumeration<String> reqKeys = reqs[k].getExtDataKeys(); + while (reqKeys.hasMoreElements()) { + String reqKey = reqKeys.nextElement(); + String reqVal = reqs[k].getExtDataInString(reqKey); + if (reqVal != null) { + CMS.debug("ProfileSubmitServlet: key=$request." + reqKey + "$ value=" + reqVal); + } } - } } profile.submit(authToken, reqs[k]); @@ -1319,16 +1316,16 @@ public class ProfileSubmitServlet extends ProfileServlet { // need to notify INotify notify = profile.getRequestQueue().getPendingNotify(); if (notify != null) { - notify.notify(reqs[k]); + notify.notify(reqs[k]); } - + CMS.debug("ProfileSubmitServlet: submit " + e.toString()); errorCode = "2"; errorReason = CMS.getUserMessage(locale, "CMS_PROFILE_DEFERRED", e.toString()); } catch (ERejectException e) { - // return error to the user + // return error to the user reqs[k].setRequestStatus(RequestStatus.REJECTED); CMS.debug("ProfileSubmitServlet: submit " + e.toString()); errorCode = "3"; @@ -1343,7 +1340,7 @@ public class ProfileSubmitServlet extends ProfileServlet { "CMS_INTERNAL_ERROR"); } - try { + try { if (errorCode == null) { profile.getRequestQueue().markAsServiced(reqs[k]); } else { @@ -1351,7 +1348,7 @@ public class ProfileSubmitServlet extends ProfileServlet { } } catch (EBaseException e) { CMS.debug("ProfileSubmitServlet: updateRequest " + - e.toString()); + e.toString()); } if (errorCode != null) { @@ -1396,7 +1393,7 @@ public class ProfileSubmitServlet extends ProfileServlet { ArgSet requestset = new ArgSet(); requestset.set(ARG_REQUEST_ID, - reqs[k].getRequestId().toString()); + reqs[k].getRequestId().toString()); requestlist.add(requestset); } args.set(ARG_REQUEST_LIST, requestlist); @@ -1405,14 +1402,14 @@ public class ProfileSubmitServlet extends ProfileServlet { outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } return; } - /////////////////////////////////////////////// - // output output list - /////////////////////////////////////////////// + // ///////////////////////////////////////////// + // output output list + // ///////////////////////////////////////////// if (xmlOutput) { xmlOutput(response, profile, locale, reqs); } else { @@ -1431,7 +1428,7 @@ public class ProfileSubmitServlet extends ProfileServlet { ArgSet requestset = new ArgSet(); requestset.set(ARG_REQUEST_ID, - reqs[k].getRequestId().toString()); + reqs[k].getRequestId().toString()); requestlist.add(requestset); } args.set(ARG_REQUEST_LIST, requestlist); @@ -1454,14 +1451,14 @@ public class ProfileSubmitServlet extends ProfileServlet { audit(auditMessage); if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } throw eAudit1; } finally { SessionContext.releaseContext(); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } } @@ -1473,19 +1470,19 @@ public class ProfileSubmitServlet extends ProfileServlet { Node root = xmlObj.createRoot("XMLResponse"); xmlObj.addItemToContainer(root, "Status", SUCCESS); Node n = xmlObj.createContainer(root, "Requests"); - CMS.debug("ProfileSubmitServlet xmlOutput: req len = " +reqs.length); + CMS.debug("ProfileSubmitServlet xmlOutput: req len = " + reqs.length); - for (int i=0; i<reqs.length; i++) { + for (int i = 0; i < reqs.length; i++) { Node subnode = xmlObj.createContainer(n, "Request"); xmlObj.addItemToContainer(subnode, "Id", reqs[i].getRequestId().toString()); X509CertInfo certInfo = - reqs[i].getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + reqs[i].getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); if (certInfo != null) { - String subject = ""; - subject = (String) certInfo.get(X509CertInfo.SUBJECT).toString(); - xmlObj.addItemToContainer(subnode, "SubjectDN", subject); + String subject = ""; + subject = (String) certInfo.get(X509CertInfo.SUBJECT).toString(); + xmlObj.addItemToContainer(subnode, "SubjectDN", subject); } else { - CMS.debug("ProfileSubmitServlet xmlOutput: no certInfo found in request"); + CMS.debug("ProfileSubmitServlet xmlOutput: no certInfo found in request"); } Enumeration<String> outputIds = profile.getProfileOutputIds(); if (outputIds != null) { @@ -1501,23 +1498,23 @@ public class ProfileSubmitServlet extends ProfileServlet { try { String outputValue = profileOutput.getValue(outputName, locale, reqs[i]); if (outputName.equals("b64_cert")) { - String ss = Cert.normalizeCertStrAndReq(outputValue); - outputValue = Cert.stripBrackets(ss); - byte[] bcode = CMS.AtoB(outputValue); - X509CertImpl impl = new X509CertImpl(bcode); - xmlObj.addItemToContainer(subnode, - "serialno", impl.getSerialNumber().toString(16)); - xmlObj.addItemToContainer(subnode, "b64", outputValue); + String ss = Cert.normalizeCertStrAndReq(outputValue); + outputValue = Cert.stripBrackets(ss); + byte[] bcode = CMS.AtoB(outputValue); + X509CertImpl impl = new X509CertImpl(bcode); + xmlObj.addItemToContainer(subnode, + "serialno", impl.getSerialNumber().toString(16)); + xmlObj.addItemToContainer(subnode, "b64", outputValue); }// if b64_cert else if (outputName.equals("pkcs7")) { - String ss = Cert.normalizeCertStrAndReq(outputValue); - xmlObj.addItemToContainer(subnode, "pkcs7", ss); + String ss = Cert.normalizeCertStrAndReq(outputValue); + xmlObj.addItemToContainer(subnode, "pkcs7", ss); } - + } catch (EProfileException e) { - CMS.debug("ProfileSubmitServlet xmlOutput: "+e.toString()); + CMS.debug("ProfileSubmitServlet xmlOutput: " + e.toString()); } catch (Exception e) { - CMS.debug("ProfileSubmitServlet xmlOutput: "+e.toString()); + CMS.debug("ProfileSubmitServlet xmlOutput: " + e.toString()); } } } @@ -1534,11 +1531,11 @@ public class ProfileSubmitServlet extends ProfileServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -1564,11 +1561,11 @@ public class ProfileSubmitServlet extends ProfileServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param request request containing an X509CertImpl * @return cert string containing the certificate */ diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java b/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java index 989710e3..0114f632 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java @@ -32,9 +32,8 @@ public class SSLClientCertProvider implements ISSLClientCertProvider { public X509Certificate[] getClientCertificateChain() { X509Certificate[] allCerts = (X509Certificate[]) - mRequest.getAttribute("javax.servlet.request.X509Certificate"); + mRequest.getAttribute("javax.servlet.request.X509Certificate"); return allCerts; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java index 6a9ccac5..2f14fe71 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.lang.reflect.Array; @@ -61,18 +60,15 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.RawJS; - /** * Output a 'pretty print' of a certificate request - * + * * @version $Revision$, $Date$ */ public class CertReqParser extends ReqParser { - - public static final CertReqParser - DETAIL_PARSER = new CertReqParser(true); - public static final CertReqParser - NODETAIL_PARSER = new CertReqParser(false); + + public static final CertReqParser DETAIL_PARSER = new CertReqParser(true); + public static final CertReqParser NODETAIL_PARSER = new CertReqParser(false); private boolean mDetails = true; private IPrettyPrintFormat pp = null; @@ -86,7 +82,7 @@ public class CertReqParser extends ReqParser { /** * Constructs a certificate request parser. - * + * * @param details return detailed information (this can be time consuming) */ public CertReqParser(boolean details) { @@ -101,34 +97,30 @@ public class CertReqParser extends ReqParser { private static final String RB = "]"; private static final String EQ = " = "; - private static final String - HTTP_PARAMS_COUNTER = IRequest.HTTP_PARAMS + LB + "httpParamsCount++" + RB; - private static final String - HTTP_HEADERS_COUNTER = IRequest.HTTP_HEADERS + LB + "httpHeadersCount++" + RB; - private static final String - AUTH_TOKEN_COUNTER = IRequest.AUTH_TOKEN + LB + "authTokenCount++" + RB; - private static final String - SERVER_ATTRS_COUNTER = IRequest.SERVER_ATTRS + LB + "serverAttrsCount++" + RB; + private static final String HTTP_PARAMS_COUNTER = IRequest.HTTP_PARAMS + LB + "httpParamsCount++" + RB; + private static final String HTTP_HEADERS_COUNTER = IRequest.HTTP_HEADERS + LB + "httpHeadersCount++" + RB; + private static final String AUTH_TOKEN_COUNTER = IRequest.AUTH_TOKEN + LB + "authTokenCount++" + RB; + private static final String SERVER_ATTRS_COUNTER = IRequest.SERVER_ATTRS + LB + "serverAttrsCount++" + RB; /** * Fills in certificate specific request attributes. */ public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { + throws EBaseException { if (req.getExtDataInCertInfoArray(IRequest.CERT_INFO) != null) { - fillX509RequestIntoArg(l, req, argSet, arg); + fillX509RequestIntoArg(l, req, argSet, arg); } else if (req.getExtDataInRevokedCertArray(IRequest.CERT_INFO) != null) { - fillRevokeRequestIntoArg(l, req, argSet, arg); + fillRevokeRequestIntoArg(l, req, argSet, arg); } else { - //o = req.get(IRequest.OLD_CERTS); - //if (o != null) - fillRevokeRequestIntoArg(l, req, argSet, arg); + // o = req.get(IRequest.OLD_CERTS); + // if (o != null) + fillRevokeRequestIntoArg(l, req, argSet, arg); } } - + private void fillX509RequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { - + throws EBaseException { + // fill in the standard attributes super.fillRequestIntoArg(l, req, argSet, arg); @@ -138,19 +130,19 @@ public class CertReqParser extends ReqParser { Enumeration<String> enum1 = req.getExtDataKeys(); // gross hack - String prefix = "record."; + String prefix = "record."; if (argSet.getHeader() == arg) prefix = "header."; while (enum1.hasMoreElements()) { - String name = enum1.nextElement(); + String name = enum1.nextElement(); if (mDetails) { // show all http parameters stored in request. if (name.equalsIgnoreCase(IRequest.HTTP_PARAMS)) { Hashtable<String, ?> http_params = req.getExtDataInHashtable(name); - // show certType specially + // show certType specially String certType = (String) http_params.get(IRequest.CERT_TYPE); if (certType != null) { @@ -166,16 +158,16 @@ public class CertReqParser extends ReqParser { Enumeration<String> elms = http_params.keys(); while (elms.hasMoreElements()) { - String parami = - IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB; + String parami = + IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB; // hack - String n = elms.nextElement(); + String n = elms.nextElement(); String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + - prefix + parami + ".value=\"" + - CMSTemplate.escapeJavaScriptStringHTML( - http_params.get(n).toString()) + "\""; + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + + prefix + parami + ".value=\"" + + CMSTemplate.escapeJavaScriptStringHTML( + http_params.get(n).toString()) + "\""; arg.set(parami, new RawJS(rawJS)); } @@ -186,16 +178,16 @@ public class CertReqParser extends ReqParser { int counter = 0; while (elms.hasMoreElements()) { - String parami = - IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB; + String parami = + IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB; // hack - String n = elms.nextElement(); + String n = elms.nextElement(); String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + - prefix + parami + ".value=\"" + - CMSTemplate.escapeJavaScriptStringHTML( - http_hdrs.get(n).toString()) + "\""; + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + + prefix + parami + ".value=\"" + + CMSTemplate.escapeJavaScriptStringHTML( + http_hdrs.get(n).toString()) + "\""; arg.set(parami, new RawJS(rawJS)); } @@ -206,23 +198,24 @@ public class CertReqParser extends ReqParser { int counter = 0; while (elms.hasMoreElements()) { - String parami = - IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB; + String parami = + IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB; // hack - String n = elms.nextElement(); + String n = elms.nextElement(); Object authTokenValue = auth_token.getInStringArray(n); if (authTokenValue == null) { authTokenValue = auth_token.getInString(n); } String v = expandValue(prefix + parami + ".value", - authTokenValue); + authTokenValue); String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v; + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v; arg.set(parami, new RawJS(rawJS)); } - } // all others are request attrs from policy or internal modules. + } // all others are request attrs from policy or internal + // modules. else { Object val; if (req.isSimpleExtDataValue(name)) { @@ -235,41 +228,41 @@ public class CertReqParser extends ReqParser { } String valstr = ""; // hack - String parami = - IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB; + String parami = + IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB; if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) && mDetails && - (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) || + (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) || req.getRequestType().equals(IRequest.GETREVOCATIONINFO_REQUEST))) { X509CertImpl issuedCert[] = - req.getExtDataInCertArray(IRequest.ISSUED_CERTS); + req.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (issuedCert != null && issuedCert[0] != null) { - val = "<pre>"+CMS.getCertPrettyPrint(issuedCert[0]).toString(l)+"</pre>"; + val = "<pre>" + CMS.getCertPrettyPrint(issuedCert[0]).toString(l) + "</pre>"; } } else if (name.equalsIgnoreCase(IRequest.CERT_INFO) && mDetails) { X509CertInfo[] certInfo = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (certInfo != null && certInfo[0] != null) { - val = "<pre>"+certInfo[0].toString()+"</pre>"; + val = "<pre>" + certInfo[0].toString() + "</pre>"; } } valstr = expandValue(prefix + parami + ".value", val); String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(name) + "\";\n" + - valstr; // java string already escaped in expandValue. + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(name) + "\";\n" + + valstr; // java string already escaped in + // expandValue. arg.set(parami, new RawJS(rawJS)); } } if (name.equalsIgnoreCase(IRequest.REQUESTOR_PHONE) - || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL) - || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS) - || name.equalsIgnoreCase(IRequest.RESULT) - || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE) - ) { + || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL) + || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS) + || name.equalsIgnoreCase(IRequest.RESULT) + || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)) { arg.addStringValue(name, req.getExtDataInString(name)); } @@ -299,12 +292,12 @@ public class CertReqParser extends ReqParser { } if (name.equalsIgnoreCase(IRequest.CERT_INFO)) { - // Get the certificate info from the request + // Get the certificate info from the request X509CertInfo[] certInfo = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (certInfo != null && certInfo[0] != null) { - // Get the subject name if any set. + // Get the subject name if any set. CertificateSubjectName subjectName = null; String signatureAlgorithm = null; String signatureAlgorithmName = null; @@ -332,9 +325,9 @@ public class CertReqParser extends ReqParser { if (mDetails) { try { CertificateAlgorithmId certAlgId = (CertificateAlgorithmId) - certInfo[0].get(X509CertInfo.ALGORITHM_ID); + certInfo[0].get(X509CertInfo.ALGORITHM_ID); AlgorithmId algId = (AlgorithmId) - certAlgId.get(CertificateAlgorithmId.ALGORITHM); + certAlgId.get(CertificateAlgorithmId.ALGORITHM); signatureAlgorithm = (algId.getOID()).toString(); signatureAlgorithmName = algId.getName(); @@ -362,36 +355,36 @@ public class CertReqParser extends ReqParser { // only know about ns cert type if (ext instanceof NSCertTypeExtension) { - NSCertTypeExtension nsExtensions = - (NSCertTypeExtension) ext; + NSCertTypeExtension nsExtensions = + (NSCertTypeExtension) ext; try { arg.addStringValue("ext_" + NSCertTypeExtension.SSL_SERVER, - nsExtensions.get(NSCertTypeExtension.SSL_SERVER).toString()); + nsExtensions.get(NSCertTypeExtension.SSL_SERVER).toString()); arg.addStringValue("ext_" + NSCertTypeExtension.SSL_CLIENT, - nsExtensions.get(NSCertTypeExtension.SSL_CLIENT).toString()); + nsExtensions.get(NSCertTypeExtension.SSL_CLIENT).toString()); arg.addStringValue("ext_" + NSCertTypeExtension.EMAIL, - nsExtensions.get(NSCertTypeExtension.EMAIL).toString()); + nsExtensions.get(NSCertTypeExtension.EMAIL).toString()); arg.addStringValue("ext_" + NSCertTypeExtension.OBJECT_SIGNING, - nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING).toString()); + nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING).toString()); arg.addStringValue("ext_" + NSCertTypeExtension.SSL_CA, - nsExtensions.get(NSCertTypeExtension.SSL_CA).toString()); + nsExtensions.get(NSCertTypeExtension.SSL_CA).toString()); arg.addStringValue("ext_" + NSCertTypeExtension.EMAIL_CA, - nsExtensions.get(NSCertTypeExtension.EMAIL_CA).toString()); + nsExtensions.get(NSCertTypeExtension.EMAIL_CA).toString()); arg.addStringValue("ext_" + NSCertTypeExtension.OBJECT_SIGNING_CA, - nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING_CA).toString()); + nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING_CA).toString()); } catch (Exception e) { } } else if (ext instanceof BasicConstraintsExtension) { - BasicConstraintsExtension bcExt = - (BasicConstraintsExtension) ext; + BasicConstraintsExtension bcExt = + (BasicConstraintsExtension) ext; Integer pathLength = null; Boolean isCA = null; @@ -410,8 +403,8 @@ public class CertReqParser extends ReqParser { IArgBlock rr = CMS.createArgBlock(); rr.addStringValue( - EXT_PRETTYPRINT, - CMS.getExtPrettyPrint(ext, 0).toString()); + EXT_PRETTYPRINT, + CMS.getExtPrettyPrint(ext, 0).toString()); argSet.addRepeatRecord(rr); } } @@ -419,7 +412,7 @@ public class CertReqParser extends ReqParser { } - // Get the public key + // Get the public key CertificateX509Key certKey = null; try { @@ -440,17 +433,17 @@ public class CertReqParser extends ReqParser { if (key != null) { arg.addStringValue("subjectPublicKeyInfo", - key.getAlgorithm() + " - " + key.getAlgorithmId().getOID().toString()); + key.getAlgorithm() + " - " + key.getAlgorithmId().getOID().toString()); arg.addStringValue("subjectPublicKey", - pp.toHexString(key.getKey(), 0, 16)); + pp.toHexString(key.getKey(), 0, 16)); } - // Get the validity period + // Get the validity period CertificateValidity validity = null; try { validity = - (CertificateValidity) + (CertificateValidity) certInfo[0].get(X509CertInfo.VALIDITY); if (validity != null) { long validityLength = (((Date) validity.get(CertificateValidity.NOT_AFTER)).getTime() - ((Date) validity.get(CertificateValidity.NOT_BEFORE)).getTime()) / 1000; @@ -475,7 +468,7 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - oldSerialNo[i], 16); + oldSerialNo[i], 16); argSet.addRepeatRecord(rarg); } } @@ -483,10 +476,10 @@ public class CertReqParser extends ReqParser { } if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) && mDetails && - (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) || + (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) || req.getRequestType().equals(IRequest.GETREVOCATIONINFO_REQUEST))) { X509CertImpl issuedCert[] = - req.getExtDataInCertArray(IRequest.ISSUED_CERTS); + req.getExtDataInCertArray(IRequest.ISSUED_CERTS); arg.addBigIntegerValue("serialNumber", issuedCert[0].getSerialNumber(), 16); // Set Serial No for 2nd certificate @@ -495,7 +488,7 @@ public class CertReqParser extends ReqParser { } if (name.equalsIgnoreCase(IRequest.OLD_CERTS) && mDetails) { X509CertImpl oldCert[] = - req.getExtDataInCertArray(IRequest.OLD_CERTS); + req.getExtDataInCertArray(IRequest.OLD_CERTS); if (oldCert != null && oldCert.length > 0) { arg.addBigIntegerValue("serialNumber", oldCert[0].getSerialNumber(), 16); @@ -505,7 +498,7 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - oldCert[i].getSerialNumber(), 16); + oldCert[i].getSerialNumber(), 16); argSet.addRepeatRecord(rarg); } } @@ -526,7 +519,7 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert[i].getSerialNumber(), 16); + cert[i].getSerialNumber(), 16); argSet.addRepeatRecord(rarg); } } catch (IOException e) { @@ -535,16 +528,16 @@ public class CertReqParser extends ReqParser { } } if (name.equalsIgnoreCase(IRequest.FINGERPRINTS) && mDetails) { - Hashtable<String, Object> fingerprints = - req.getExtDataInHashtable(IRequest.FINGERPRINTS); + Hashtable<String, Object> fingerprints = + req.getExtDataInHashtable(IRequest.FINGERPRINTS); if (fingerprints != null) { String namesAndHashes = null; Enumeration<String> enumFingerprints = fingerprints.keys(); - while (enumFingerprints.hasMoreElements()) { + while (enumFingerprints.hasMoreElements()) { String hashname = enumFingerprints.nextElement(); - String hashvalue = (String) fingerprints.get(hashname); + String hashvalue = (String) fingerprints.get(hashname); byte[] fingerprint = CMS.AtoB(hashvalue); String ppFingerprint = pp.toHexString(fingerprint, 0); @@ -578,7 +571,7 @@ public class CertReqParser extends ReqParser { StringBuffer sb = new StringBuffer(); for (@SuppressWarnings("unchecked") - Enumeration<String> n = ((Vector<String>)v).elements(); n.hasMoreElements(); j++) { + Enumeration<String> n = ((Vector<String>) v).elements(); n.hasMoreElements(); j++) { sb.append(";\n"); sb.append(valuename); sb.append(LB); @@ -588,8 +581,8 @@ public class CertReqParser extends ReqParser { sb.append("\""); sb.append( CMSTemplate.escapeJavaScriptStringHTML( - n.nextElement().toString())); - sb.append( "\";\n"); + n.nextElement().toString())); + sb.append("\";\n"); } sb.append("\n"); valstr = sb.toString(); @@ -599,7 +592,7 @@ public class CertReqParser extends ReqParser { // if an array. int len = -1; - try { + try { len = Array.getLength(v); } catch (IllegalArgumentException e) { } @@ -611,7 +604,7 @@ public class CertReqParser extends ReqParser { if (Array.get(v, i) != null) valstr += ";\n" + valuename + LB + i + RB + EQ + "\"" + CMSTemplate.escapeJavaScriptStringHTML( - Array.get(v, i).toString()) + "\";\n"; + Array.get(v, i).toString()) + "\";\n"; } return valstr; } @@ -620,16 +613,16 @@ public class CertReqParser extends ReqParser { // if string or unrecognized type, just call its toString method. return valuename + "=\"" + - CMSTemplate.escapeJavaScriptStringHTML(v.toString()) + "\""; + CMSTemplate.escapeJavaScriptStringHTML(v.toString()) + "\""; } public String getRequestorDN(IRequest request) { try { X509CertInfo info = (X509CertInfo) - request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); // retrieve the subject name CertificateSubjectName sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); + info.get(X509CertInfo.SUBJECT); return sn.toString(); } catch (Exception e) { @@ -644,15 +637,15 @@ public class CertReqParser extends ReqParser { String cid = request.getExtDataInString(IRequest.NETKEY_ATTR_CUID); if (cid == null) { - cid = ""; + cid = ""; } String uid = request.getExtDataInString(IRequest.NETKEY_ATTR_USERID); if (uid == null) { - uid = ""; + uid = ""; } - kid = cid+":"+uid; + kid = cid + ":" + uid; if (kid.equals(":")) { - kid = ""; + kid = ""; } return kid; @@ -663,14 +656,14 @@ public class CertReqParser extends ReqParser { } private void fillRevokeRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { + throws EBaseException { // fill in the standard attributes super.fillRequestIntoArg(l, req, argSet, arg); arg.addStringValue("certExtsEnabled", "yes"); String profile = req.getExtDataInString("profile"); - //CMS.debug("CertReqParser: profile=" + profile); + // CMS.debug("CertReqParser: profile=" + profile); if (profile != null) { arg.addStringValue("profile", profile); String requestorDN = getRequestorDN(req); @@ -691,7 +684,7 @@ public class CertReqParser extends ReqParser { Enumeration<String> enum1 = req.getExtDataKeys(); // gross hack - String prefix = "record."; + String prefix = "record."; if (argSet.getHeader() == arg) prefix = "header."; @@ -703,7 +696,7 @@ public class CertReqParser extends ReqParser { // show all http parameters stored in request. if (name.equalsIgnoreCase(IRequest.HTTP_PARAMS)) { Hashtable<String, Object> http_params = req.getExtDataInHashtable(name); - // show certType specially + // show certType specially String certType = (String) http_params.get(IRequest.CERT_TYPE); if (certType != null) { @@ -714,16 +707,16 @@ public class CertReqParser extends ReqParser { Enumeration<String> elms = http_params.keys(); while (elms.hasMoreElements()) { - String parami = - IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB; + String parami = + IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + - prefix + parami + ".value=\"" + - CMSTemplate.escapeJavaScriptStringHTML( - http_params.get(n).toString()) + "\""; + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + + prefix + parami + ".value=\"" + + CMSTemplate.escapeJavaScriptStringHTML( + http_params.get(n).toString()) + "\""; arg.set(parami, new RawJS(rawJS)); } @@ -734,16 +727,16 @@ public class CertReqParser extends ReqParser { int counter = 0; while (elms.hasMoreElements()) { - String parami = - IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB; + String parami = + IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + - prefix + parami + ".value=\"" + - CMSTemplate.escapeJavaScriptStringHTML( - http_hdrs.get(n).toString()) + "\""; + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + + prefix + parami + ".value=\"" + + CMSTemplate.escapeJavaScriptStringHTML( + http_hdrs.get(n).toString()) + "\""; arg.set(parami, new RawJS(rawJS)); } @@ -754,20 +747,21 @@ public class CertReqParser extends ReqParser { int counter = 0; while (elms.hasMoreElements()) { - String parami = - IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB; + String parami = + IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); - String v = - expandValue(prefix + parami + ".value", - auth_token.getInString(n)); + String v = + expandValue(prefix + parami + ".value", + auth_token.getInString(n)); String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v; + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v; arg.set(parami, new RawJS(rawJS)); } - } // all others are request attrs from policy or internal modules. + } // all others are request attrs from policy or internal + // modules. else { Object val; if (req.isSimpleExtDataValue(name)) { @@ -780,25 +774,25 @@ public class CertReqParser extends ReqParser { } String valstr = ""; // hack - String parami = - IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB; + String parami = + IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB; valstr = expandValue(prefix + parami + ".value", val); String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(name) + "\";\n" + - valstr; // java string already escaped in expandValue. + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(name) + "\";\n" + + valstr; // java string already escaped in + // expandValue. arg.set(parami, new RawJS(rawJS)); } } if (name.equalsIgnoreCase(IRequest.REQUESTOR_PHONE) - || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL) - || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS) - || name.equalsIgnoreCase(IRequest.RESULT) - || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE) - ) { + || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL) + || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS) + || name.equalsIgnoreCase(IRequest.RESULT) + || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)) { arg.addStringValue(name, req.getExtDataInString(name)); } @@ -828,7 +822,7 @@ public class CertReqParser extends ReqParser { } if (name.equalsIgnoreCase(IRequest.CERT_INFO)) { - // Get the certificate info from the request + // Get the certificate info from the request RevokedCertImpl revokedCert[] = req.getExtDataInRevokedCertArray(IRequest.CERT_INFO); if (mDetails && revokedCert != null) { @@ -837,7 +831,7 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - revokedCert[i].getSerialNumber(), 16); + revokedCert[i].getSerialNumber(), 16); CRLExtensions crlExtensions = revokedCert[i].getExtensions(); @@ -847,19 +841,19 @@ public class CertReqParser extends ReqParser { if (ext instanceof CRLReasonExtension) { rarg.addStringValue("reason", - ((CRLReasonExtension) ext).getReason().toString()); + ((CRLReasonExtension) ext).getReason().toString()); } } } else { rarg.addStringValue("reason", - RevocationReason.UNSPECIFIED.toString()); + RevocationReason.UNSPECIFIED.toString()); } argSet.addRepeatRecord(rarg); } } else { arg.addBigIntegerValue("serialNumber", - revokedCert[0].getSerialNumber(), 16); + revokedCert[0].getSerialNumber(), 16); } } } @@ -873,7 +867,7 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - oldSerialNo[i], 16); + oldSerialNo[i], 16); argSet.addRepeatRecord(rarg); } } @@ -881,11 +875,11 @@ public class CertReqParser extends ReqParser { } if (name.equalsIgnoreCase(IRequest.OLD_CERTS) && mDetails) { - //X509CertImpl oldCert[] = - // (X509CertImpl[])req.get(IRequest.OLD_CERTS); + // X509CertImpl oldCert[] = + // (X509CertImpl[])req.get(IRequest.OLD_CERTS); Certificate oldCert[] = - (Certificate[]) req.getExtDataInCertArray(IRequest.OLD_CERTS); - + (Certificate[]) req.getExtDataInCertArray(IRequest.OLD_CERTS); + if (oldCert != null && oldCert.length > 0) { if (oldCert[0] instanceof X509CertImpl) { X509CertImpl xcert = (X509CertImpl) oldCert[0]; @@ -898,7 +892,7 @@ public class CertReqParser extends ReqParser { xcert = (X509CertImpl) oldCert[i]; rarg.addBigIntegerValue("serialNumber", - xcert.getSerialNumber(), 16); + xcert.getSerialNumber(), 16); argSet.addRepeatRecord(rarg); } } @@ -907,9 +901,9 @@ public class CertReqParser extends ReqParser { } if (name.equalsIgnoreCase(IRequest.REVOKED_CERTS) && mDetails && - req.getRequestType().equals("getRevocationInfo")) { - RevokedCertImpl revokedCert[] = - req.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS); + req.getRequestType().equals("getRevocationInfo")) { + RevokedCertImpl revokedCert[] = + req.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS); if (revokedCert != null && revokedCert[0] != null) { boolean reasonFound = false; @@ -920,7 +914,7 @@ public class CertReqParser extends ReqParser { if (ext instanceof CRLReasonExtension) { arg.addStringValue("reason", - ((CRLReasonExtension) ext).getReason().toString()); + ((CRLReasonExtension) ext).getReason().toString()); reasonFound = true; } } @@ -931,5 +925,5 @@ public class CertReqParser extends ReqParser { } } } - + } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java index 127f2ce8..ce05b408 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.File; @@ -81,10 +80,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Check the status of a certificate request - * + * * @version $Revision$, $Date$ */ public class CheckRequest extends CMSServlet { @@ -116,15 +114,15 @@ public class CheckRequest extends CMSServlet { /** * Constructs request query servlet. */ - public CheckRequest() - throws EBaseException { + public CheckRequest() + throws EBaseException { super(); } /** * initialize the servlet. This servlet uses the template file * "requestStatus.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -140,12 +138,12 @@ public class CheckRequest extends CMSServlet { * Process the HTTP request. * <ul> * <li>http.param requestId ID of the request to check - * <li>http.param format if 'id', then check the request based on - * the request ID parameter. If set to CMC, then use the - * 'queryPending' parameter. + * <li>http.param format if 'id', then check the request based on the + * request ID parameter. If set to CMC, then use the 'queryPending' + * parameter. * <li>http.param queryPending query formatted as a CMC request * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -166,10 +164,10 @@ public class CheckRequest extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -187,9 +185,9 @@ public class CheckRequest extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -212,13 +210,13 @@ public class CheckRequest extends CMSServlet { isCMCReq = true; byte[] cmcBlob = CMS.AtoB(queryPending); ByteArrayInputStream cmcBlobIn = - new ByteArrayInputStream(cmcBlob); + new ByteArrayInputStream(cmcBlob); org.mozilla.jss.pkix.cms.ContentInfo cii = (org.mozilla.jss.pkix.cms.ContentInfo) - org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); + org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); SignedData cmcFullReq = (SignedData) - cii.getInterpretedContent(); - + cii.getInterpretedContent(); + EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); OBJECT_IDENTIFIER id = ci.getContentType(); @@ -235,7 +233,7 @@ public class CheckRequest extends CMSServlet { for (int i = 0; i < numControls; i++) { // decode message. - TaggedAttribute taggedAttr = (TaggedAttribute) controlSequence.elementAt(i); + TaggedAttribute taggedAttr = (TaggedAttribute) controlSequence.elementAt(i); OBJECT_IDENTIFIER type = taggedAttr.getType(); if (type.equals(OBJECT_IDENTIFIER.id_cmc_QueryPending)) { @@ -246,18 +244,16 @@ public class CheckRequest extends CMSServlet { // We only process one for now. if (numReq > 0) { OCTET_STRING reqId = (OCTET_STRING) - ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(requestIds.elementAt(0))); + ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(requestIds.elementAt(0))); requestId = new String(reqId.toByteArray()); } } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_transactionId)) { transIds = taggedAttr.getValues(); - }else if - (type.equals(OBJECT_IDENTIFIER.id_cmc_recipientNonce)) { + } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_recipientNonce)) { rNonces = taggedAttr.getValues(); - } else if - (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { + } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { sNonces = taggedAttr.getValues(); } } @@ -276,7 +272,7 @@ public class CheckRequest extends CMSServlet { mCACerts = ((ICertAuthority) mAuthority).getCACertChain().getChain(); } catch (Exception e) { throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE")); + CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE")); } if (requestId == null || requestId.trim().equals("")) { @@ -289,34 +285,34 @@ public class CheckRequest extends CMSServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId)); throw new EBaseException( CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); - } + } IRequest r = mQueue.findRequest(new RequestId(requestId)); if (r == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND_1", requestId)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); + CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); } if (authToken != null) { - // if RA, requestOwner must match the group - String group = authToken.getInString("group"); - if ((group != null) && (group != "")) { - if (group.equals("Registration Manager Agents")) { - boolean groupMatched = false; - String requestOwner = r.getExtDataInString("requestOwner"); - if (requestOwner != null) { - if (requestOwner.equals(group)) - groupMatched = true; - } - if (groupMatched == false) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId.toString())); - throw new EBaseException( - CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); - } + // if RA, requestOwner must match the group + String group = authToken.getInString("group"); + if ((group != null) && (group != "")) { + if (group.equals("Registration Manager Agents")) { + boolean groupMatched = false; + String requestOwner = r.getExtDataInString("requestOwner"); + if (requestOwner != null) { + if (requestOwner.equals(group)) + groupMatched = true; + } + if (groupMatched == false) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId.toString())); + throw new EBaseException( + CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); + } + } } - } } RequestStatus status = r.getRequestStatus(); @@ -327,35 +323,35 @@ public class CheckRequest extends CMSServlet { header.addStringValue(STATUS, status.toString()); header.addLongValue(CREATE_ON, r.getCreationTime().getTime() / 1000); header.addLongValue(UPDATE_ON, r.getModificationTime().getTime() / 1000); - if (note != null && note.length() > 0) + if (note != null && note.length() > 0) header.addStringValue("requestNotes", note); String type = r.getRequestType(); Integer result = r.getExtDataInInteger(IRequest.RESULT); -/* if (type.equals(IRequest.ENROLLMENT_REQUEST) && (r.get("profile") != null) && status.equals(RequestStatus.COMPLETE)) { - X509CertImpl cert = (X509CertImpl) r.get(IEnrollProfile.REQUEST_ISSUED_CERT); - IArgBlock rarg = CMS.createArgBlock(); - - rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); - argSet.addRepeatRecord(rarg); - } -*/ + /* + * if (type.equals(IRequest.ENROLLMENT_REQUEST) && (r.get("profile") != + * null) && status.equals(RequestStatus.COMPLETE)) { X509CertImpl cert = + * (X509CertImpl) r.get(IEnrollProfile.REQUEST_ISSUED_CERT); IArgBlock + * rarg = CMS.createArgBlock(); + * + * rarg.addBigIntegerValue("serialNumber", cert.getSerialNumber(), 16); + * argSet.addRepeatRecord(rarg); } + */ String profileId = r.getExtDataInString("profileId"); if (profileId != null) { - result = IRequest.RES_SUCCESS; + result = IRequest.RES_SUCCESS; } if ((type != null) && (type.equals(IRequest.ENROLLMENT_REQUEST) || - type.equals(IRequest.RENEWAL_REQUEST)) && (status != null) && - status.equals(RequestStatus.COMPLETE) && (result != null) && - result.equals(IRequest.RES_SUCCESS)) { + type.equals(IRequest.RENEWAL_REQUEST)) && (status != null) && + status.equals(RequestStatus.COMPLETE) && (result != null) && + result.equals(IRequest.RES_SUCCESS)) { Object o = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (profileId != null) { - X509CertImpl impl[] = new X509CertImpl[1]; - impl[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); - o = impl; + X509CertImpl impl[] = new X509CertImpl[1]; + impl[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + o = impl; } if (o != null && (o instanceof X509CertImpl[])) { X509CertImpl[] certs = (X509CertImpl[]) o; @@ -366,11 +362,12 @@ public class CheckRequest extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - certs[i].getSerialNumber(), 16); + certs[i].getSerialNumber(), 16); // add pkcs7 cert for importing if (importCert || isCMCReq) { - //byte[] ba = certs[i].getEncoded(); - X509CertImpl[] certsInChain = new X509CertImpl[1];; + // byte[] ba = certs[i].getEncoded(); + X509CertImpl[] certsInChain = new X509CertImpl[1]; + ; if (mCACerts != null) { for (int ii = 0; ii < mCACerts.length; ii++) { if (certs[i].equals(mCACerts[ii])) { @@ -381,10 +378,10 @@ public class CheckRequest extends CMSServlet { certsInChain = new X509CertImpl[mCACerts.length + 1]; } } - + // Set the EE cert certsInChain[0] = certs[i]; - + // Set the Ca certificate chain if (mCACerts != null) { for (int ii = 0; ii < mCACerts.length; ii++) { @@ -396,7 +393,7 @@ public class CheckRequest extends CMSServlet { String p7Str; try { - PKCS7 p7 = new PKCS7(new AlgorithmId[0], + PKCS7 p7 = new PKCS7(new AlgorithmId[0], new netscape.security.pkcs.ContentInfo(new byte[0]), certsInChain, new netscape.security.pkcs.SignerInfo[0]); @@ -407,7 +404,7 @@ public class CheckRequest extends CMSServlet { p7Str = CMS.BtoA(p7Bytes); - StringTokenizer tokenizer = null; + StringTokenizer tokenizer = null; if (File.separator.equals("\\")) { char[] nl = new char[2]; @@ -438,14 +435,14 @@ public class CheckRequest extends CMSServlet { if (bodyPartId != null) bpids.addElement(bodyPartId); CMCStatusInfo cmcStatusInfo = new - CMCStatusInfo(CMCStatusInfo.SUCCESS, bpids); + CMCStatusInfo(CMCStatusInfo.SUCCESS, bpids); TaggedAttribute ta = new TaggedAttribute(new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(ta); - + // copy transactionID, senderNonce, // create recipientNonce if (transIds != null) { @@ -455,7 +452,7 @@ public class CheckRequest extends CMSServlet { transIds); controlSeq.addElement(ta); } - + if (sNonces != null) { ta = new TaggedAttribute(new INTEGER(bpid++), @@ -463,7 +460,7 @@ public class CheckRequest extends CMSServlet { sNonces); controlSeq.addElement(ta); } - + String salt = CMSServlet.generateSalt(); byte[] dig; @@ -475,42 +472,42 @@ public class CheckRequest extends CMSServlet { dig = salt.getBytes(); } String b64E = CMS.BtoA(dig); - String[] newNonce = {b64E}; + String[] newNonce = { b64E }; ta = new TaggedAttribute(new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce, new OCTET_STRING(newNonce[0].getBytes())); controlSeq.addElement(ta); - + ResponseBody rb = new ResponseBody(controlSeq, new SEQUENCE(), new SEQUENCE()); EncapsulatedContentInfo ci = new - EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse, - rb); - + EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse, + rb); + org.mozilla.jss.crypto.X509Certificate x509cert = null; if (mAuthority instanceof ICertificateAuthority) { x509cert = ((ICertificateAuthority) mAuthority).getCaX509Cert(); - }else if (mAuthority instanceof IRegistrationAuthority) { + } else if (mAuthority instanceof IRegistrationAuthority) { x509cert = ((IRegistrationAuthority) mAuthority).getRACert(); } if (x509cert == null) - throw new - ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", "No signing cert found.")); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", "No signing cert found.")); X509CertImpl cert = new X509CertImpl(x509cert.getEncoded()); ByteArrayInputStream issuer1 = new - ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded()); + ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded()); Name issuer = (Name) Name.getTemplate().decode(issuer1); IssuerAndSerialNumber ias = new - IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString())); + IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString())); SignerIdentifier si = new - SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); - - // SHA1 is the default digest Alg for now. + SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); + + // SHA1 is the default digest Alg for + // now. DigestAlgorithm digestAlg = null; SignatureAlgorithm signAlg = null; org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager.getInstance().findPrivKeyByCert(x509cert); @@ -518,7 +515,7 @@ public class CheckRequest extends CMSServlet { if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA)) signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; - else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA)) + else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA)) signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; MessageDigest SHADigest = null; byte[] digest = null; @@ -531,46 +528,46 @@ public class CheckRequest extends CMSServlet { rb.encode((OutputStream) ostream); digest = SHADigest.digest(ostream.toByteArray()); } catch (NoSuchAlgorithmException ex) { - //log("digest fail"); + // log("digest fail"); } - + org.mozilla.jss.pkix.cms.SignerInfo signInfo = new - org.mozilla.jss.pkix.cms.SignerInfo(si, null, null, - OBJECT_IDENTIFIER.id_cct_PKIResponse, - digest, signAlg, - privKey); + org.mozilla.jss.pkix.cms.SignerInfo(si, null, null, + OBJECT_IDENTIFIER.id_cct_PKIResponse, + digest, signAlg, + privKey); SET signInfos = new SET(); signInfos.addElement(signInfo); - + SET digestAlgs = new SET(); if (digestAlg != null) { AlgorithmIdentifier ai = new - AlgorithmIdentifier(digestAlg.toOID(), - null); + AlgorithmIdentifier(digestAlg.toOID(), + null); digestAlgs.addElement(ai); } - + SET jsscerts = new SET(); for (int j = 0; j < certsInChain.length; j++) { ByteArrayInputStream is = new - ByteArrayInputStream(certsInChain[j].getEncoded()); + ByteArrayInputStream(certsInChain[j].getEncoded()); org.mozilla.jss.pkix.cert.Certificate certJss = (org.mozilla.jss.pkix.cert.Certificate) - org.mozilla.jss.pkix.cert.Certificate.getTemplate().decode(is); + org.mozilla.jss.pkix.cert.Certificate.getTemplate().decode(is); jsscerts.addElement(certJss); } - + SignedData fResponse = new - SignedData(digestAlgs, ci, - jsscerts, null, signInfos); + SignedData(digestAlgs, ci, + jsscerts, null, signInfos); org.mozilla.jss.pkix.cms.ContentInfo fullResponse = new - org.mozilla.jss.pkix.cms.ContentInfo(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, fResponse); + org.mozilla.jss.pkix.cms.ContentInfo(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, fResponse); ByteArrayOutputStream ostream = new - ByteArrayOutputStream(); + ByteArrayOutputStream(); fullResponse.encode((OutputStream) ostream); byte[] fr = ostream.toByteArray(); @@ -579,10 +576,10 @@ public class CheckRequest extends CMSServlet { } } catch (Exception e) { e.printStackTrace(); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR")); + CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR")); } } argSet.addRepeatRecord(rarg); @@ -598,11 +595,11 @@ public class CheckRequest extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); @@ -610,10 +607,9 @@ public class CheckRequest extends CMSServlet { } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java index 0e3974a1..99e7d14d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.util.Locale; import com.netscape.certsrv.base.EBaseException; @@ -25,13 +24,11 @@ import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.servlet.common.CMSTemplateParams; - /** - * An interface representing a request parser which - * converts Java request object into name value - * pairs and vice versa. + * An interface representing a request parser which converts Java request object + * into name value pairs and vice versa. * <P> - * + * * @version $Revision$, $Date$ */ public interface IReqParser { @@ -40,5 +37,5 @@ public interface IReqParser { * Maps request object into argument block. */ public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException; + throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java index 459aca63..b7ddc16d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.math.BigInteger; import java.util.Locale; @@ -29,10 +28,9 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.key.KeyRecordParser; - /** * Output a 'pretty print' of a Key Archival request - * + * * @version $Revision$, $Date$ */ public class KeyReqParser extends ReqParser { @@ -50,7 +48,7 @@ public class KeyReqParser extends ReqParser { * Fills in certificate specific request attributes. */ public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { + throws EBaseException { // fill in the standard attributes super.fillRequestIntoArg(l, req, argSet, arg); @@ -58,7 +56,7 @@ public class KeyReqParser extends ReqParser { if (type.equals(IRequest.ENROLLMENT_REQUEST)) { BigInteger recSerialNo = req.getExtDataInBigInteger("keyRecord"); - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority)CMS.getSubsystem("kra"); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem("kra"); if (kra != null) { KeyRecordParser.fillRecordIntoArg( kra.getKeyRepository().readKeyRecord(recSerialNo), diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java index d19c7714..023e52f1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.IOException; import java.security.NoSuchAlgorithmException; import java.security.cert.Certificate; @@ -79,12 +78,10 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; - /** - * Agent operations on Certificate requests. This servlet is used - * by an Agent to approve, reject, reassign, or change a certificate - * request. - * + * Agent operations on Certificate requests. This servlet is used by an Agent to + * approve, reject, reassign, or change a certificate request. + * * @version $Revision$, $Date$ */ public class ProcessCertReq extends CMSServlet { @@ -105,101 +102,92 @@ public class ProcessCertReq extends CMSServlet { private boolean mExtraAgentParams = false; // for RA only since it does not have a database. - private final static String - REQ_COMPLETED_TEMPLATE = "ra/RequestCompleted.template"; - private final static String - PROP_REQ_COMPLETED_TEMPLATE = "requestCompletedTemplate"; - private final static String - PROP_EXTRA_AGENT_PARAMS = "extraAgentParams"; - private static ICMSTemplateFiller - REQ_COMPLETED_FILLER = new RAReqCompletedFiller(); + private final static String REQ_COMPLETED_TEMPLATE = "ra/RequestCompleted.template"; + private final static String PROP_REQ_COMPLETED_TEMPLATE = "requestCompletedTemplate"; + private final static String PROP_EXTRA_AGENT_PARAMS = "extraAgentParams"; + private static ICMSTemplateFiller REQ_COMPLETED_FILLER = new RAReqCompletedFiller(); private String mReqCompletedTemplate = null; - private final static String - CERT_TYPE = "certType"; + private final static String CERT_TYPE = "certType"; private String auditServiceID = ILogger.UNIDENTIFIED; private final static String AGENT_CA_CLONE_ENROLLMENT_SERVLET = - "caProcessCertReq"; + "caProcessCertReq"; private final static String AGENT_RA_CLONE_ENROLLMENT_SERVLET = - "raProcessCertReq"; + "raProcessCertReq"; private final static String SIGNED_AUDIT_ACCEPTANCE = "accept"; private final static String SIGNED_AUDIT_CANCELLATION = "cancel"; private final static String SIGNED_AUDIT_CLONING = "clone"; private final static String SIGNED_AUDIT_REJECTION = "reject"; private final static byte EOL[] = { Character.LINE_SEPARATOR }; - private final static String[] - SIGNED_AUDIT_MANUAL_CANCELLATION_REASON = new String[] { - - /* 0 */ "manual non-profile cert request cancellation: " + private final static String[] SIGNED_AUDIT_MANUAL_CANCELLATION_REASON = new String[] { + + /* 0 */"manual non-profile cert request cancellation: " + "request cannot be processed due to an " + "authorization failure", - - /* 1 */ "manual non-profile cert request cancellation: " + + /* 1 */"manual non-profile cert request cancellation: " + "no reason has been given for cancelling this " + "cert request", - - /* 2 */ "manual non-profile cert request cancellation: " + + /* 2 */"manual non-profile cert request cancellation: " + "indeterminate reason for inability to process " + "cert request due to an EBaseException", - - /* 3 */ "manual non-profile cert request cancellation: " + + /* 3 */"manual non-profile cert request cancellation: " + "indeterminate reason for inability to process " + "cert request due to an IOException", - - /* 4 */ "manual non-profile cert request cancellation: " + + /* 4 */"manual non-profile cert request cancellation: " + "indeterminate reason for inability to process " + "cert request due to a CertificateException", - - /* 5 */ "manual non-profile cert request cancellation: " + + /* 5 */"manual non-profile cert request cancellation: " + "indeterminate reason for inability to process " + "cert request due to a NoSuchAlgorithmException" }; - private final static String[] - SIGNED_AUDIT_MANUAL_REJECTION_REASON = new String[] { - - /* 0 */ "manual non-profile cert request rejection: " + private final static String[] SIGNED_AUDIT_MANUAL_REJECTION_REASON = new String[] { + + /* 0 */"manual non-profile cert request rejection: " + "request cannot be processed due to an " + "authorization failure", - - /* 1 */ "manual non-profile cert request rejection: " + + /* 1 */"manual non-profile cert request rejection: " + "no reason has been given for rejecting this " + "cert request", - - /* 2 */ "manual non-profile cert request rejection: " + + /* 2 */"manual non-profile cert request rejection: " + "indeterminate reason for inability to process " + "cert request due to an EBaseException", - - /* 3 */ "manual non-profile cert request rejection: " + + /* 3 */"manual non-profile cert request rejection: " + "indeterminate reason for inability to process " + "cert request due to an IOException", - - /* 4 */ "manual non-profile cert request rejection: " + + /* 4 */"manual non-profile cert request rejection: " + "indeterminate reason for inability to process " + "cert request due to a CertificateException", - - /* 5 */ "manual non-profile cert request rejection: " + + /* 5 */"manual non-profile cert request rejection: " + "indeterminate reason for inability to process " + "cert request due to a NoSuchAlgorithmException" }; - private final static String - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST = - "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + private final static String LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST = + "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; /** * Process request. */ public ProcessCertReq() - throws EBaseException { + throws EBaseException { super(); } /** * initialize the servlet. This servlet uses the template file * "processCertReq.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -212,8 +200,8 @@ public class ProcessCertReq extends CMSServlet { if (id != null) { if (!(auditServiceID.equals( AGENT_CA_CLONE_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - AGENT_RA_CLONE_ENROLLMENT_SERVLET))) { + && !(auditServiceID.equals( + AGENT_RA_CLONE_ENROLLMENT_SERVLET))) { auditServiceID = ILogger.UNIDENTIFIED; } else { auditServiceID = id.trim(); @@ -228,7 +216,7 @@ public class ProcessCertReq extends CMSServlet { mParser = CertReqParser.DETAIL_PARSER; - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); @@ -252,25 +240,24 @@ public class ProcessCertReq extends CMSServlet { } } - /** * Process the HTTP request. * <ul> - * <li>http.param seqNum request id - * <li>http.param notValidBefore certificate validity - * - notBefore - in seconds since jan 1, 1970 - * <li>http.param notValidAfter certificate validity - * - notAfter - in seconds since jan 1, 1970 - * <li>http.param subject certificate subject name - * <li>http.param toDo requested action - * (can be one of: clone, reject, accept, cancel) + * <li>http.param seqNum request id + * <li>http.param notValidBefore certificate validity - notBefore - in + * seconds since jan 1, 1970 + * <li>http.param notValidAfter certificate validity - notAfter - in seconds + * since jan 1, 1970 + * <li>http.param subject certificate subject name + * <li>http.param toDo requested action (can be one of: clone, reject, + * accept, cancel) * <li>http.param signatureAlgorithm certificate signing algorithm - * <li>http.param addExts base-64, DER encoded Extension or - * SEQUENCE OF Extensions to add to certificate - * <li>http.param pathLenConstraint integer path length constraint to - * use in BasicConstraint extension if applicable + * <li>http.param addExts base-64, DER encoded Extension or SEQUENCE OF + * Extensions to add to certificate + * <li>http.param pathLenConstraint integer path length constraint to use in + * BasicConstraint extension if applicable * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -297,15 +284,15 @@ public class ProcessCertReq extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { if (req.getParameter(SEQNUM) != null) { CMS.debug( - "ProcessCertReq: parameter seqNum " + req.getParameter(SEQNUM)); + "ProcessCertReq: parameter seqNum " + req.getParameter(SEQNUM)); seqNum = Integer.parseInt(req.getParameter(SEQNUM)); } String notValidBeforeStr = req.getParameter("notValidBefore"); @@ -326,7 +313,6 @@ public class ProcessCertReq extends CMSServlet { subject = req.getParameter("subject"); signatureAlgorithm = req.getParameter("signatureAlgorithm"); - IRequest r = null; if (seqNum > -1) { @@ -334,23 +320,22 @@ public class ProcessCertReq extends CMSServlet { Integer.toString(seqNum))); } - if(seqNum > -1 && r != null) - { + if (seqNum > -1 && r != null) { processX509(cmsReq, argSet, header, seqNum, req, resp, - toDo, signatureAlgorithm, subject, - notValidBefore, notValidAfter, locale[0], startTime); + toDo, signatureAlgorithm, subject, + notValidBefore, notValidAfter, locale[0], startTime); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_REQUEST_ID_1", String.valueOf(seqNum))); error = new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", - String.valueOf(seqNum))); + CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", + String.valueOf(seqNum))); } } catch (EBaseException e) { error = e; } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, "Error " + e); - error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); - } + error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); + } try { ServletOutputStream out = resp.getOutputStream(); @@ -358,46 +343,47 @@ public class ProcessCertReq extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - String output = form.getOutput(argSet); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + String output = form.getOutput(argSet); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } - + } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } return; } /** * Process X509 certificate enrollment request and send request information - * to the caller. + * to the caller. * <P> - * + * * (Certificate Request - an "agent" cert request for "cloning") * <P> - * - * (Certificate Request Processed - either a manual "agent" non-profile - * based cert acceptance, a manual "agent" non-profile based cert - * cancellation, or a manual "agent" non-profile based cert rejection) + * + * (Certificate Request Processed - either a manual "agent" non-profile + * based cert acceptance, a manual "agent" non-profile based cert + * cancellation, or a manual "agent" non-profile based cert rejection) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a - * non-profile cert request is made (before approval process) + * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when + * a non-profile cert request is made (before approval process) * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> + * * @param cmsReq a certificate enrollment request * @param argSet CMS template parameters * @param header argument block @@ -405,26 +391,26 @@ public class ProcessCertReq extends CMSServlet { * @param req HTTP servlet request * @param resp HTTP servlet response * @param toDo string representing the requested action (can be one of: - * clone, reject, accept, cancel) + * clone, reject, accept, cancel) * @param signatureAlgorithm string containing the signature algorithm * @param subject string containing the subject name of the certificate - * @param notValidBefore certificate validity - notBefore - in seconds - * since Jan 1, 1970 + * @param notValidBefore certificate validity - notBefore - in seconds since + * Jan 1, 1970 * @param notValidAfter certificate validity - notAfter - in seconds since - * Jan 1, 1970 + * Jan 1, 1970 * @param locale the system locale * @param startTime the current date * @exception EBaseException an error has occurred */ private void processX509(CMSRequest cmsReq, - CMSTemplateParams argSet, IArgBlock header, - int seqNum, HttpServletRequest req, - HttpServletResponse resp, - String toDo, String signatureAlgorithm, - String subject, - long notValidBefore, long notValidAfter, - Locale locale, long startTime) - throws EBaseException { + CMSTemplateParams argSet, IArgBlock header, + int seqNum, HttpServletRequest req, + HttpServletResponse resp, + String toDo, String signatureAlgorithm, + String subject, + long notValidBefore, long notValidAfter, + Locale locale, long startTime) + throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = ILogger.UNIDENTIFIED; @@ -434,10 +420,10 @@ public class ProcessCertReq extends CMSServlet { // "normalize" the "auditCertificateSubjectName" if (auditCertificateSubjectName != null) { - // NOTE: This is ok even if the cert subject name is "" (empty)! + // NOTE: This is ok even if the cert subject name is "" (empty)! auditCertificateSubjectName = auditCertificateSubjectName.trim(); } else { - // NOTE: Here, the cert subject name is MISSING, not "" (empty)! + // NOTE: Here, the cert subject name is MISSING, not "" (empty)! auditCertificateSubjectName = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -453,7 +439,7 @@ public class ProcessCertReq extends CMSServlet { } } - if (mAuthority != null) + if (mAuthority != null) header.addStringValue("authorityid", mAuthority.getId()); if (toDo != null) { @@ -466,12 +452,12 @@ public class ProcessCertReq extends CMSServlet { mAuthzResourceName, "execute"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } if (authzToken == null) { @@ -546,71 +532,72 @@ public class ProcessCertReq extends CMSServlet { int alterationCounter = 0; for (int i = 0; i < certInfo.length; i++) { - CertificateAlgorithmId certAlgId = - (CertificateAlgorithmId) - certInfo[i].get(X509CertInfo.ALGORITHM_ID); + CertificateAlgorithmId certAlgId = + (CertificateAlgorithmId) + certInfo[i].get(X509CertInfo.ALGORITHM_ID); AlgorithmId algId = (AlgorithmId) - certAlgId.get(CertificateAlgorithmId.ALGORITHM); + certAlgId.get(CertificateAlgorithmId.ALGORITHM); if (!(algId.getName().equals(signatureAlgorithm))) { alterationCounter++; AlgorithmId newAlgId = AlgorithmId.getAlgorithmId(signatureAlgorithm); certInfo[i].set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId(newAlgId)); + new CertificateAlgorithmId(newAlgId)); } - CertificateSubjectName certSubject = - (CertificateSubjectName) - certInfo[i].get(X509CertInfo.SUBJECT); + CertificateSubjectName certSubject = + (CertificateSubjectName) + certInfo[i].get(X509CertInfo.SUBJECT); - if (subject != null && - !(certSubject.toString().equals(subject))) { + if (subject != null && + !(certSubject.toString().equals(subject))) { alterationCounter++; certInfo[i].set(X509CertInfo.SUBJECT, - new CertificateSubjectName( - (new X500Name(subject)))); + new CertificateSubjectName( + (new X500Name(subject)))); } - CertificateValidity certValidity = - (CertificateValidity) - certInfo[i].get(X509CertInfo.VALIDITY); + CertificateValidity certValidity = + (CertificateValidity) + certInfo[i].get(X509CertInfo.VALIDITY); Date currentTime = CMS.getCurrentDate(); boolean validityChanged = false; - // only override these values if agent specified them + // only override these values if agent specified + // them if (notValidBefore > 0) { Date notBefore = (Date) certValidity.get( CertificateValidity.NOT_BEFORE); if (notBefore.getTime() == 0 || - notBefore.getTime() != notValidBefore) { + notBefore.getTime() != notValidBefore) { Date validFrom = new Date(notValidBefore); notBefore = (notValidBefore == 0) ? currentTime : validFrom; certValidity.set(CertificateValidity.NOT_BEFORE, - notBefore); + notBefore); validityChanged = true; } } if (notValidAfter > 0) { Date validTo = new Date(notValidAfter); Date notAfter = (Date) - certValidity.get(CertificateValidity.NOT_AFTER); + certValidity.get(CertificateValidity.NOT_AFTER); if (notAfter.getTime() == 0 || - notAfter.getTime() != notValidAfter) { + notAfter.getTime() != notValidAfter) { notAfter = currentTime; notAfter = (notValidAfter == 0) ? currentTime : validTo; certValidity.set(CertificateValidity.NOT_AFTER, - notAfter); + notAfter); validityChanged = true; } } if (validityChanged) { - // this set() trigger this rebuild of internal + // this set() trigger this rebuild of internal // raw der encoding cache of X509CertInfo. // Otherwise, the above change wont have effect. certInfo[i].set(X509CertInfo.VALIDITY, certValidity); @@ -618,8 +605,8 @@ public class ProcessCertReq extends CMSServlet { if (certInfo[i].get(X509CertInfo.VERSION) == null) { certInfo[i].set(X509CertInfo.VERSION, - new CertificateVersion( - CertificateVersion.V3)); + new CertificateVersion( + CertificateVersion.V3)); } CertificateExtensions extensions = null; @@ -639,7 +626,8 @@ public class ProcessCertReq extends CMSServlet { byte[] b = (byte[]) (com.netscape.osutil.OSUtil.AtoB(addExts)); - // this b can be "Extension" Or "SEQUENCE OF Extension" + // this b can be "Extension" Or + // "SEQUENCE OF Extension" try { DerValue b_der = new DerValue(b); @@ -669,14 +657,14 @@ public class ProcessCertReq extends CMSServlet { if (extensions != null) { try { - NSCertTypeExtension nsExtensions = - (NSCertTypeExtension) - extensions.get( - NSCertTypeExtension.class.getSimpleName()); + NSCertTypeExtension nsExtensions = + (NSCertTypeExtension) + extensions.get( + NSCertTypeExtension.class.getSimpleName()); if (nsExtensions != null) { updateNSExtension(req, nsExtensions); - } + } } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PROCESS_NETSCAPE_EXTENSION", e.toString())); } @@ -686,20 +674,20 @@ public class ProcessCertReq extends CMSServlet { if (pathLength != null) { try { int pathLen = Integer.parseInt(pathLength); - BasicConstraintsExtension bcExt = - (BasicConstraintsExtension) - extensions.get( - BasicConstraintsExtension.class.getSimpleName()); + BasicConstraintsExtension bcExt = + (BasicConstraintsExtension) + extensions.get( + BasicConstraintsExtension.class.getSimpleName()); if (bcExt != null) { Integer bcPathLen = (Integer) bcExt.get(BasicConstraintsExtension.PATH_LEN); Boolean isCA = (Boolean) bcExt.get(BasicConstraintsExtension.IS_CA); if (bcPathLen != null && - bcPathLen.intValue() != pathLen && - isCA != null) { + bcPathLen.intValue() != pathLen && + isCA != null) { BasicConstraintsExtension bcExt0 = - new BasicConstraintsExtension(isCA.booleanValue(), pathLen); + new BasicConstraintsExtension(isCA.booleanValue(), pathLen); extensions.delete(BasicConstraintsExtension.class.getSimpleName()); extensions.set(BasicConstraintsExtension.class.getSimpleName(), (Extension) bcExt0); @@ -775,7 +763,7 @@ public class ProcessCertReq extends CMSServlet { if (mExtraAgentParams) { @SuppressWarnings("unchecked") - Enumeration<String> extraparams = req.getParameterNames(); + Enumeration<String> extraparams = req.getParameterNames(); int l = IRequest.AGENT_PARAMS.length() + 1; int ap_counter = 0; Hashtable<String, String> agentparamsargblock = new Hashtable<String, String>(); @@ -802,7 +790,7 @@ public class ProcessCertReq extends CMSServlet { } } - // this set() trigger this rebuild of internal + // this set() trigger this rebuild of internal // raw der encoding cache of X509CertInfo. // Otherwise, the above change wont have effect. certInfo[i].set(X509CertInfo.EXTENSIONS, extensions); @@ -819,100 +807,100 @@ public class ProcessCertReq extends CMSServlet { if (r.getRequestStatus().equals(RequestStatus.PENDING)) { cmsReq.setResult(r); cmsReq.setStatus(CMSRequest.PENDING); - if (certInfo != null) { + if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "pending", - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "pending", + certInfo[i].get(X509CertInfo.SUBJECT), + "" } + ); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "pending", - subject, - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "pending", + subject, + "" } + ); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "pending"} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "pending" } + ); } } } else if (r.getRequestStatus().equals( RequestStatus.APPROVED) || - r.getRequestStatus().equals( - RequestStatus.SVC_PENDING)) { + r.getRequestStatus().equals( + RequestStatus.SVC_PENDING)) { cmsReq.setResult(r); cmsReq.setStatus(CMSRequest.SVC_PENDING); if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - r.getRequestStatus(), - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + r.getRequestStatus(), + certInfo[i].get(X509CertInfo.SUBJECT), + "" } + ); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - r.getRequestStatus(), - subject, - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + r.getRequestStatus(), + subject, + "" } + ); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - r.getRequestStatus()} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + r.getRequestStatus() } + ); } } } else if (r.getRequestStatus().equals( @@ -922,38 +910,38 @@ public class ProcessCertReq extends CMSServlet { // XXX make the repeat record. // Get the certificate(s) from the request X509CertImpl issuedCerts[] = - r.getExtDataInCertArray(IRequest.ISSUED_CERTS); + r.getExtDataInCertArray(IRequest.ISSUED_CERTS); - // return potentially more than one certificates. + // return potentially more than one certificates. if (issuedCerts != null) { long endTime = CMS.getCurrentDate().getTime(); StringBuffer sbuf = new StringBuffer(); - //header.addBigIntegerValue("serialNumber", - //issuedCerts[0].getSerialNumber(),16); + // header.addBigIntegerValue("serialNumber", + // issuedCerts[0].getSerialNumber(),16); for (int i = 0; i < issuedCerts.length; i++) { - if (i != 0) + if (i != 0) sbuf.append(", "); sbuf.append("0x" + - issuedCerts[i].getSerialNumber().toString(16)); - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "completed", - issuedCerts[i].getSubjectDN(), - "cert issued serial number: 0x" + - issuedCerts[i].getSerialNumber().toString(16) + " time: " + (endTime - startTime)} - ); + issuedCerts[i].getSerialNumber().toString(16)); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "completed", + issuedCerts[i].getSubjectDN(), + "cert issued serial number: 0x" + + issuedCerts[i].getSerialNumber().toString(16) + " time: " + (endTime - startTime) } + ); // store a message in the signed audit log file // (one for each manual "agent" - // cert request processed - "accepted") + // cert request processed - "accepted") auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, auditSubjectID, @@ -965,39 +953,39 @@ public class ProcessCertReq extends CMSServlet { audit(auditMessage); } header.addStringValue( - "serialNumber", sbuf.toString()); + "serialNumber", sbuf.toString()); } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "completed", - subject, - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "completed", + subject, + "" } + ); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "completed"} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "completed" } + ); } // store a message in the signed audit log file // (manual "agent" cert request processed - // - "accepted") + // - "accepted") auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, auditSubjectID, @@ -1009,10 +997,10 @@ public class ProcessCertReq extends CMSServlet { audit(auditMessage); } - // grant trusted manager or agent privileges + // grant trusted manager or agent privileges Object grantError = null; - try { + try { int res = grant_privileges( cmsReq, r, issuedCerts, header); @@ -1028,45 +1016,41 @@ public class ProcessCertReq extends CMSServlet { // if this is a RA, show the certificate right away // since ther is no cert database. /* - if (mAuthority instanceof RegistrationAuthority) { - Object[] results = - new Object[] { issuedCerts, grantError }; - cmsReq.setResult(results); - renderTemplate(cmsReq, - mReqCompletedTemplate, REQ_COMPLETED_FILLER); - - return; - } + * if (mAuthority instanceof RegistrationAuthority) { + * Object[] results = new Object[] { issuedCerts, + * grantError }; cmsReq.setResult(results); + * renderTemplate(cmsReq, mReqCompletedTemplate, + * REQ_COMPLETED_FILLER); + * + * return; } */ cmsReq.setResult(r); String scheme = req.getScheme(); - if (scheme.equals("http") && - connectionIsSSL(req)) scheme = "https"; + if (scheme.equals("http") && + connectionIsSSL(req)) + scheme = "https"; - /* - header.addStringValue( - "authorityid", mAuthority.getId()); - header.addStringValue("serviceURL", scheme +"://"+ - req.getServerName() + ":"+ - req.getServerPort() + - req.getRequestURI()); - */ + /* + * header.addStringValue( "authorityid", + * mAuthority.getId()); + * header.addStringValue("serviceURL", scheme +"://"+ + * req.getServerName() + ":"+ req.getServerPort() + + * req.getRequestURI()); + */ if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = - r.getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = + r.getExtDataInIntegerArray("ldapPublishStatus"); int certsUpdated = 0; if (ldapPublishStatus != null) { - for (int i = 0; - i < ldapPublishStatus.length; i++) { - if (ldapPublishStatus[i] == - IRequest.RES_SUCCESS) { + for (int i = 0; i < ldapPublishStatus.length; i++) { + if (ldapPublishStatus[i] == IRequest.RES_SUCCESS) { certsUpdated++; } } @@ -1082,47 +1066,47 @@ public class ProcessCertReq extends CMSServlet { mQueue.rejectRequest(r); if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "rejected", - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "rejected", + certInfo[i].get(X509CertInfo.SUBJECT), + "" } + ); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "rejected", - subject, - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "rejected", + subject, + "" } + ); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "rejected"} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "rejected" } + ); } } @@ -1143,47 +1127,47 @@ public class ProcessCertReq extends CMSServlet { if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "canceled", - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "canceled", + certInfo[i].get(X509CertInfo.SUBJECT), + "" } + ); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "canceled", - subject, - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "canceled", + subject, + "" } + ); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "canceled"} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "canceled" } + ); } } @@ -1204,54 +1188,54 @@ public class ProcessCertReq extends CMSServlet { IRequest clonedRequest = mQueue.cloneAndMarkPending(r); header.addStringValue("clonedRequestId", - clonedRequest.getRequestId().toString()); + clonedRequest.getRequestId().toString()); if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "cloned to reqID: " + - clonedRequest.getRequestId().toString(), - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "cloned to reqID: " + + clonedRequest.getRequestId().toString(), + certInfo[i].get(X509CertInfo.SUBJECT), + "" } + ); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "cloned to reqID: " + - clonedRequest.getRequestId().toString(), - subject, - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "cloned to reqID: " + + clonedRequest.getRequestId().toString(), + subject, + "" } + ); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "cloned to reqID: " + - clonedRequest.getRequestId().toString()} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "cloned to reqID: " + + clonedRequest.getRequestId().toString() } + ); } } @@ -1269,12 +1253,12 @@ public class ProcessCertReq extends CMSServlet { } } - // add authority names to know what privileges can be requested. - if (CMS.getSubsystem("kra") != null) + // add authority names to know what privileges can be requested. + if (CMS.getSubsystem("kra") != null) header.addStringValue("localkra", "yes"); - if (CMS.getSubsystem("ca") != null) + if (CMS.getSubsystem("ca") != null) header.addStringValue("localca", "yes"); - if (CMS.getSubsystem("ra") != null) + if (CMS.getSubsystem("ra") != null) header.addStringValue("localra", "yes"); header.addIntegerValue("seqNum", seqNum); @@ -1389,7 +1373,7 @@ public class ProcessCertReq extends CMSServlet { } throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR")); + CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR")); } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); @@ -1443,7 +1427,7 @@ public class ProcessCertReq extends CMSServlet { } throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR")); + CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR")); } catch (NoSuchAlgorithmException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); @@ -1500,9 +1484,9 @@ public class ProcessCertReq extends CMSServlet { } return; } - - private void updateNSExtension(HttpServletRequest req, - NSCertTypeExtension ext) throws IOException { + + private void updateNSExtension(HttpServletRequest req, + NSCertTypeExtension ext) throws IOException { try { if (req.getParameter("certTypeSSLServer") == null) { @@ -1551,106 +1535,101 @@ public class ProcessCertReq extends CMSServlet { } /** - * This method sets extensions parameter into the request so - * that the NSCertTypeExtension policy creates new - * NSCertTypExtension with this setting. Note that this - * setting will not be used if the NSCertType Extension - * already exist in CertificateExtension. In that case, - * updateExtensions() will be called to set the extension - * parameter into the extension directly. + * This method sets extensions parameter into the request so that the + * NSCertTypeExtension policy creates new NSCertTypExtension with this + * setting. Note that this setting will not be used if the NSCertType + * Extension already exist in CertificateExtension. In that case, + * updateExtensions() will be called to set the extension parameter into the + * extension directly. */ private int updateExtensionsInRequest(HttpServletRequest req, IRequest r) { int nChanges = 0; - if (req.getParameter("certTypeSSLServer") != null) { - r.setExtData(NSCertTypeExtension.SSL_SERVER, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.SSL_SERVER); - nChanges++; - } + if (req.getParameter("certTypeSSLServer") != null) { + r.setExtData(NSCertTypeExtension.SSL_SERVER, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.SSL_SERVER); + nChanges++; + } - if (req.getParameter("certTypeSSLClient") != null) { - r.setExtData(NSCertTypeExtension.SSL_CLIENT, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.SSL_CLIENT); - nChanges++; - } + if (req.getParameter("certTypeSSLClient") != null) { + r.setExtData(NSCertTypeExtension.SSL_CLIENT, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.SSL_CLIENT); + nChanges++; + } - if (req.getParameter("certTypeEmail") != null) { - r.setExtData(NSCertTypeExtension.EMAIL, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.EMAIL); - nChanges++; - } + if (req.getParameter("certTypeEmail") != null) { + r.setExtData(NSCertTypeExtension.EMAIL, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.EMAIL); + nChanges++; + } - if (req.getParameter("certTypeObjSigning") != null) { - r.setExtData(NSCertTypeExtension.OBJECT_SIGNING, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING); - nChanges++; - } + if (req.getParameter("certTypeObjSigning") != null) { + r.setExtData(NSCertTypeExtension.OBJECT_SIGNING, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING); + nChanges++; + } - if (req.getParameter("certTypeEmailCA") != null) { - r.setExtData(NSCertTypeExtension.EMAIL_CA, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.EMAIL_CA); - nChanges++; - } + if (req.getParameter("certTypeEmailCA") != null) { + r.setExtData(NSCertTypeExtension.EMAIL_CA, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.EMAIL_CA); + nChanges++; + } - if (req.getParameter("certTypeSSLCA") != null) { - r.setExtData(NSCertTypeExtension.SSL_CA, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.SSL_CA); - nChanges++; - } + if (req.getParameter("certTypeSSLCA") != null) { + r.setExtData(NSCertTypeExtension.SSL_CA, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.SSL_CA); + nChanges++; + } - if (req.getParameter("certTypeObjSigningCA") != null) { - r.setExtData(NSCertTypeExtension.OBJECT_SIGNING_CA, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING_CA); - nChanges++; - } + if (req.getParameter("certTypeObjSigningCA") != null) { + r.setExtData(NSCertTypeExtension.OBJECT_SIGNING_CA, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING_CA); + nChanges++; + } return nChanges; } - + protected static final String GRANT_ERROR = "grantError"; - public static final String - GRANT_TRUSTEDMGR_PRIVILEGE = "grantTrustedManagerPrivilege"; - public static final String - GRANT_CMAGENT_PRIVILEGE = "grantCMAgentPrivilege"; - public static final String - GRANT_RMAGENT_PRIVILEGE = "grantRMAgentPrivilege"; - public static final String - GRANT_DRMAGENT_PRIVILEGE = "grantDRMAgentPrivilege"; + public static final String GRANT_TRUSTEDMGR_PRIVILEGE = "grantTrustedManagerPrivilege"; + public static final String GRANT_CMAGENT_PRIVILEGE = "grantCMAgentPrivilege"; + public static final String GRANT_RMAGENT_PRIVILEGE = "grantRMAgentPrivilege"; + public static final String GRANT_DRMAGENT_PRIVILEGE = "grantDRMAgentPrivilege"; public static final String GRANT_UID = "grantUID"; public static final String GRANT_PRIVILEGE = "grantPrivilege"; protected int grant_privileges( - CMSRequest cmsReq, IRequest req, Certificate[] certs, IArgBlock header) - throws EBaseException { + CMSRequest cmsReq, IRequest req, Certificate[] certs, IArgBlock header) + throws EBaseException { // get privileges to grant IArgBlock httpParams = cmsReq.getHttpParams(); - boolean grantTrustedMgr = - httpParams.getValueAsBoolean(GRANT_TRUSTEDMGR_PRIVILEGE, false); - boolean grantRMAgent = - httpParams.getValueAsBoolean(GRANT_RMAGENT_PRIVILEGE, false); - boolean grantCMAgent = - httpParams.getValueAsBoolean(GRANT_CMAGENT_PRIVILEGE, false); - boolean grantDRMAgent = - httpParams.getValueAsBoolean(GRANT_DRMAGENT_PRIVILEGE, false); - - if (!grantTrustedMgr && - !grantCMAgent && !grantRMAgent && !grantDRMAgent) { + boolean grantTrustedMgr = + httpParams.getValueAsBoolean(GRANT_TRUSTEDMGR_PRIVILEGE, false); + boolean grantRMAgent = + httpParams.getValueAsBoolean(GRANT_RMAGENT_PRIVILEGE, false); + boolean grantCMAgent = + httpParams.getValueAsBoolean(GRANT_CMAGENT_PRIVILEGE, false); + boolean grantDRMAgent = + httpParams.getValueAsBoolean(GRANT_DRMAGENT_PRIVILEGE, false); + + if (!grantTrustedMgr && + !grantCMAgent && !grantRMAgent && !grantDRMAgent) { return 0; } else { IAuthToken authToken = getAuthToken(req); @@ -1669,7 +1648,7 @@ public class ProcessCertReq extends CMSServlet { if (grantTrustedMgr) obj[0] = TRUSTED_RA_GROUP; - else if (grantRMAgent) + else if (grantRMAgent) obj[0] = RA_AGENT_GROUP; else if (grantCMAgent) obj[0] = CA_AGENT_GROUP; @@ -1696,22 +1675,22 @@ public class ProcessCertReq extends CMSServlet { groupname = TRUSTED_RA_GROUP; userType = Constants.PR_SUBSYSTEM_TYPE; } else { - if (grantCMAgent) + if (grantCMAgent) groupname = CA_AGENT_GROUP; - else if (grantRMAgent) + else if (grantRMAgent) groupname = RA_AGENT_GROUP; if (grantDRMAgent) { - if (groupname != null) + if (groupname != null) groupname1 = KRA_AGENT_GROUP; - else + else groupname = KRA_AGENT_GROUP; } userType = Constants.PR_AGENT_TYPE; } - String privilege = - (groupname1 == null) ? groupname : groupname + " and " + groupname1; + String privilege = + (groupname1 == null) ? groupname : groupname + " and " + groupname1; header.addStringValue(GRANT_PRIVILEGE, privilege); @@ -1727,23 +1706,23 @@ public class ProcessCertReq extends CMSServlet { IGroup group = ug.findGroup(groupname), group1 = null; if (group == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname)); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_FIND_GROUP_ERROR", groupname)); } if (groupname1 != null) { group1 = ug.findGroup(groupname1); if (group1 == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname)); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_FIND_GROUP_ERROR", groupname1)); } } try { ug.addUser(user); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_ADDING_USER_1", uid)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_ADDING_USER_1", uid)); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_USER_ERROR", uid)); } try { @@ -1752,11 +1731,11 @@ public class ProcessCertReq extends CMSServlet { user.setX509Certificates(tmp); } - + ug.addUserCert(user); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_ADDING_CERT_1", uid)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_ADDING_CERT_1", uid)); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_CERT_ERROR", uid)); } try { @@ -1765,44 +1744,44 @@ public class ProcessCertReq extends CMSServlet { // for audit log SessionContext sContext = SessionContext.getContext(); String adminId = (String) sContext.get(SessionContext.USER_ID); - + mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, - new Object[] {adminId, uid, groupname} - ); + AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, + new Object[] { adminId, uid, groupname } + ); if (group1 != null) { group1.addMemberName(uid); ug.modifyGroup(group1); - + mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, - new Object[] {adminId, uid, groupname1} - ); + AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, + new Object[] { adminId, uid, groupname1 } + ); } } catch (Exception e) { - String msg = - "Could not add user " + uid + " to group " + groupname; + String msg = + "Could not add user " + uid + " to group " + groupname; if (group1 != null) msg += " or group " + groupname1; log(ILogger.LL_FAILURE, msg); - if (group1 == null) - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER", uid, groupname)); - else - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER_1", uid, groupname, groupname1)); + if (group1 == null) + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER", uid, groupname)); + else + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER_1", uid, groupname, groupname1)); } return 1; } /** * Signed Audit Log Info Name - * - * This method is called to obtain the "InfoName" for - * a signed audit log message. + * + * This method is called to obtain the "InfoName" for a signed audit log + * message. * <P> - * + * * @param type signed audit log request processing type * @return id string containing the signed audit log message InfoName */ @@ -1833,11 +1812,11 @@ public class ProcessCertReq extends CMSServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param x509cert an X509CertImpl * @return cert string containing the certificate */ @@ -1891,38 +1870,38 @@ public class ProcessCertReq extends CMSServlet { } } - class RAReqCompletedFiller extends ImportCertsTemplateFiller { private static final String RA_AGENT_GROUP = "Registration Manager Agents"; private static final String KRA_AGENT_GROUP = "Data Recovery Manager Agents"; + public RAReqCompletedFiller() { super(); } public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) - throws Exception { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) + throws Exception { Object[] results = (Object[]) cmsReq.getResult(); Object grantError = results[1]; - //X509CertImpl[] issuedCerts = (X509CertImpl[])results[0]; + // X509CertImpl[] issuedCerts = (X509CertImpl[])results[0]; Certificate[] issuedCerts = (Certificate[]) results[0]; - + cmsReq.setResult(issuedCerts); - CMSTemplateParams params = - super.getTemplateParams(cmsReq, authority, locale, e); + CMSTemplateParams params = + super.getTemplateParams(cmsReq, authority, locale, e); if (grantError != null) { IArgBlock header = params.getHeader(); if (grantError instanceof String) { header.addStringValue( - ProcessCertReq.GRANT_ERROR, (String) grantError); + ProcessCertReq.GRANT_ERROR, (String) grantError); } else { EBaseException ex = (EBaseException) grantError; header.addStringValue( - ProcessCertReq.GRANT_ERROR, ex.toString(locale)); + ProcessCertReq.GRANT_ERROR, ex.toString(locale)); } IArgBlock httpParams = cmsReq.getHttpParams(); String uid = httpParams.getValueAsString( @@ -1941,7 +1920,7 @@ class RAReqCompletedFiller extends ImportCertsTemplateFiller { if (grantDRMAgent) { if (privilege != null) privilege += " and " + KRA_AGENT_GROUP; - else + else privilege = KRA_AGENT_GROUP; } header.addStringValue(ProcessCertReq.GRANT_PRIVILEGE, privilege); @@ -1949,4 +1928,3 @@ class RAReqCompletedFiller extends ImportCertsTemplateFiller { return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java index 0ac27197..55eebfac 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.IOException; import java.util.Locale; @@ -50,10 +49,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Display Generic Request detail to the user. - * + * * @version $Revision$, $Date$ */ public class ProcessReq extends CMSServlet { @@ -74,8 +72,8 @@ public class ProcessReq extends CMSServlet { private IReqParser mParser = null; private String[] mSigningAlgorithms = null; - private static String[] DEF_SIGNING_ALGORITHMS = new String[] - {"SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "SHA1withDSA", "MD5withRSA", "MD2withRSA"}; + private static String[] DEF_SIGNING_ALGORITHMS = new String[] + { "SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "SHA1withDSA", "MD5withRSA", "MD2withRSA" }; /** * Process request. @@ -86,15 +84,15 @@ public class ProcessReq extends CMSServlet { /** * initialize the servlet. This servlet uses the template file - * "processReq.template" to process the response. - * The initialization parameter 'parser' is read from the - * servlet configration, and is used to set the type of request. - * The value of this parameter can be: - * <UL><LI><B>CertReqParser.NODETAIL_PARSER</B> - Show certificate Summary - * <LI><B>CertReqParser.DETAIL_PARSER</B> - Show certificate detail - * <LI><B>KeyReqParser.PARSER</B> - Show key archival detail - * </UL> - * + * "processReq.template" to process the response. The initialization + * parameter 'parser' is read from the servlet configration, and is used to + * set the type of request. The value of this parameter can be: + * <UL> + * <LI><B>CertReqParser.NODETAIL_PARSER</B> - Show certificate Summary + * <LI><B>CertReqParser.DETAIL_PARSER</B> - Show certificate detail + * <LI><B>KeyReqParser.PARSER</B> - Show key archival detail + * </UL> + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -111,13 +109,13 @@ public class ProcessReq extends CMSServlet { mParser = CertReqParser.DETAIL_PARSER; else if (tmp.trim().equals("KeyReqParser.PARSER")) mParser = KeyReqParser.PARSER; - } + } - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); mTemplates.remove(CMSRequest.ERROR); - if (mOutputTemplatePath != null) + if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; } @@ -126,9 +124,9 @@ public class ProcessReq extends CMSServlet { * <ul> * <li>http.param seqNum * <li>http.param doAssign reassign request. Value can be reassignToMe - * reassignToNobody + * reassignToNobody * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -152,10 +150,10 @@ public class ProcessReq extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - "Error getting template " + mFormPath + " Error " + e); + log(ILogger.LL_FAILURE, + "Error getting template " + mFormPath + " Error " + e); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -172,8 +170,8 @@ public class ProcessReq extends CMSServlet { if (doAssign == null) { authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "read"); - } else if (doAssign.equals("toMe") || - doAssign.equals("reassignToMe")) { + } else if (doAssign.equals("toMe") || + doAssign.equals("reassignToMe")) { authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "assign"); } else if (doAssign.equals("reassignToNobody")) { @@ -182,10 +180,10 @@ public class ProcessReq extends CMSServlet { } } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -193,19 +191,19 @@ public class ProcessReq extends CMSServlet { return; } - process(argSet, header, seqNum, req, resp, - doAssign, locale[0]); + process(argSet, header, seqNum, req, resp, + doAssign, locale[0]); } else { log(ILogger.LL_FAILURE, "Invalid sequence number " + seqNum); error = new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", - String.valueOf(seqNum))); + CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", + String.valueOf(seqNum))); } } catch (EBaseException e) { error = e; } catch (NumberFormatException e) { error = new EBaseException(CMS.getUserMessage(locale[0], "CMS_BASE_INVALID_NUMBER_FORMAT")); - } + } try { ServletOutputStream out = resp.getOutputStream(); @@ -213,46 +211,46 @@ public class ProcessReq extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - String output = form.getOutput(argSet); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + String output = form.getOutput(argSet); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setError(error); cmsReq.setStatus(CMSRequest.ERROR); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - "Error getting servlet output stream for rendering template. " + - "Error " + e); + log(ILogger.LL_FAILURE, + "Error getting servlet output stream for rendering template. " + + "Error " + e); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } return; } /** - * Sends request information to the calller. - * returns whether there was an error or not. + * Sends request information to the calller. returns whether there was an + * error or not. */ private void process(CMSTemplateParams argSet, IArgBlock header, - int seqNum, HttpServletRequest req, - HttpServletResponse resp, - String doAssign, Locale locale) - throws EBaseException { + int seqNum, HttpServletRequest req, + HttpServletResponse resp, + String doAssign, Locale locale) + throws EBaseException { header.addIntegerValue("seqNum", seqNum); - IRequest r = - mQueue.findRequest(new RequestId(Integer.toString(seqNum))); + IRequest r = + mQueue.findRequest(new RequestId(Integer.toString(seqNum))); if (r != null) { if (doAssign != null) { if ((doAssign.equals("toMe")) - || (doAssign.equals("reassignToMe"))) { + || (doAssign.equals("reassignToMe"))) { SessionContext ctx = SessionContext.getContext(); String id = (String) ctx.get(SessionContext.USER_ID); @@ -264,32 +262,33 @@ public class ProcessReq extends CMSServlet { } } - // add authority names to know what privileges can be requested. - if (CMS.getSubsystem("kra") != null) + // add authority names to know what privileges can be requested. + if (CMS.getSubsystem("kra") != null) header.addStringValue("localkra", "yes"); - if (CMS.getSubsystem("ca") != null) + if (CMS.getSubsystem("ca") != null) header.addStringValue("localca", "yes"); - if (CMS.getSubsystem("ra") != null) + if (CMS.getSubsystem("ra") != null) header.addStringValue("localra", "yes"); - // DONT NEED TO DO THIS FOR DRM + // DONT NEED TO DO THIS FOR DRM if (mAuthority instanceof ICertAuthority) { // Check/set signing algorithms dynamically. - // In RA mSigningAlgorithms could be null at startup if CA is not - // up and set later when CA comes back up. + // In RA mSigningAlgorithms could be null at startup if CA is + // not + // up and set later when CA comes back up. // Once it's set assumed that it won't change. String[] allAlgorithms = mSigningAlgorithms; if (allAlgorithms == null) { - allAlgorithms = mSigningAlgorithms = + allAlgorithms = mSigningAlgorithms = ((ICertAuthority) mAuthority).getCASigningAlgorithms(); if (allAlgorithms == null) { CMS.debug( - "ProcessReq: signing algorithms set to All algorithms"); + "ProcessReq: signing algorithms set to All algorithms"); allAlgorithms = AlgorithmId.ALL_SIGNING_ALGORITHMS; - } else + } else CMS.debug( - "ProcessReq: First signing algorithms is " + allAlgorithms[0]); + "ProcessReq: First signing algorithms is " + allAlgorithms[0]); } String validAlgorithms = null; StringBuffer sb = new StringBuffer(); @@ -310,10 +309,10 @@ public class ProcessReq extends CMSServlet { if (signingAlgorithm != null) header.addStringValue("caSigningAlgorithm", signingAlgorithm); header.addLongValue("defaultValidityLength", - ((ICertificateAuthority) mAuthority).getDefaultValidity() / 1000); + ((ICertificateAuthority) mAuthority).getDefaultValidity() / 1000); } else if (mAuthority instanceof IRegistrationAuthority) { header.addLongValue("defaultValidityLength", - ((IRegistrationAuthority) mAuthority).getDefaultValidity() / 1000); + ((IRegistrationAuthority) mAuthority).getDefaultValidity() / 1000); } X509CertImpl caCert = ((ICertAuthority) mAuthority).getCACert(); @@ -328,8 +327,8 @@ public class ProcessReq extends CMSServlet { } else { log(ILogger.LL_FAILURE, "Invalid sequence number " + seqNum); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", - String.valueOf(seqNum))); + CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", + String.valueOf(seqNum))); } return; diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java index 036bd5d0..10c608b6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Show paged list of requests matching search criteria - * + * * @version $Revision$, $Date$ */ public class QueryReq extends CMSServlet { @@ -61,7 +59,7 @@ public class QueryReq extends CMSServlet { private final static String IN_SHOW_ALL = "showAll"; private final static String IN_SHOW_WAITING = "showWaiting"; private final static String IN_SHOW_IN_SERVICE = "showInService"; - private final static String IN_SHOW_PENDING= "showPending"; + private final static String IN_SHOW_PENDING = "showPending"; private final static String IN_SHOW_CANCELLED = "showCancelled"; private final static String IN_SHOW_REJECTED = "showRejected"; private final static String IN_SHOW_COMPLETED = "showCompleted"; @@ -85,17 +83,17 @@ public class QueryReq extends CMSServlet { private final static String OUT_UPDATE_ON = "updatedOn"; private final static String OUT_UPDATE_BY = "updatedBy"; private final static String OUT_REQUESTING_USER = "requestingUser"; - //keeps track of where to begin if page down + // keeps track of where to begin if page down private final static String OUT_FIRST_ENTRY_ON_PAGE = "firstEntryOnPage"; - //keeps track of where to begin if page up + // keeps track of where to begin if page up private final static String OUT_LAST_ENTRY_ON_PAGE = "lastEntryOnPage"; private final static String OUT_SUBJECT = "subject"; private final static String OUT_REQUEST_TYPE = "requestType"; private final static String OUT_COMMENTS = "requestorComments"; private final static String OUT_SERIALNO = "serialNumber"; private final static String OUT_OWNER_NAME = "ownerName"; - private final static String OUT_PUBLIC_KEY_INFO = - "subjectPublicKeyInfo"; + private final static String OUT_PUBLIC_KEY_INFO = + "subjectPublicKeyInfo"; private final static String OUT_ERROR = "error"; private final static String OUT_AUTHORITY_ID = "authorityid"; @@ -119,7 +117,7 @@ public class QueryReq extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "queryReq.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -142,9 +140,9 @@ public class QueryReq extends CMSServlet { mParser = CertReqParser.DETAIL_PARSER; else if (tmp.trim().equals("KeyReqParser.PARSER")) mParser = KeyReqParser.PARSER; - } + } - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); mTemplates.remove(CMSRequest.ERROR); @@ -152,7 +150,7 @@ public class QueryReq extends CMSServlet { if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; } - + private String getRequestType(String p) { String filter = "(requestType=*)"; @@ -212,348 +210,346 @@ public class QueryReq extends CMSServlet { /** * Process the HTTP request. * <ul> - * <li>http.param reqState request state - * (one of showAll, showWaiting, showInService, - * showCancelled, showRejected, showCompleted) + * <li>http.param reqState request state (one of showAll, showWaiting, + * showInService, showCancelled, showRejected, showCompleted) * <li>http.param reqType * <li>http.param seqNumFromDown request ID to start at (decimal, or hex if - * when paging down - * seqNumFromDown starts with 0x) + * when paging down seqNumFromDown starts with 0x) * <li>http.param seqNumFromUp request ID to start at (decimal, or hex if - * when paging up - * seqNumFromUp starts with 0x) + * when paging up seqNumFromUp starts with 0x) * <li>http.param maxCount maximum number of records to show * <li>http.param totalCount total number of records in set of pages * <li>http.param direction "up", "down", "begin", or "end" * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { - CMS.debug("in QueryReq servlet"); - - // Authentication / Authorization - - HttpServletRequest req = cmsReq.getHttpReq(); - IAuthToken authToken = authenticate(cmsReq); - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "list"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - - - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - // if get a EBaseException we just throw it. - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - /** - * WARNING: - * - * PLEASE DO NOT TOUCH THE FILTER HERE. ALL FILTERS ARE INDEXED. - * - **/ - String filter = null; - String reqState = req.getParameter("reqState"); - String reqType = req.getParameter("reqType"); - - if (reqState == null || reqType == null) { - filter = "(requeststate=*)"; - } else if (reqState.equals(IN_SHOW_ALL) && - reqType.equals(IN_SHOW_ALL)) { - filter = "(requeststate=*)"; - } else if (reqState.equals(IN_SHOW_ALL)) { - filter = getRequestType(reqType); - } else if (reqType.equals(IN_SHOW_ALL)) { - filter = getRequestState(reqState); - } else { - filter = "(&" + getRequestState(reqState) + - getRequestType(reqType) + ")"; - } - - String direction = "begin"; - if (req.getParameter("direction") != null) { - direction = req.getParameter("direction").trim(); - } - - - int top=0, bottom=0; - - try { - String top_s = req.getParameter(OUT_FIRST_ENTRY_ON_PAGE); - if (top_s == null) top_s = "0"; - - String bottom_s = req.getParameter(OUT_LAST_ENTRY_ON_PAGE); - if (bottom_s == null) bottom_s = "0"; - - if (top_s.trim().startsWith("0x")) { - top = Integer.parseInt(top_s.trim().substring(2), 16); - } else { - top = Integer.parseInt(top_s.trim()); - } - if (bottom_s.trim().startsWith("0x")) { - bottom = Integer.parseInt(bottom_s.trim().substring(2), 16); - } else { - bottom = Integer.parseInt(bottom_s.trim()); - } - - } catch (NumberFormatException e) { - - } - - // avoid NumberFormatException to the user interface - int maxCount = 10; - try { - maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT)); - } catch (Exception e) { - } + CMS.debug("in QueryReq servlet"); + + // Authentication / Authorization + + HttpServletRequest req = cmsReq.getHttpReq(); + IAuthToken authToken = authenticate(cmsReq); + AuthzToken authzToken = null; + + try { + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "list"); + } catch (EAuthzAccessDenied e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } catch (Exception e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } + if (authzToken == null) { + cmsReq.setStatus(CMSRequest.UNAUTHORIZED); + return; + } + + CMSTemplate form = null; + Locale[] locale = new Locale[1]; + + try { + // if get a EBaseException we just throw it. + form = getTemplate(mFormPath, req, locale); + } catch (IOException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + } + + /** + * WARNING: + * + * PLEASE DO NOT TOUCH THE FILTER HERE. ALL FILTERS ARE INDEXED. + * + **/ + String filter = null; + String reqState = req.getParameter("reqState"); + String reqType = req.getParameter("reqType"); + + if (reqState == null || reqType == null) { + filter = "(requeststate=*)"; + } else if (reqState.equals(IN_SHOW_ALL) && + reqType.equals(IN_SHOW_ALL)) { + filter = "(requeststate=*)"; + } else if (reqState.equals(IN_SHOW_ALL)) { + filter = getRequestType(reqType); + } else if (reqType.equals(IN_SHOW_ALL)) { + filter = getRequestState(reqState); + } else { + filter = "(&" + getRequestState(reqState) + + getRequestType(reqType) + ")"; + } + + String direction = "begin"; + if (req.getParameter("direction") != null) { + direction = req.getParameter("direction").trim(); + } + + int top = 0, bottom = 0; + + try { + String top_s = req.getParameter(OUT_FIRST_ENTRY_ON_PAGE); + if (top_s == null) + top_s = "0"; + + String bottom_s = req.getParameter(OUT_LAST_ENTRY_ON_PAGE); + if (bottom_s == null) + bottom_s = "0"; + + if (top_s.trim().startsWith("0x")) { + top = Integer.parseInt(top_s.trim().substring(2), 16); + } else { + top = Integer.parseInt(top_s.trim()); + } + if (bottom_s.trim().startsWith("0x")) { + bottom = Integer.parseInt(bottom_s.trim().substring(2), 16); + } else { + bottom = Integer.parseInt(bottom_s.trim()); + } + + } catch (NumberFormatException e) { + + } + + // avoid NumberFormatException to the user interface + int maxCount = 10; + try { + maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT)); + } catch (Exception e) { + } if (maxCount > mMaxReturns) { CMS.debug("Resetting page size from " + maxCount + " to " + mMaxReturns); maxCount = mMaxReturns; } - HttpServletResponse resp = cmsReq.getHttpResp(); - CMSTemplateParams argset = doSearch(locale[0],filter, maxCount, direction, top, bottom ); - - - argset.getFixed().addStringValue("reqType",reqType); + HttpServletResponse resp = cmsReq.getHttpResp(); + CMSTemplateParams argset = doSearch(locale[0], filter, maxCount, direction, top, bottom); + + argset.getFixed().addStringValue("reqType", reqType); argset.getFixed().addStringValue("reqState", reqState); - argset.getFixed().addIntegerValue("maxCount",maxCount); - - - try { - form.getOutput(argset); - resp.setContentType("text/html"); - form.renderOutput(resp.getOutputStream(), argset); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - cmsReq.setStatus(CMSRequest.SUCCESS); - return; + argset.getFixed().addIntegerValue("maxCount", maxCount); + + try { + form.getOutput(argset); + resp.setContentType("text/html"); + form.renderOutput(resp.getOutputStream(), argset); + } catch (IOException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + } + cmsReq.setStatus(CMSRequest.SUCCESS); + return; } /** * Perform search based on direction button pressed - * @param filter ldap filter indicating which VLV to search through. This can be - * 'all requests', 'pending', etc + * + * @param filter ldap filter indicating which VLV to search through. This + * can be 'all requests', 'pending', etc * @param count the number of requests to show per page - * @param direction either 'begin', 'end', 'previous' or 'next' (defaults to end) - * @param top the number of the request shown on at the top of the current page - * @param bottom the number of the request shown on at the bottom of the current page - * @return + * @param direction either 'begin', 'end', 'previous' or 'next' (defaults to + * end) + * @param top the number of the request shown on at the top of the current + * page + * @param bottom the number of the request shown on at the bottom of the + * current page + * @return */ - + private CMSTemplateParams doSearch(Locale l, String filter, - int count, String direction, int top, int bottom) - { - CMSTemplateParams ctp = null; - if (direction.equals("previous")) { - ctp = doSearch(l, filter, -count, top-1); - } else if (direction.equals("next")) { - ctp = doSearch(l,filter, count, bottom+1); - } else if (direction.equals("begin")) { - ctp = doSearch(l,filter, count, 0); - } else if (direction.equals("first")) { - ctp = doSearch(l,filter, count, bottom); - } else { // if 'direction is 'end', default here - ctp = doSearch(l,filter, -count, -1); - } - return ctp; + int count, String direction, int top, int bottom) { + CMSTemplateParams ctp = null; + if (direction.equals("previous")) { + ctp = doSearch(l, filter, -count, top - 1); + } else if (direction.equals("next")) { + ctp = doSearch(l, filter, count, bottom + 1); + } else if (direction.equals("begin")) { + ctp = doSearch(l, filter, count, 0); + } else if (direction.equals("first")) { + ctp = doSearch(l, filter, count, bottom); + } else { // if 'direction is 'end', default here + ctp = doSearch(l, filter, -count, -1); + } + return ctp; } - - - - /** - * - * @param locale - * @param filter the types of requests to return - this must match the VLV index - * @param count maximum number of records to return - * @param marker indication of the request ID where the page is anchored - * @return - */ + + /** + * + * @param locale + * @param filter the types of requests to return - this must match the VLV + * index + * @param count maximum number of records to return + * @param marker indication of the request ID where the page is anchored + * @return + */ private CMSTemplateParams doSearch( - Locale locale, - String filter, - int count, - int marker) { - - IArgBlock header = CMS.createArgBlock(); - IArgBlock context = CMS.createArgBlock(); - CMSTemplateParams argset = new CMSTemplateParams(header, context); - - try { - long startTime = CMS.getCurrentDate().getTime(); - // preserve the type of request that we are - // requesting. - - header.addStringValue(OUT_AUTHORITY_ID, mAuthority.getId()); - header.addStringValue(OUT_REQUESTING_USER, "admin"); - - - boolean jumptoend = false; - if (marker == -1) { - marker = 0; // I think this is inconsequential - jumptoend = true; // override to '99' during search - } - - RequestId id = new RequestId(Integer.toString(marker)); - IRequestVirtualList list = mQueue.getPagedRequestsByFilter( - id, - jumptoend, - filter, - count+1, - "requestId"); - - int totalCount = list.getSize() - list.getCurrentIndex(); - header.addIntegerValue(OUT_TOTALCOUNT, totalCount); - header.addIntegerValue(OUT_CURRENTCOUNT, list.getSize()); - - int numEntries = list.getSize() - list.getCurrentIndex(); - - Vector v = fetchRecords(list,Math.abs(count)); - v = normalizeOrder(v); - trim(v,id); - - - int currentCount = 0; - int curNum = 0; - int firstNum = -1; - Enumeration requests = v.elements(); - - while (requests.hasMoreElements()) { - IRequest request = null; - try { - request = (IRequest) requests.nextElement(); - } catch (Exception e) { - CMS.debug("Error displaying request:"+e.getMessage()); - // handled below - } - if (request == null) { - log(ILogger.LL_WARN, "Error display request on page"); - continue; - } - - curNum = Integer.parseInt( - request.getRequestId().toString()); - - if (firstNum == -1) { - firstNum = curNum; - } - - IArgBlock rec = CMS.createArgBlock(); - mParser.fillRequestIntoArg(locale, request, argset, rec); - mQueue.releaseRequest(request); - argset.addRepeatRecord(rec); - - currentCount++; - - }// while - long endTime = CMS.getCurrentDate().getTime(); - - header.addIntegerValue(OUT_CURRENTCOUNT, currentCount); - header.addStringValue("time", Long.toString(endTime - startTime)); - header.addIntegerValue(OUT_FIRST_ENTRY_ON_PAGE, firstNum); - header.addIntegerValue(OUT_LAST_ENTRY_ON_PAGE, curNum); - - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale)); - } catch (Exception e) { - } - return argset; - + Locale locale, + String filter, + int count, + int marker) { + + IArgBlock header = CMS.createArgBlock(); + IArgBlock context = CMS.createArgBlock(); + CMSTemplateParams argset = new CMSTemplateParams(header, context); + + try { + long startTime = CMS.getCurrentDate().getTime(); + // preserve the type of request that we are + // requesting. + + header.addStringValue(OUT_AUTHORITY_ID, mAuthority.getId()); + header.addStringValue(OUT_REQUESTING_USER, "admin"); + + boolean jumptoend = false; + if (marker == -1) { + marker = 0; // I think this is inconsequential + jumptoend = true; // override to '99' during search + } + + RequestId id = new RequestId(Integer.toString(marker)); + IRequestVirtualList list = mQueue.getPagedRequestsByFilter( + id, + jumptoend, + filter, + count + 1, + "requestId"); + + int totalCount = list.getSize() - list.getCurrentIndex(); + header.addIntegerValue(OUT_TOTALCOUNT, totalCount); + header.addIntegerValue(OUT_CURRENTCOUNT, list.getSize()); + + int numEntries = list.getSize() - list.getCurrentIndex(); + + Vector v = fetchRecords(list, Math.abs(count)); + v = normalizeOrder(v); + trim(v, id); + + int currentCount = 0; + int curNum = 0; + int firstNum = -1; + Enumeration requests = v.elements(); + + while (requests.hasMoreElements()) { + IRequest request = null; + try { + request = (IRequest) requests.nextElement(); + } catch (Exception e) { + CMS.debug("Error displaying request:" + e.getMessage()); + // handled below + } + if (request == null) { + log(ILogger.LL_WARN, "Error display request on page"); + continue; + } + + curNum = Integer.parseInt( + request.getRequestId().toString()); + + if (firstNum == -1) { + firstNum = curNum; + } + + IArgBlock rec = CMS.createArgBlock(); + mParser.fillRequestIntoArg(locale, request, argset, rec); + mQueue.releaseRequest(request); + argset.addRepeatRecord(rec); + + currentCount++; + + }// while + long endTime = CMS.getCurrentDate().getTime(); + + header.addIntegerValue(OUT_CURRENTCOUNT, currentCount); + header.addStringValue("time", Long.toString(endTime - startTime)); + header.addIntegerValue(OUT_FIRST_ENTRY_ON_PAGE, firstNum); + header.addIntegerValue(OUT_LAST_ENTRY_ON_PAGE, curNum); + + } catch (EBaseException e) { + header.addStringValue(OUT_ERROR, e.toString(locale)); + } catch (Exception e) { + } + return argset; + } /** * If the vector contains the marker element at the end, remove it. - * @param v The vector to trim - * @param marker the marker to look for. + * + * @param v The vector to trim + * @param marker the marker to look for. + */ + private void trim(Vector v, RequestId marker) { + int i = v.size() - 1; + if (((IRequest) v.elementAt(i)).getRequestId().equals(marker)) { + v.remove(i); + } + + } + + /** + * Sometimes the list comes back from LDAP in reverse order. This function + * makes sure the results are in 'forward' order. + * + * @param list + * @return */ - private void trim(Vector v, RequestId marker) { - int i = v.size()-1; - if (((IRequest)v.elementAt(i)).getRequestId().equals(marker)) { - v.remove(i); - } - - } - - /** - * Sometimes the list comes back from LDAP in reverse order. This function makes - * sure the results are in 'forward' order. - * @param list - * @return - */ private Vector fetchRecords(IRequestVirtualList list, int maxCount) { - - Vector v = new Vector(); - int count = list.getSize(); - int c=0; - for (int i=0; i<count; i++) { - IRequest request = list.getElementAt(i); - if (request != null) { - v.add(request); - c++; - } - if (c >= maxCount) break; - } - - return v; + + Vector v = new Vector(); + int count = list.getSize(); + int c = 0; + for (int i = 0; i < count; i++) { + IRequest request = list.getElementAt(i); + if (request != null) { + v.add(request); + c++; + } + if (c >= maxCount) + break; + } + + return v; } /** * If the requests are in backwards order, reverse the list + * * @param list * @return */ private Vector normalizeOrder(Vector list) { - - int firstrequestnum = Integer.parseInt(((IRequest) list.elementAt(0)) - .getRequestId().toString()); - int lastrequestnum = Integer.parseInt(((IRequest) list.elementAt(list - .size() - 1)).getRequestId().toString()); - boolean reverse = false; - if (firstrequestnum > lastrequestnum) { - reverse = true; // if the order is backwards, place items at the beginning - } - Vector v = new Vector(); - int count = list.size(); - for (int i = 0; i < count; i++) { - Object request = list.elementAt(i); - if (request != null) { - if (reverse) - v.add(0, request); - else - v.add(request); - } - } - - return v; + + int firstrequestnum = Integer.parseInt(((IRequest) list.elementAt(0)) + .getRequestId().toString()); + int lastrequestnum = Integer.parseInt(((IRequest) list.elementAt(list + .size() - 1)).getRequestId().toString()); + boolean reverse = false; + if (firstrequestnum > lastrequestnum) { + reverse = true; // if the order is backwards, place items at the + // beginning + } + Vector v = new Vector(); + int count = list.size(); + for (int i = 0; i < count; i++) { + Object request = list.elementAt(i); + if (request != null) { + if (reverse) + v.add(0, request); + else + v.add(request); + } + } + + return v; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java index 29414ca5..00f95ec2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.util.Locale; import com.netscape.certsrv.base.EBaseException; @@ -26,11 +25,10 @@ import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.servlet.common.CMSTemplateParams; - /** * A class representing a request parser. * <P> - * + * * @version $Revision$, $Date$ */ public class ReqParser implements IReqParser { @@ -51,29 +49,30 @@ public class ReqParser implements IReqParser { * Maps request object into argument block. */ public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { + throws EBaseException { arg.addStringValue(TYPE, req.getRequestType()); - arg.addLongValue("seqNum", - Long.parseLong(req.getRequestId().toString())); - arg.addStringValue(STATUS, - req.getRequestStatus().toString()); - arg.addLongValue(CREATE_ON, - req.getCreationTime().getTime() / 1000); - arg.addLongValue(UPDATE_ON, - req.getModificationTime().getTime() / 1000); + arg.addLongValue("seqNum", + Long.parseLong(req.getRequestId().toString())); + arg.addStringValue(STATUS, + req.getRequestStatus().toString()); + arg.addLongValue(CREATE_ON, + req.getCreationTime().getTime() / 1000); + arg.addLongValue(UPDATE_ON, + req.getModificationTime().getTime() / 1000); String updatedBy = req.getExtDataInString(IRequest.UPDATED_BY); - if (updatedBy == null) updatedBy = ""; + if (updatedBy == null) + updatedBy = ""; arg.addStringValue(UPDATE_BY, updatedBy); SessionContext ctx = SessionContext.getContext(); - String id = (String) ctx.get(SessionContext.USER_ID); + String id = (String) ctx.get(SessionContext.USER_ID); arg.addStringValue("callerName", id); - + String owner = req.getRequestOwner(); - if (owner != null) + if (owner != null) arg.addStringValue("assignedTo", owner); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java b/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java index 04b21440..c660be24 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.IOException; import java.math.BigInteger; import java.util.Date; @@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Search for certificates matching complex query filter - * + * * @version $Revision$, $Date$ */ public class SearchReqs extends CMSServlet { @@ -90,8 +88,9 @@ public class SearchReqs extends CMSServlet { } /** - * initialize the servlet. This servlet uses queryReq.template - * to render the response + * initialize the servlet. This servlet uses queryReq.template to render the + * response + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -154,10 +153,8 @@ public class SearchReqs extends CMSServlet { /** * Serves HTTP request. This format of this request is as follows: - * queryCert? - * [maxCount=<number>] - * [queryFilter=<filter>] - * [revokeAll=<filter>] + * queryCert? [maxCount=<number>] [queryFilter=<filter>] + * [revokeAll=<filter>] */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); @@ -172,10 +169,10 @@ public class SearchReqs extends CMSServlet { mAuthzResourceName, "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -198,10 +195,10 @@ public class SearchReqs extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -215,10 +212,10 @@ public class SearchReqs extends CMSServlet { timeLimit = Integer.parseInt(timeLimitStr); process(argSet, header, req.getParameter("queryRequestFilter"), authToken, - maxResults, timeLimit, req, resp, locale[0]); + maxResults, timeLimit, req, resp, locale[0]); } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -229,33 +226,33 @@ public class SearchReqs extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - cmsReq.setStatus(CMSRequest.SUCCESS); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } /** * Process the key search. */ - private void process(CMSTemplateParams argSet, IArgBlock header, - String filter, IAuthToken token, - int maxResults, int timeLimit, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) - throws EBaseException { + private void process(CMSTemplateParams argSet, IArgBlock header, + String filter, IAuthToken token, + int maxResults, int timeLimit, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) + throws EBaseException { try { long startTime = CMS.getCurrentDate().getTime(); @@ -272,12 +269,12 @@ public class SearchReqs extends CMSServlet { } else { if (owner.equals("self")) { String self_uid = token.getInString(IAuthToken.USER_ID); - requestowner_filter = "(requestowner="+self_uid+")"; + requestowner_filter = "(requestowner=" + self_uid + ")"; } else { String uid = req.getParameter("uid"); - requestowner_filter = "(requestowner="+uid+")"; + requestowner_filter = "(requestowner=" + uid + ")"; } - newfilter = "(&"+requestowner_filter+filter.substring(2); + newfilter = "(&" + requestowner_filter + filter.substring(2); } // xxx the filter includes serial number range??? if (maxResults == -1 || maxResults > mMaxReturns) { @@ -289,8 +286,8 @@ public class SearchReqs extends CMSServlet { timeLimit = mTimeLimits; } IRequestList list = (timeLimit > 0) ? - mQueue.listRequestsByFilter(newfilter, maxResults, timeLimit) : - mQueue.listRequestsByFilter(newfilter, maxResults); + mQueue.listRequestsByFilter(newfilter, maxResults, timeLimit) : + mQueue.listRequestsByFilter(newfilter, maxResults); int count = 0; @@ -323,7 +320,8 @@ public class SearchReqs extends CMSServlet { int i = filter.indexOf(CURRENT_TIME, k); while (i > -1) { - if (now == null) now = new Date(); + if (now == null) + now = new Date(); newFilter.append(filter.substring(k, i)); newFilter.append(now.getTime()); k = i + CURRENT_TIME.length(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java index ca785565..d9919723 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java @@ -50,14 +50,11 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.symkey.SessionKey; - - /** - * A class representings an administration servlet for Token Key - * Service Authority. This servlet is responsible to serve - * tks administrative operation such as configuration - * parameter updates. - * + * A class representings an administration servlet for Token Key Service + * Authority. This servlet is responsible to serve tks administrative operation + * such as configuration parameter updates. + * * @version $Revision$, $Date$ */ public class TokenServlet extends CMSServlet { @@ -66,66 +63,53 @@ public class TokenServlet extends CMSServlet { */ private static final long serialVersionUID = 8687436109695172791L; protected static final String PROP_ENABLED = "enabled"; - protected static final String TRANSPORT_KEY_NAME ="sharedSecret"; + protected static final String TRANSPORT_KEY_NAME = "sharedSecret"; private final static String INFO = "TokenServlet"; public static int ERROR = 1; private ITKSAuthority mTKS = null; private String mSelectedToken = null; private String mNewSelectedToken = null; String mKeyNickName = null; - String mNewKeyNickName = null; + String mNewKeyNickName = null; private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM = - "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3"; IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":"); - private final static String - LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST = - "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_3"; - - private final static String - LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS_8"; + private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST = + "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_3"; - private final static String - LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE_9"; + private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS_8"; - private final static String - LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST = - "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE_9"; - private final static String - LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS_6"; + private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST = + "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE_7"; + private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS_6"; + private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE_7"; - private final static String - LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST = - "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_4"; + private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST = + "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_4"; - private final static String - LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS_7"; + private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS_7"; - private final static String - LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_8"; + private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_8"; - private final static String - LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST = - "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_2"; + private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST = + "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_2"; - private final static String - LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS_3"; + private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS_3"; - private final static String - LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE_4"; + private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE_4"; /** * Constructs tks servlet. @@ -135,14 +119,13 @@ public class TokenServlet extends CMSServlet { } - public static String trim(String a) - { - StringBuffer newa = new StringBuffer(); + public static String trim(String a) { + StringBuffer newa = new StringBuffer(); StringTokenizer tokens = new StringTokenizer(a, "\n"); - while (tokens.hasMoreTokens()) { - newa.append(tokens.nextToken()); - } - return newa.toString(); + while (tokens.hasMoreTokens()) { + newa.append(tokens.nextToken()); + } + return newa.toString(); } public void init(ServletConfig config) throws ServletException { @@ -151,18 +134,19 @@ public class TokenServlet extends CMSServlet { /** * Returns serlvet information. - * + * * @return name of this servlet */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } - /** - * Process the HTTP request. - * + + /** + * Process the HTTP request. + * * @param s The URL to decode. */ - protected String URLdecode(String s) { + protected String URLdecode(String s) { if (s == null) return null; ByteArrayOutputStream out = new ByteArrayOutputStream(s.length()); @@ -182,62 +166,59 @@ public class TokenServlet extends CMSServlet { } } // end for return out.toString(); - } + } + + private void setDefaultSlotAndKeyName(HttpServletRequest req) { + try { - private void setDefaultSlotAndKeyName(HttpServletRequest req) - { - try { + String keySet = req.getParameter("keySet"); + if (keySet == null || keySet.equals("")) { + keySet = "defKeySet"; + } + CMS.debug("keySet selected: " + keySet); - String keySet = req.getParameter("keySet"); - if (keySet == null || keySet.equals("")) { - keySet = "defKeySet"; - } - CMS.debug("keySet selected: " + keySet); + mNewSelectedToken = null; - mNewSelectedToken = null; - - mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot"); - String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null); - String temp = req.getParameter("KeyInfo"); //#xx#xx - String keyInfoMap = "tks." + keySet + ".mk_mappings." + temp; - String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null); - if(mappingValue!=null) - { - StringTokenizer st = new StringTokenizer(mappingValue, ":"); - int tokenNumber=0; - while (st.hasMoreTokens()) { - - String currentToken= st.nextToken(); - if(tokenNumber==0) - mSelectedToken = currentToken; - else if(tokenNumber==1) - mKeyNickName = currentToken; - tokenNumber++; - - } + mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot"); + String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null); + String temp = req.getParameter("KeyInfo"); // #xx#xx + String keyInfoMap = "tks." + keySet + ".mk_mappings." + temp; + String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null); + if (mappingValue != null) { + StringTokenizer st = new StringTokenizer(mappingValue, ":"); + int tokenNumber = 0; + while (st.hasMoreTokens()) { + + String currentToken = st.nextToken(); + if (tokenNumber == 0) + mSelectedToken = currentToken; + else if (tokenNumber == 1) + mKeyNickName = currentToken; + tokenNumber++; + + } } - if(req.getParameter("newKeyInfo")!=null) // for diversification + if (req.getParameter("newKeyInfo") != null) // for diversification { - temp = req.getParameter("newKeyInfo"); //#xx#xx - String newKeyInfoMap = "tks." + keySet + ".mk_mappings." + temp; - String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null); - if(newMappingValue!=null) - { - StringTokenizer st = new StringTokenizer(newMappingValue, ":"); - int tokenNumber=0; - while (st.hasMoreTokens()) { - String currentToken= st.nextToken(); - if(tokenNumber==0) - mNewSelectedToken = currentToken; - else if(tokenNumber==1) - mNewKeyNickName = currentToken; - tokenNumber++; - - } + temp = req.getParameter("newKeyInfo"); // #xx#xx + String newKeyInfoMap = "tks." + keySet + ".mk_mappings." + temp; + String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null); + if (newMappingValue != null) { + StringTokenizer st = new StringTokenizer(newMappingValue, ":"); + int tokenNumber = 0; + while (st.hasMoreTokens()) { + String currentToken = st.nextToken(); + if (tokenNumber == 0) + mNewSelectedToken = currentToken; + else if (tokenNumber == 1) + mNewKeyNickName = currentToken; + tokenNumber++; + + } } - } + } - SessionKey.SetDefaultPrefix(masterKeyPrefix); + SessionKey.SetDefaultPrefix(masterKeyPrefix); } catch (Exception e) { e.printStackTrace(); @@ -247,9 +228,8 @@ public class TokenServlet extends CMSServlet { } private void processComputeSessionKey(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException - { - byte[] card_challenge ,host_challenge,keyInfo, xCUID, CUID, session_key; + HttpServletResponse resp) throws EBaseException { + byte[] card_challenge, host_challenge, keyInfo, xCUID, CUID, session_key; byte[] card_crypto, host_cryptogram, input_card_crypto; byte[] xcard_challenge, xhost_challenge; byte[] enc_session_key, xkeyInfo; @@ -257,18 +237,18 @@ public class TokenServlet extends CMSServlet { String errorMsg = ""; String badParams = ""; String transportKeyName = ""; - - String rCUID = req.getParameter("CUID"); + + String rCUID = req.getParameter("CUID"); String keySet = req.getParameter("keySet"); if (keySet == null || keySet.equals("")) { - keySet = "defKeySet"; + keySet = "defKeySet"; } CMS.debug("keySet selected: " + keySet); boolean serversideKeygen = false; byte[] drm_trans_wrapped_desKey = null; - PK11SymKey desKey = null; - // PK11SymKey kek_session_key; + PK11SymKey desKey = null; + // PK11SymKey kek_session_key; PK11SymKey kek_key; IConfigStore sconfig = CMS.getConfigStore(); @@ -278,14 +258,14 @@ public class TokenServlet extends CMSServlet { card_crypto = null; host_cryptogram = null; enc_session_key = null; - // kek_session_key = null; + // kek_session_key = null; SessionContext sContext = SessionContext.getContext(); - String agentId=""; + String agentId = ""; if (sContext != null) { agentId = - (String) sContext.get(SessionContext.USER_ID); + (String) sContext.get(SessionContext.USER_ID); } auditMessage = CMS.getLogMessage( @@ -297,19 +277,19 @@ public class TokenServlet extends CMSServlet { audit(auditMessage); String kek_wrapped_desKeyString = null; - String keycheck_s = null; + String keycheck_s = null; CMS.debug("processComputeSessionKey:"); String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true"); - if (!useSoftToken_s.equalsIgnoreCase("true")) - useSoftToken_s = "false"; + if (!useSoftToken_s.equalsIgnoreCase("true")) + useSoftToken_s = "false"; - String rServersideKeygen = (String) req.getParameter("serversideKeygen"); + String rServersideKeygen = (String) req.getParameter("serversideKeygen"); if (rServersideKeygen.equals("true")) { - CMS.debug("TokenServlet: serversideKeygen requested"); - serversideKeygen = true; + CMS.debug("TokenServlet: serversideKeygen requested"); + serversideKeygen = true; } else { - CMS.debug("TokenServlet: serversideKeygen not requested"); + CMS.debug("TokenServlet: serversideKeygen not requested"); } try { @@ -318,13 +298,12 @@ public class TokenServlet extends CMSServlet { } try { - transportKeyName = sconfig.getString("tks.tksSharedSymKeyName",TRANSPORT_KEY_NAME); + transportKeyName = sconfig.getString("tks.tksSharedSymKeyName", TRANSPORT_KEY_NAME); } catch (EBaseException e) { } CMS.debug("TokenServlet: ComputeSessionKey(): tksSharedSymKeyName: " + transportKeyName); - String rcard_challenge = req.getParameter("card_challenge"); String rhost_challenge = req.getParameter("host_challenge"); String rKeyInfo = req.getParameter("KeyInfo"); @@ -353,7 +332,6 @@ public class TokenServlet extends CMSServlet { missingParam = true; } - String selectedToken = null; String keyNickName = null; boolean sameCardCrypto = true; @@ -362,48 +340,48 @@ public class TokenServlet extends CMSServlet { xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); if (xCUID == null || xCUID.length != 10) { - badParams += " CUID length,"; - CMS.debug("TokenServlet: Invalid CUID length"); - missingParam = true; + badParams += " CUID length,"; + CMS.debug("TokenServlet: Invalid CUID length"); + missingParam = true; } xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); if (xkeyInfo == null || xkeyInfo.length != 2) { - badParams += " KeyInfo length,"; - CMS.debug("TokenServlet: Invalid key info length."); - missingParam = true; + badParams += " KeyInfo length,"; + CMS.debug("TokenServlet: Invalid key info length."); + missingParam = true; } - xcard_challenge = - com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge); + xcard_challenge = + com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge); if (xcard_challenge == null || xcard_challenge.length != 8) { - badParams += " card_challenge length,"; - CMS.debug("TokenServlet: Invalid card challenge length."); - missingParam = true; + badParams += " card_challenge length,"; + CMS.debug("TokenServlet: Invalid card challenge length."); + missingParam = true; } - + xhost_challenge = com.netscape.cmsutil.util.Utils.SpecialDecode(rhost_challenge); if (xhost_challenge == null || xhost_challenge.length != 8) { - badParams += " host_challenge length,"; - CMS.debug("TokenServlet: Invalid host challenge length"); - missingParam = true; + badParams += " host_challenge length,"; + CMS.debug("TokenServlet: Invalid host challenge length"); + missingParam = true; } - + } CUID = null; if (!missingParam) { - card_challenge = - com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge); - + card_challenge = + com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge); + host_challenge = com.netscape.cmsutil.util.Utils.SpecialDecode(rhost_challenge); keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); - CUID =com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); - String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; //#xx#xx + String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; // #xx#xx String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null); if (mappingValue == null) { - selectedToken = - CMS.getConfigStore().getString("tks.defaultSlot", "internal"); + selectedToken = + CMS.getConfigStore().getString("tks.defaultSlot", "internal"); keyNickName = rKeyInfo; } else { StringTokenizer st = new StringTokenizer(mappingValue, ":"); @@ -419,133 +397,130 @@ public class TokenServlet extends CMSServlet { byte macKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".mac_key")); CMS.debug("TokenServlet about to try ComputeSessionKey selectedToken=" + selectedToken + " keyNickName=" + keyNickName); - session_key = SessionKey.ComputeSessionKey( - selectedToken,keyNickName,card_challenge, - host_challenge,keyInfo,CUID, macKeyArray, useSoftToken_s, keySet, transportKeyName ); + session_key = SessionKey.ComputeSessionKey( + selectedToken, keyNickName, card_challenge, + host_challenge, keyInfo, CUID, macKeyArray, useSoftToken_s, keySet, transportKeyName); - if(session_key == null) - { + if (session_key == null) { CMS.debug("TokenServlet:Tried ComputeSessionKey, got NULL "); - throw new Exception("Can't compute session key!"); + throw new Exception("Can't compute session key!"); - } + } byte encKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".auth_key")); enc_session_key = SessionKey.ComputeEncSessionKey( - selectedToken,keyNickName,card_challenge, - host_challenge,keyInfo,CUID, encKeyArray, useSoftToken_s, keySet); + selectedToken, keyNickName, card_challenge, + host_challenge, keyInfo, CUID, encKeyArray, useSoftToken_s, keySet); - if(enc_session_key == null) - { + if (enc_session_key == null) { CMS.debug("TokenServlet:Tried ComputeEncSessionKey, got NULL "); - throw new Exception("Can't compute enc session key!"); - + throw new Exception("Can't compute enc session key!"); + } if (serversideKeygen == true) { /** - * 0. generate des key - * 1. encrypt des key with kek key - * 2. encrypt des key with DRM transport key - * These two wrapped items are to be sent back to - * TPS. 2nd item is to DRM + * 0. generate des key 1. encrypt des key with kek key + * 2. encrypt des key with DRM transport key These two + * wrapped items are to be sent back to TPS. 2nd item is + * to DRM **/ CMS.debug("TokenServlet: calling ComputeKekKey"); - byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); - + byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); kek_key = SessionKey.ComputeKekKey( - selectedToken,keyNickName,card_challenge, - host_challenge,keyInfo,CUID, kekKeyArray, useSoftToken_s,keySet); - + selectedToken, keyNickName, card_challenge, + host_challenge, keyInfo, CUID, kekKeyArray, useSoftToken_s, keySet); CMS.debug("TokenServlet: called ComputeKekKey"); - if(kek_key == null) - { + if (kek_key == null) { CMS.debug("TokenServlet:Tried ComputeKekKey, got NULL "); - throw new Exception("Can't compute kek key!"); - + throw new Exception("Can't compute kek key!"); + } // now use kek key to wrap kek session key.. - CMS.debug("computeSessionKey:kek key len ="+ - kek_key.getLength()); - - // (1) generate DES key - /* applet does not support DES3 - org.mozilla.jss.crypto.KeyGenerator kg = - internalToken.getKeyGenerator(KeyGenAlgorithm.DES3); - desKey = kg.generate();*/ - - /* - * XXX GenerateSymkey firt generates a 16 byte DES2 key. - * It then pads it into a 24 byte key with last - * 8 bytes copied from the 1st 8 bytes. Effectively - * making it a 24 byte DES2 key. We need this for - * wrapping private keys on DRM. - */ - /*generate it on whichever token the master key is at*/ - if (useSoftToken_s.equals("true")) { - CMS.debug("TokenServlet: key encryption key generated on internal"); -//cfu audit here? sym key gen - desKey = SessionKey.GenerateSymkey("internal"); -//cfu audit here? sym key gen done + CMS.debug("computeSessionKey:kek key len =" + + kek_key.getLength()); + + // (1) generate DES key + /* + * applet does not support DES3 + * org.mozilla.jss.crypto.KeyGenerator kg = + * internalToken.getKeyGenerator(KeyGenAlgorithm.DES3); + * desKey = kg.generate(); + */ + + /* + * XXX GenerateSymkey firt generates a 16 byte DES2 key. + * It then pads it into a 24 byte key with last 8 bytes + * copied from the 1st 8 bytes. Effectively making it a + * 24 byte DES2 key. We need this for wrapping private + * keys on DRM. + */ + /* generate it on whichever token the master key is at */ + if (useSoftToken_s.equals("true")) { + CMS.debug("TokenServlet: key encryption key generated on internal"); + // cfu audit here? sym key gen + desKey = SessionKey.GenerateSymkey("internal"); + // cfu audit here? sym key gen done } else { - CMS.debug("TokenServlet: key encryption key generated on " + selectedToken); - desKey = SessionKey.GenerateSymkey(selectedToken); + CMS.debug("TokenServlet: key encryption key generated on " + selectedToken); + desKey = SessionKey.GenerateSymkey(selectedToken); + } + if (desKey != null) + CMS.debug("TokenServlet: key encryption key generated for " + rCUID); + else { + CMS.debug("TokenServlet: key encryption key generation failed for " + rCUID); + throw new Exception("can't generate key encryption key"); } - if (desKey != null) - CMS.debug("TokenServlet: key encryption key generated for "+rCUID); - else { - CMS.debug("TokenServlet: key encryption key generation failed for "+rCUID); - throw new Exception ("can't generate key encryption key"); - } - - /* - * XXX ECBencrypt actually takes the 24 byte DES2 key - * and discard the last 8 bytes before it encrypts. - * This is done so that the applet can digest it - */ - byte[] encDesKey = - SessionKey.ECBencrypt( kek_key, - desKey); - /* - CMS.debug("computeSessionKey:encrypted desKey size = "+encDesKey.length); - CMS.debug(encDesKey); - */ + + /* + * XXX ECBencrypt actually takes the 24 byte DES2 key + * and discard the last 8 bytes before it encrypts. This + * is done so that the applet can digest it + */ + byte[] encDesKey = + SessionKey.ECBencrypt(kek_key, + desKey); + /* + * CMS.debug("computeSessionKey:encrypted desKey size = " + * +encDesKey.length); CMS.debug(encDesKey); + */ kek_wrapped_desKeyString = - com.netscape.cmsutil.util.Utils.SpecialEncode(encDesKey); - - // get keycheck - byte[] keycheck = - SessionKey.ComputeKeyCheck(desKey); - /* - CMS.debug("computeSessionKey:keycheck size = "+keycheck.length); - CMS.debug(keycheck); - */ - keycheck_s = - com.netscape.cmsutil.util.Utils.SpecialEncode(keycheck); - - //XXX use DRM transport cert to wrap desKey - String drmTransNickname = CMS.getConfigStore().getString("tks.drm_transport_cert_nickname", ""); - - if ((drmTransNickname == null) || (drmTransNickname == "")) { - CMS.debug("TokenServlet:did not find DRM transport certificate nickname"); - throw new Exception("can't find DRM transport certificate nickname"); - } else { - CMS.debug("TokenServlet:drmtransport_cert_nickname="+drmTransNickname); - } + com.netscape.cmsutil.util.Utils.SpecialEncode(encDesKey); + + // get keycheck + byte[] keycheck = + SessionKey.ComputeKeyCheck(desKey); + /* + * CMS.debug("computeSessionKey:keycheck size = "+keycheck + * .length); CMS.debug(keycheck); + */ + keycheck_s = + com.netscape.cmsutil.util.Utils.SpecialEncode(keycheck); + + // XXX use DRM transport cert to wrap desKey + String drmTransNickname = CMS.getConfigStore().getString("tks.drm_transport_cert_nickname", ""); + + if ((drmTransNickname == null) || (drmTransNickname == "")) { + CMS.debug("TokenServlet:did not find DRM transport certificate nickname"); + throw new Exception("can't find DRM transport certificate nickname"); + } else { + CMS.debug("TokenServlet:drmtransport_cert_nickname=" + drmTransNickname); + } X509Certificate drmTransCert = null; drmTransCert = CryptoManager.getInstance().findCertByNickname(drmTransNickname); // wrap kek session key with DRM transport public key - CryptoToken token = null; - if (useSoftToken_s.equals("true")) { - //token = CryptoManager.getInstance().getTokenByName(selectedToken); - token = CryptoManager.getInstance().getInternalCryptoToken(); + CryptoToken token = null; + if (useSoftToken_s.equals("true")) { + // token = + // CryptoManager.getInstance().getTokenByName(selectedToken); + token = CryptoManager.getInstance().getInternalCryptoToken(); } else { token = CryptoManager.getInstance().getTokenByName(selectedToken); } @@ -553,7 +528,7 @@ public class TokenServlet extends CMSServlet { String pubKeyAlgo = pubKey.getAlgorithm(); CMS.debug("Transport Cert Key Algorithm: " + pubKeyAlgo); KeyWrapper keyWrapper = null; - //For wrapping symmetric keys don't need IV, use ECB + // For wrapping symmetric keys don't need IV, use ECB if (pubKeyAlgo.equals("EC")) { keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.AES_ECB); keyWrapper.initWrap(pubKey, null); @@ -561,31 +536,29 @@ public class TokenServlet extends CMSServlet { keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.RSA); keyWrapper.initWrap(pubKey, null); } - CMS.debug("desKey token " + desKey.getOwningToken().getName() + " token: " + token.getName() ); + CMS.debug("desKey token " + desKey.getOwningToken().getName() + " token: " + token.getName()); drm_trans_wrapped_desKey = keyWrapper.wrap(desKey); - CMS.debug("computeSessionKey:desKey wrapped with drm transportation key."); + CMS.debug("computeSessionKey:desKey wrapped with drm transportation key."); } // if (serversideKeygen == true) byte authKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".auth_key")); host_cryptogram = SessionKey.ComputeCryptogram( - selectedToken,keyNickName,card_challenge, - host_challenge,keyInfo,CUID,0, authKeyArray, useSoftToken_s, keySet); + selectedToken, keyNickName, card_challenge, + host_challenge, keyInfo, CUID, 0, authKeyArray, useSoftToken_s, keySet); - if(host_cryptogram == null) - { + if (host_cryptogram == null) { CMS.debug("TokenServlet:Tried ComputeCryptogram, got NULL "); - throw new Exception("Can't compute host cryptogram!"); + throw new Exception("Can't compute host cryptogram!"); } card_crypto = SessionKey.ComputeCryptogram( - selectedToken,keyNickName,card_challenge, - host_challenge,keyInfo,CUID,1, authKeyArray, useSoftToken_s, keySet); + selectedToken, keyNickName, card_challenge, + host_challenge, keyInfo, CUID, 1, authKeyArray, useSoftToken_s, keySet); - if(card_crypto == null) - { + if (card_crypto == null) { CMS.debug("TokenServlet:Tried ComputeCryptogram, got NULL "); - throw new Exception("Can't compute card cryptogram!"); + throw new Exception("Can't compute card cryptogram!"); } @@ -595,9 +568,9 @@ public class TokenServlet extends CMSServlet { throw new Exception("Missing card cryptogram"); } input_card_crypto = - com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_cryptogram); + com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_cryptogram); if (card_crypto.length == input_card_crypto.length) { - for (int i=0; i<card_crypto.length; i++) { + for (int i = 0; i < card_crypto.length; i++) { if (card_crypto[i] != input_card_crypto[i]) { sameCardCrypto = false; break; @@ -611,15 +584,15 @@ public class TokenServlet extends CMSServlet { CMS.getLogger().log(ILogger.EV_AUDIT, ILogger.S_TKS, - ILogger.LL_INFO,"processComputeSessionKey for CUID=" + - trim(pp.toHexString(CUID))); - } catch (Exception e) { + ILogger.LL_INFO, "processComputeSessionKey for CUID=" + + trim(pp.toHexString(CUID))); + } catch (Exception e) { CMS.debug(e); CMS.debug("TokenServlet Computing Session Key: " + e.toString()); if (isCryptoValidate) sameCardCrypto = false; } - } + } } // ! missingParam String value = ""; @@ -632,34 +605,32 @@ public class TokenServlet extends CMSServlet { String cryptogram = ""; String status = "0"; if (session_key != null && session_key.length > 0) { - outputString = - com.netscape.cmsutil.util.Utils.SpecialEncode(session_key); - } else { - + outputString = + com.netscape.cmsutil.util.Utils.SpecialEncode(session_key); + } else { + status = "1"; } if (enc_session_key != null && enc_session_key.length > 0) { - encSessionKeyString = - com.netscape.cmsutil.util.Utils.SpecialEncode(enc_session_key); - } else { + encSessionKeyString = + com.netscape.cmsutil.util.Utils.SpecialEncode(enc_session_key); + } else { status = "1"; } - if (serversideKeygen == true) { - if ( drm_trans_wrapped_desKey != null && drm_trans_wrapped_desKey.length > 0) - drm_trans_wrapped_desKeyString = - com.netscape.cmsutil.util.Utils.SpecialEncode(drm_trans_wrapped_desKey); - else { - status = "1"; + if (drm_trans_wrapped_desKey != null && drm_trans_wrapped_desKey.length > 0) + drm_trans_wrapped_desKeyString = + com.netscape.cmsutil.util.Utils.SpecialEncode(drm_trans_wrapped_desKey); + else { + status = "1"; } - } + } - if (host_cryptogram != null && host_cryptogram.length > 0) { - cryptogram = - com.netscape.cmsutil.util.Utils.SpecialEncode(host_cryptogram); + cryptogram = + com.netscape.cmsutil.util.Utils.SpecialEncode(host_cryptogram); } else { status = "2"; } @@ -675,32 +646,30 @@ public class TokenServlet extends CMSServlet { if (missingParam) { status = "3"; } - - if (!status.equals("0")) { - - - if(status.equals("1")) { - errorMsg = "Problem generating session key info."; - } - - if(status.equals("2")) { - errorMsg = "Problem creating host_cryptogram."; - } - - if(status.equals("4")) { - errorMsg = "Problem obtaining token information."; - } - - if(status.equals("3")) { - if(badParams.endsWith(",")) { - badParams = badParams.substring(0,badParams.length() -1); - } - errorMsg = "Missing input parameters :" + badParams; - } - - value = "status="+status; - } - else { + + if (!status.equals("0")) { + + if (status.equals("1")) { + errorMsg = "Problem generating session key info."; + } + + if (status.equals("2")) { + errorMsg = "Problem creating host_cryptogram."; + } + + if (status.equals("4")) { + errorMsg = "Problem obtaining token information."; + } + + if (status.equals("3")) { + if (badParams.endsWith(",")) { + badParams = badParams.substring(0, badParams.length() - 1); + } + errorMsg = "Missing input parameters :" + badParams; + } + + value = "status=" + status; + } else { if (serversideKeygen == true) { StringBuffer sb = new StringBuffer(); sb.append("status=0&"); @@ -709,10 +678,10 @@ public class TokenServlet extends CMSServlet { sb.append("&hostCryptogram="); sb.append(cryptogram); sb.append("&encSessionKey="); - sb.append(encSessionKeyString); + sb.append(encSessionKeyString); sb.append("&kek_wrapped_desKey="); sb.append(kek_wrapped_desKeyString); - sb.append("&keycheck="); + sb.append("&keycheck="); sb.append(keycheck_s); sb.append("&drm_trans_wrapped_desKey="); sb.append(drm_trans_wrapped_desKeyString); @@ -722,19 +691,19 @@ public class TokenServlet extends CMSServlet { sb.append("status=0&"); sb.append("sessionKey="); sb.append(outputString); - sb.append("&hostCryptogram="); - sb.append(cryptogram); + sb.append("&hostCryptogram="); + sb.append(cryptogram); sb.append("&encSessionKey="); sb.append(encSessionKeyString); value = sb.toString(); } } - CMS.debug("TokenServlet:outputString.encode " +value); + CMS.debug("TokenServlet:outputString.encode " + value); - try{ + try { resp.setContentLength(value.length()); - CMS.debug("TokenServlet:outputString.length " +value.length()); + CMS.debug("TokenServlet:outputString.length " + value.length()); OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -742,65 +711,65 @@ public class TokenServlet extends CMSServlet { } catch (IOException e) { CMS.debug("TokenServlet: " + e.toString()); } - - if(status.equals("0")) { - auditMessage = CMS.getLogMessage( + if (status.equals("0")) { + + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, rCUID, ILogger.SUCCESS, status, agentId, - isCryptoValidate? "true":"false", - serversideKeygen? "true":"false", + isCryptoValidate ? "true" : "false", + serversideKeygen ? "true" : "false", selectedToken, keyNickName); } else { - auditMessage = CMS.getLogMessage( + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE, rCUID, ILogger.FAILURE, status, agentId, - isCryptoValidate? "true":"false", - serversideKeygen? "true":"false", + isCryptoValidate ? "true" : "false", + serversideKeygen ? "true" : "false", selectedToken, keyNickName, errorMsg); - } - + } + audit(auditMessage); } private void processDiversifyKey(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { - byte[] KeySetData,KeysValues,CUID,xCUID; - byte[] xkeyInfo,xnewkeyInfo; + HttpServletResponse resp) throws EBaseException { + byte[] KeySetData, KeysValues, CUID, xCUID; + byte[] xkeyInfo, xnewkeyInfo; boolean missingParam = false; String errorMsg = ""; String badParams = ""; IConfigStore sconfig = CMS.getConfigStore(); - String rnewKeyInfo = req.getParameter("newKeyInfo"); + String rnewKeyInfo = req.getParameter("newKeyInfo"); String newMasterKeyName = req.getParameter("newKeyInfo"); String oldMasterKeyName = req.getParameter("KeyInfo"); - String rCUID =req.getParameter("CUID"); - String auditMessage=""; + String rCUID = req.getParameter("CUID"); + String auditMessage = ""; String keySet = req.getParameter("keySet"); if (keySet == null || keySet.equals("")) { - keySet = "defKeySet"; + keySet = "defKeySet"; } CMS.debug("keySet selected: " + keySet); SessionContext sContext = SessionContext.getContext(); - String agentId=""; + String agentId = ""; if (sContext != null) { agentId = - (String) sContext.get(SessionContext.USER_ID); + (String) sContext.get(SessionContext.USER_ID); } auditMessage = CMS.getLogMessage( @@ -813,7 +782,6 @@ public class TokenServlet extends CMSServlet { audit(auditMessage); - if ((rCUID == null) || (rCUID.equals(""))) { badParams += " CUID,"; CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: CUID"); @@ -824,130 +792,130 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: newKeyInfo"); missingParam = true; } - if ((oldMasterKeyName == null) || (oldMasterKeyName.equals(""))){ + if ((oldMasterKeyName == null) || (oldMasterKeyName.equals(""))) { badParams += " KeyInfo,"; CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: KeyInfo"); missingParam = true; } if (!missingParam) { - xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(oldMasterKeyName); - if (xkeyInfo == null || xkeyInfo.length != 2) { - badParams += " KeyInfo length,"; - CMS.debug("TokenServlet: Invalid key info length"); - missingParam = true; - } - xnewkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(newMasterKeyName); - if (xnewkeyInfo == null || xnewkeyInfo.length != 2) { - badParams += " NewKeyInfo length,"; - CMS.debug("TokenServlet: Invalid new key info length"); - missingParam = true; - } - } + xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(oldMasterKeyName); + if (xkeyInfo == null || xkeyInfo.length != 2) { + badParams += " KeyInfo length,"; + CMS.debug("TokenServlet: Invalid key info length"); + missingParam = true; + } + xnewkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(newMasterKeyName); + if (xnewkeyInfo == null || xnewkeyInfo.length != 2) { + badParams += " NewKeyInfo length,"; + CMS.debug("TokenServlet: Invalid new key info length"); + missingParam = true; + } + } String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true"); - if (!useSoftToken_s.equalsIgnoreCase("true")) - useSoftToken_s = "false"; + if (!useSoftToken_s.equalsIgnoreCase("true")) + useSoftToken_s = "false"; KeySetData = null; String outputString = null; if (!missingParam) { - xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); - if (xCUID == null || xCUID.length != 10) { - badParams += " CUID length,"; - CMS.debug("TokenServlet: Invalid CUID length"); - missingParam = true; - } - } + xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + if (xCUID == null || xCUID.length != 10) { + badParams += " CUID length,"; + CMS.debug("TokenServlet: Invalid CUID length"); + missingParam = true; + } + } if (!missingParam) { - CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); - - if (mKeyNickName!=null) - oldMasterKeyName = mKeyNickName; - if (mNewKeyNickName!=null) - newMasterKeyName = mNewKeyNickName; - - String oldKeyInfoMap = "tks." + keySet + ".mk_mappings." + req.getParameter("KeyInfo"); //#xx#xx - String oldMappingValue = CMS.getConfigStore().getString(oldKeyInfoMap, null); - String oldSelectedToken = null; - String oldKeyNickName = null; - if (oldMappingValue == null) { - oldSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); - oldKeyNickName = req.getParameter("KeyInfo"); - } else { - StringTokenizer st = new StringTokenizer(oldMappingValue, ":"); - oldSelectedToken = st.nextToken(); - oldKeyNickName = st.nextToken(); - } - - String newKeyInfoMap = "tks.mk_mappings." + rnewKeyInfo; //#xx#xx - String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null); - String newSelectedToken = null; - String newKeyNickName = null; - if (newMappingValue == null) { - newSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); - newKeyNickName = rnewKeyInfo; - } else { - StringTokenizer st = new StringTokenizer(newMappingValue, ":"); - newSelectedToken = st.nextToken(); - newKeyNickName = st.nextToken(); - } - - CMS.debug("process DiversifyKey for oldSelectedToke="+ - oldSelectedToken + " newSelectedToken=" + newSelectedToken + - " oldKeyNickName=" + oldKeyNickName + " newKeyNickName=" + - newKeyNickName); - - byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); - KeySetData = SessionKey.DiversifyKey(oldSelectedToken, + CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + + if (mKeyNickName != null) + oldMasterKeyName = mKeyNickName; + if (mNewKeyNickName != null) + newMasterKeyName = mNewKeyNickName; + + String oldKeyInfoMap = "tks." + keySet + ".mk_mappings." + req.getParameter("KeyInfo"); // #xx#xx + String oldMappingValue = CMS.getConfigStore().getString(oldKeyInfoMap, null); + String oldSelectedToken = null; + String oldKeyNickName = null; + if (oldMappingValue == null) { + oldSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); + oldKeyNickName = req.getParameter("KeyInfo"); + } else { + StringTokenizer st = new StringTokenizer(oldMappingValue, ":"); + oldSelectedToken = st.nextToken(); + oldKeyNickName = st.nextToken(); + } + + String newKeyInfoMap = "tks.mk_mappings." + rnewKeyInfo; // #xx#xx + String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null); + String newSelectedToken = null; + String newKeyNickName = null; + if (newMappingValue == null) { + newSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); + newKeyNickName = rnewKeyInfo; + } else { + StringTokenizer st = new StringTokenizer(newMappingValue, ":"); + newSelectedToken = st.nextToken(); + newKeyNickName = st.nextToken(); + } + + CMS.debug("process DiversifyKey for oldSelectedToke=" + + oldSelectedToken + " newSelectedToken=" + newSelectedToken + + " oldKeyNickName=" + oldKeyNickName + " newKeyNickName=" + + newKeyNickName); + + byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); + KeySetData = SessionKey.DiversifyKey(oldSelectedToken, newSelectedToken, oldKeyNickName, - newKeyNickName,rnewKeyInfo,CUID, kekKeyArray, useSoftToken_s, keySet); - - if (KeySetData == null || KeySetData.length<=1) { - CMS.getLogger().log(ILogger.EV_AUDIT, - ILogger.S_TKS, - ILogger.LL_INFO,"process DiversifyKey: Missing MasterKey in Slot"); - } - - CMS.getLogger().log(ILogger.EV_AUDIT, - ILogger.S_TKS, - ILogger.LL_INFO,"process DiversifyKey for CUID ="+ trim(pp.toHexString(CUID)) - + ";from oldMasterKeyName="+oldSelectedToken + ":" + oldKeyNickName - +";to newMasterKeyName="+newSelectedToken + ":" + newKeyNickName); - - resp.setContentType("text/html"); - - if (KeySetData != null) { - outputString = new String(KeySetData); - } + newKeyNickName, rnewKeyInfo, CUID, kekKeyArray, useSoftToken_s, keySet); + + if (KeySetData == null || KeySetData.length <= 1) { + CMS.getLogger().log(ILogger.EV_AUDIT, + ILogger.S_TKS, + ILogger.LL_INFO, "process DiversifyKey: Missing MasterKey in Slot"); + } + + CMS.getLogger().log(ILogger.EV_AUDIT, + ILogger.S_TKS, + ILogger.LL_INFO, "process DiversifyKey for CUID =" + trim(pp.toHexString(CUID)) + + ";from oldMasterKeyName=" + oldSelectedToken + ":" + oldKeyNickName + + ";to newMasterKeyName=" + newSelectedToken + ":" + newKeyNickName); + + resp.setContentType("text/html"); + + if (KeySetData != null) { + outputString = new String(KeySetData); + } } // ! missingParam - //CMS.debug("TokenServlet:processDiversifyKey " +outputString); - //String value="keySetData=%00" if the KeySetData=byte[0]=0; + // CMS.debug("TokenServlet:processDiversifyKey " +outputString); + // String value="keySetData=%00" if the KeySetData=byte[0]=0; String value = ""; String status = "0"; if (KeySetData != null && KeySetData.length > 1) { - value = "status=0&"+"keySetData=" + + value = "status=0&" + "keySetData=" + com.netscape.cmsutil.util.Utils.SpecialEncode(KeySetData); - CMS.debug("TokenServlet:process DiversifyKey.encode " +value); + CMS.debug("TokenServlet:process DiversifyKey.encode " + value); } else if (missingParam) { status = "3"; - if(badParams.endsWith(",")) { - badParams = badParams.substring(0,badParams.length() -1); + if (badParams.endsWith(",")) { + badParams = badParams.substring(0, badParams.length() - 1); } errorMsg = "Missing input parameters: " + badParams; value = "status=" + status; - } else { + } else { errorMsg = "Problem diversifying key data."; status = "1"; value = "status=" + status; } resp.setContentLength(value.length()); - CMS.debug("TokenServlet:outputString.length " +value.length()); + CMS.debug("TokenServlet:outputString.length " + value.length()); - try{ + try { OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -956,9 +924,9 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet:process DiversifyKey: " + e.toString()); } - if(status.equals("0")) { + if (status.equals("0")) { - auditMessage = CMS.getLogMessage( + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, rCUID, ILogger.SUCCESS, @@ -969,7 +937,7 @@ public class TokenServlet extends CMSServlet { } else { - auditMessage = CMS.getLogMessage( + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE, rCUID, ILogger.FAILURE, @@ -978,13 +946,13 @@ public class TokenServlet extends CMSServlet { oldMasterKeyName, newMasterKeyName, errorMsg); - } + } - audit(auditMessage); + audit(auditMessage); } private void processEncryptData(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { + HttpServletResponse resp) throws EBaseException { byte[] keyInfo, CUID, xCUID, encryptedData, xkeyInfo; boolean missingParam = false; byte[] data = null; @@ -1004,10 +972,10 @@ public class TokenServlet extends CMSServlet { SessionContext sContext = SessionContext.getContext(); - String agentId=""; + String agentId = ""; if (sContext != null) { agentId = - (String) sContext.get(SessionContext.USER_ID); + (String) sContext.get(SessionContext.USER_ID); } CMS.debug("keySet selected: " + keySet); @@ -1032,20 +1000,20 @@ public class TokenServlet extends CMSServlet { if (isRandom) { if ((rdata == null) || (rdata.equals(""))) { - CMS.debug("TokenServlet: processEncryptData(): no data in request. Generating random number as data"); + CMS.debug("TokenServlet: processEncryptData(): no data in request. Generating random number as data"); } else { - CMS.debug("TokenServlet: processEncryptData(): contain data in request, however, random generation on TKS is required. Generating..."); + CMS.debug("TokenServlet: processEncryptData(): contain data in request, however, random generation on TKS is required. Generating..."); } try { - SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); - data = new byte[16]; - random.nextBytes(data); + SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); + data = new byte[16]; + random.nextBytes(data); } catch (Exception e) { - CMS.debug("TokenServlet: processEncryptData():"+ e.toString()); - badParams += " Random Number,"; - missingParam = true; + CMS.debug("TokenServlet: processEncryptData():" + e.toString()); + badParams += " Random Number,"; + missingParam = true; } - } else if ((!isRandom) && (((rdata == null) || (rdata.equals(""))))){ + } else if ((!isRandom) && (((rdata == null) || (rdata.equals(""))))) { CMS.debug("TokenServlet: processEncryptData(): missing request parameter: data."); badParams += " data,"; missingParam = true; @@ -1056,75 +1024,74 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet: processEncryptData(): missing request parameter: CUID"); missingParam = true; } - + if ((rKeyInfo == null) || (rKeyInfo.equals(""))) { badParams += " KeyInfo,"; CMS.debug("TokenServlet: processEncryptData(): missing request parameter: key info"); missingParam = true; } - if (!missingParam) { - xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); - if (xCUID == null || xCUID.length != 10) { - badParams += " CUID length,"; - CMS.debug("TokenServlet: Invalid CUID length"); - missingParam = true; - } - xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); - if (xkeyInfo == null || xkeyInfo.length != 2) { - badParams += " KeyInfo length,"; - CMS.debug("TokenServlet: Invalid key info length"); - missingParam = true; - } + xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + if (xCUID == null || xCUID.length != 10) { + badParams += " CUID length,"; + CMS.debug("TokenServlet: Invalid CUID length"); + missingParam = true; + } + xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); + if (xkeyInfo == null || xkeyInfo.length != 2) { + badParams += " KeyInfo length,"; + CMS.debug("TokenServlet: Invalid key info length"); + missingParam = true; + } } - String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken","true"); - if (!useSoftToken_s.equalsIgnoreCase("true")) - useSoftToken_s = "false"; + String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true"); + if (!useSoftToken_s.equalsIgnoreCase("true")) + useSoftToken_s = "false"; String selectedToken = null; String keyNickName = null; if (!missingParam) { - if (!isRandom) - data = com.netscape.cmsutil.util.Utils.SpecialDecode(rdata); - keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); - CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); - - String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; - String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null); - if (mappingValue == null) { - selectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); - keyNickName = rKeyInfo; - } else { - StringTokenizer st = new StringTokenizer(mappingValue, ":"); - selectedToken = st.nextToken(); - keyNickName = st.nextToken(); - } - - byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); - encryptedData = SessionKey.EncryptData( - selectedToken,keyNickName,data,keyInfo,CUID, kekKeyArray, useSoftToken_s, keySet); - - CMS.getLogger().log(ILogger.EV_AUDIT, + if (!isRandom) + data = com.netscape.cmsutil.util.Utils.SpecialDecode(rdata); + keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); + CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + + String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; + String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null); + if (mappingValue == null) { + selectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); + keyNickName = rKeyInfo; + } else { + StringTokenizer st = new StringTokenizer(mappingValue, ":"); + selectedToken = st.nextToken(); + keyNickName = st.nextToken(); + } + + byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); + encryptedData = SessionKey.EncryptData( + selectedToken, keyNickName, data, keyInfo, CUID, kekKeyArray, useSoftToken_s, keySet); + + CMS.getLogger().log(ILogger.EV_AUDIT, ILogger.S_TKS, - ILogger.LL_INFO,"process EncryptData for CUID ="+ trim(pp.toHexString(CUID))); + ILogger.LL_INFO, "process EncryptData for CUID =" + trim(pp.toHexString(CUID))); } // !missingParam resp.setContentType("text/html"); - + String value = ""; - String status = "0"; - if (encryptedData != null && encryptedData.length > 0) { - String outputString = new String(encryptedData); + String status = "0"; + if (encryptedData != null && encryptedData.length > 0) { + String outputString = new String(encryptedData); // sending both the pre-encrypted and encrypted data back - value = "status=0&"+"data="+ - com.netscape.cmsutil.util.Utils.SpecialEncode(data)+ - "&encryptedData=" + + value = "status=0&" + "data=" + + com.netscape.cmsutil.util.Utils.SpecialEncode(data) + + "&encryptedData=" + com.netscape.cmsutil.util.Utils.SpecialEncode(encryptedData); } else if (missingParam) { - if(badParams.endsWith(",")) { - badParams = badParams.substring(0,badParams.length() -1); + if (badParams.endsWith(",")) { + badParams = badParams.substring(0, badParams.length() - 1); } errorMsg = "Missing input parameters: " + badParams; status = "3"; @@ -1135,12 +1102,12 @@ public class TokenServlet extends CMSServlet { value = "status=" + status; } - CMS.debug("TokenServlet:process EncryptData.encode " +value); + CMS.debug("TokenServlet:process EncryptData.encode " + value); try { resp.setContentLength(value.length()); - CMS.debug("TokenServlet:outputString.lenght " +value.length()); - + CMS.debug("TokenServlet:outputString.lenght " + value.length()); + OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -1149,9 +1116,9 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet: " + e.toString()); } - if(status.equals("0")) { + if (status.equals("0")) { - auditMessage = CMS.getLogMessage( + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS, rCUID, ILogger.SUCCESS, @@ -1163,7 +1130,7 @@ public class TokenServlet extends CMSServlet { } else { - auditMessage = CMS.getLogMessage( + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE, rCUID, ILogger.FAILURE, @@ -1173,30 +1140,24 @@ public class TokenServlet extends CMSServlet { selectedToken, keyNickName, errorMsg); - } + } - audit(auditMessage); + audit(auditMessage); } - /* - * For EncryptData: - * data=value1 - * CUID=value2 // missing from RA - * versionID=value3 // missing from RA - * - * For ComputeSession: - * card_challenge=value1 - * host_challenge=value2 - - * For DiversifyKey: - * new_master_key_index - * master_key_index + /* + * For EncryptData: data=value1 CUID=value2 // missing from RA + * versionID=value3 // missing from RA + * + * For ComputeSession: card_challenge=value1 host_challenge=value2 + * + * For DiversifyKey: new_master_key_index master_key_index */ private void processComputeRandomData(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { - - byte[] randomData = null; + HttpServletResponse resp) throws EBaseException { + + byte[] randomData = null; String status = "0"; String errorMsg = ""; String badParams = ""; @@ -1207,26 +1168,23 @@ public class TokenServlet extends CMSServlet { SessionContext sContext = SessionContext.getContext(); - String agentId=""; + String agentId = ""; if (sContext != null) { agentId = - (String) sContext.get(SessionContext.USER_ID); + (String) sContext.get(SessionContext.USER_ID); } String sDataSize = req.getParameter("dataNumBytes"); - if(sDataSize == null || sDataSize.equals("")) { + if (sDataSize == null || sDataSize.equals("")) { CMS.debug("TokenServlet::processComputeRandomData missing param dataNumBytes"); badParams += " Random Data size, "; missingParam = true; status = "1"; } else { - try - { - dataSize = Integer.parseInt(sDataSize.trim()); - } - catch (NumberFormatException nfe) - { + try { + dataSize = Integer.parseInt(sDataSize.trim()); + } catch (NumberFormatException nfe) { CMS.debug("TokenServlet::processComputeRandomData invalid data size input!"); badParams += " Random Data size, "; missingParam = true; @@ -1244,33 +1202,33 @@ public class TokenServlet extends CMSServlet { audit(auditMessage); - if(!missingParam) { + if (!missingParam) { try { - SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); - randomData = new byte[dataSize]; - random.nextBytes(randomData); - } catch (Exception e) { - CMS.debug("TokenServlet::processComputeRandomData:"+ e.toString()); - errorMsg = "Can't generate random data!"; - status = "2"; + SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); + randomData = new byte[dataSize]; + random.nextBytes(randomData); + } catch (Exception e) { + CMS.debug("TokenServlet::processComputeRandomData:" + e.toString()); + errorMsg = "Can't generate random data!"; + status = "2"; } } String randomDataOut = ""; - if(status.equals("0")) { + if (status.equals("0")) { if (randomData != null && randomData.length == dataSize) { randomDataOut = - com.netscape.cmsutil.util.Utils.SpecialEncode(randomData); + com.netscape.cmsutil.util.Utils.SpecialEncode(randomData); } else { status = "2"; errorMsg = "Can't convert random data!"; } } - if(status.equals("1") && missingParam) { + if (status.equals("1") && missingParam) { - if(badParams.endsWith(",")) { - badParams = badParams.substring(0,badParams.length() -1); + if (badParams.endsWith(",")) { + badParams = badParams.substring(0, badParams.length() - 1); } errorMsg = "Missing input parameters :" + badParams; } @@ -1278,15 +1236,15 @@ public class TokenServlet extends CMSServlet { resp.setContentType("text/html"); String value = ""; - value = "status="+status; - if(status.equals("0")) { - value = value + "&DATA="+randomDataOut; + value = "status=" + status; + if (status.equals("0")) { + value = value + "&DATA=" + randomDataOut; } - + try { resp.setContentLength(value.length()); - CMS.debug("TokenServler::processComputeRandomData :outputString.length " +value.length()); - + CMS.debug("TokenServler::processComputeRandomData :outputString.length " + value.length()); + OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -1295,22 +1253,22 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet::processComputeRandomData " + e.toString()); } - if(status.equals("0")) { + if (status.equals("0")) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS, ILogger.SUCCESS, status, agentId); - } else { - auditMessage = CMS.getLogMessage( + } else { + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE, ILogger.FAILURE, status, agentId, errorMsg); - } + } - audit(auditMessage); + audit(auditMessage); } public void process(CMSRequest cmsReq) throws EBaseException { @@ -1328,7 +1286,7 @@ public class TokenServlet extends CMSServlet { if (authzToken == null) { - try{ + try { resp.setContentType("text/html"); String value = "unauthorized="; CMS.debug("TokenServlet: Unauthorized"); @@ -1338,37 +1296,36 @@ public class TokenServlet extends CMSServlet { ooss.write(value.getBytes()); ooss.flush(); mRenderResult = false; - }catch (Exception e) { + } catch (Exception e) { CMS.debug("TokenServlet: " + e.toString()); } - // cmsReq.setStatus(CMSRequest.UNAUTHORIZED); + // cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } String temp = req.getParameter("card_challenge"); mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot"); setDefaultSlotAndKeyName(req); - if(temp!=null) - { - processComputeSessionKey(req,resp); - }else if(req.getParameter("data")!=null){ - processEncryptData(req,resp); - }else if(req.getParameter("newKeyInfo")!=null){ - processDiversifyKey(req,resp); - }else if(req.getParameter("dataNumBytes") !=null){ - processComputeRandomData(req,resp); + if (temp != null) { + processComputeSessionKey(req, resp); + } else if (req.getParameter("data") != null) { + processEncryptData(req, resp); + } else if (req.getParameter("newKeyInfo") != null) { + processDiversifyKey(req, resp); + } else if (req.getParameter("dataNumBytes") != null) { + processComputeRandomData(req, resp); } } /** * Serves HTTP admin request. - * + * * @param req HTTP request * @param resp HTTP response */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); diff --git a/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java b/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java index 9d67065d..d9d3ddec 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java @@ -33,10 +33,10 @@ public interface IWizardPanel { /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) + public void init(ServletConfig config, int panelno) throws ServletException; - public void init(WizardServlet servlet, ServletConfig config, + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) throws ServletException; public String getName(); @@ -44,7 +44,9 @@ public interface IWizardPanel { public int getPanelNo(); public void setId(String id); + public String getId(); + public PropertySet getUsage(); /** @@ -84,20 +86,22 @@ public interface IWizardPanel { */ public void display(HttpServletRequest request, HttpServletResponse response, - Context context ); + Context context); + /** * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, HttpServletResponse response, - Context context ) throws IOException; + Context context) throws IOException; /** * Commit parameter changes */ public void update(HttpServletRequest request, HttpServletResponse response, - Context context ) throws IOException; + Context context) throws IOException; + /** * If validiate() returns false, this method will be called. */ diff --git a/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java b/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java index 691d3e98..5c14fcf0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java @@ -37,13 +37,10 @@ import com.netscape.cms.servlet.csadmin.Cert; import com.netscape.cmsutil.crypto.Module; /** - * wizard?p=[panel number]&op=usage <= usage in xml - * wizard?p=[panel number]&op=display - * wizard?p=[panel number]&op=next&...[additional parameters]... - * wizard?p=[panel number]&op=apply - * wizard?p=[panel number]&op=back - * wizard?op=menu - * return menu options + * wizard?p=[panel number]&op=usage <= usage in xml wizard?p=[panel + * number]&op=display wizard?p=[panel number]&op=next&...[additional + * parameters]... wizard?p=[panel number]&op=apply wizard?p=[panel + * number]&op=back wizard?op=menu return menu options */ public class WizardServlet extends VelocityServlet { @@ -54,8 +51,7 @@ public class WizardServlet extends VelocityServlet { private String name = null; private Vector mPanels = new Vector(); - public void init(ServletConfig config) throws ServletException - { + public void init(ServletConfig config) throws ServletException { super.init(config); /* load sequence map */ @@ -64,33 +60,32 @@ public class WizardServlet extends VelocityServlet { StringTokenizer st = new StringTokenizer(panels, ","); int pno = 0; while (st.hasMoreTokens()) { - String p = st.nextToken(); - StringTokenizer st1 = new StringTokenizer(p, "="); - String id = st1.nextToken(); - String pvalue = st1.nextToken(); - try { - IWizardPanel panel = (IWizardPanel)Class.forName(pvalue).newInstance(); - panel.init(this, config, pno, id); - CMS.debug("WizardServlet: panel name=" + panel.getName()); - mPanels.addElement(panel); - } catch (Exception e) { - CMS.debug("WizardServlet: " + e.toString()); - } - pno++; + String p = st.nextToken(); + StringTokenizer st1 = new StringTokenizer(p, "="); + String id = st1.nextToken(); + String pvalue = st1.nextToken(); + try { + IWizardPanel panel = (IWizardPanel) Class.forName(pvalue).newInstance(); + panel.init(this, config, pno, id); + CMS.debug("WizardServlet: panel name=" + panel.getName()); + mPanels.addElement(panel); + } catch (Exception e) { + CMS.debug("WizardServlet: " + e.toString()); + } + pno++; } CMS.debug("WizardServlet: done"); - + } public void exposePanels(HttpServletRequest request, HttpServletResponse response, - Context context ) - { + Context context) { Enumeration e = mPanels.elements(); Vector panels = new Vector(); while (e.hasMoreElements()) { - IWizardPanel p = (IWizardPanel)e.nextElement(); - panels.addElement(p); + IWizardPanel p = (IWizardPanel) e.nextElement(); + panels.addElement(p); } context.put("panels", panels); } @@ -98,84 +93,80 @@ public class WizardServlet extends VelocityServlet { /** * Cleans up panels from a particular panel. */ - public void cleanUpFromPanel(int pno) throws IOException - { - /* panel number starts from zero */ - int s = mPanels.size(); - for (int i = pno; i < s; i++) { - IWizardPanel panel = (IWizardPanel)mPanels.elementAt(i); - panel.cleanUp(); - } + public void cleanUpFromPanel(int pno) throws IOException { + /* panel number starts from zero */ + int s = mPanels.size(); + for (int i = pno; i < s; i++) { + IWizardPanel panel = (IWizardPanel) mPanels.elementAt(i); + panel.cleanUp(); + } } - public IWizardPanel getPanelByNo(int p) - { - IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p); + public IWizardPanel getPanelByNo(int p) { + IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p); if (panel.shouldSkip()) { - panel = getPanelByNo(p+1); + panel = getPanelByNo(p + 1); } return panel; } public Template displayPanel(HttpServletRequest request, HttpServletResponse response, - Context context ) - { + Context context) { CMS.debug("WizardServlet: in display"); int p = getPanelNo(request); if (p == 0) { - CMS.debug("WizardServlet: firstpanel"); - context.put("firstpanel", Boolean.TRUE); + CMS.debug("WizardServlet: firstpanel"); + context.put("firstpanel", Boolean.TRUE); } if (p == (mPanels.size() - 1)) { - CMS.debug("WizardServlet: lastpanel"); - context.put("lastpanel", Boolean.TRUE); + CMS.debug("WizardServlet: lastpanel"); + context.put("lastpanel", Boolean.TRUE); } IWizardPanel panel = getPanelByNo(p); CMS.debug("WizardServlet: panel=" + panel); if (panel.showApplyButton() == true) - context.put("showApplyButton", Boolean.TRUE); + context.put("showApplyButton", Boolean.TRUE); else - context.put("showApplyButton", Boolean.FALSE); + context.put("showApplyButton", Boolean.FALSE); panel.display(request, response, context); context.put("p", Integer.toString(panel.getPanelNo())); try { return Velocity.getTemplate("admin/console/config/wizard.vm"); - } catch (Exception e) { + } catch (Exception e) { } return null; } - public String xml_value_flatten(Object v) - { + public String xml_value_flatten(Object v) { String ret = ""; if (v instanceof String) { ret += v; } else if (v instanceof Integer) { - ret += ((Integer)v).toString(); + ret += ((Integer) v).toString(); } else if (v instanceof Vector) { ret += "<Vector>"; - Vector v1 = (Vector)v; + Vector v1 = (Vector) v; Enumeration e = v1.elements(); StringBuffer sb = new StringBuffer(); while (e.hasMoreElements()) { - sb.append(xml_value_flatten(e.nextElement())); + sb.append(xml_value_flatten(e.nextElement())); } ret += sb.toString(); ret += "</Vector>"; } else if (v instanceof Module) { // for hardware token - Module m = (Module)v; + Module m = (Module) v; ret += "<Module>"; ret += "<CommonName>" + m.getCommonName() + "</CommonName>"; ret += "<UserFriendlyName>" + m.getUserFriendlyName() + "</UserFriendlyName>"; ret += "<ImagePath>" + m.getImagePath() + "</ImagePath>"; ret += "</Module>"; } else if (v instanceof Cert) { - Cert m = (Cert)v; + Cert m = (Cert) v; ret += "<CertReqPair>"; ret += "<Nickname>" + m.getNickname() + "</Nickname>"; ret += "<Tokenname>" + m.getTokenname() + "</Tokenname>"; @@ -187,7 +178,7 @@ public class WizardServlet extends VelocityServlet { ret += "<KeyOption>" + m.getKeyOption() + "</KeyOption>"; ret += "</CertReqPair>"; } else if (v instanceof IWizardPanel) { - IWizardPanel m = (IWizardPanel)v; + IWizardPanel m = (IWizardPanel) v; ret += "<Panel>"; ret += "<Id>" + m.getId() + "</Id>"; ret += "<Name>" + m.getName() + "</Name>"; @@ -198,89 +189,84 @@ public class WizardServlet extends VelocityServlet { return ret; } - public String xml_flatten(Context context) - { + public String xml_flatten(Context context) { StringBuffer ret = new StringBuffer(); - Object o[] = context.getKeys(); - for (int i = 0; i < o.length; i ++) { - if (o[i] instanceof String) { - String key = (String)o[i]; - if (key.startsWith("__")) { - continue; - } - ret.append("<"); - ret.append(key); - ret.append(">"); - if (key.equals("bindpwd")) { - ret.append("(sensitive)"); - } else { - Object v = context.get(key); - ret.append(xml_value_flatten(v)); + Object o[] = context.getKeys(); + for (int i = 0; i < o.length; i++) { + if (o[i] instanceof String) { + String key = (String) o[i]; + if (key.startsWith("__")) { + continue; + } + ret.append("<"); + ret.append(key); + ret.append(">"); + if (key.equals("bindpwd")) { + ret.append("(sensitive)"); + } else { + Object v = context.get(key); + ret.append(xml_value_flatten(v)); + } + ret.append("</"); + ret.append(key); + ret.append(">"); } - ret.append("</"); - ret.append(key); - ret.append(">"); - } } return ret.toString(); } - public int getPanelNo(HttpServletRequest request) - { + public int getPanelNo(HttpServletRequest request) { int p = 0; - - // panel number can be identified by either - // panel no (p parameter) directly, or - // panel name (panelname parameter). + + // panel number can be identified by either + // panel no (p parameter) directly, or + // panel name (panelname parameter). if (request.getParameter("panelname") != null) { - String name = request.getParameter("panelname"); - for (int i = 0; i < mPanels.size(); i++) { - IWizardPanel panel = (IWizardPanel)mPanels.elementAt(i); - if (panel.getId().equals(name)) { - return i; + String name = request.getParameter("panelname"); + for (int i = 0; i < mPanels.size(); i++) { + IWizardPanel panel = (IWizardPanel) mPanels.elementAt(i); + if (panel.getId().equals(name)) { + return i; + } } - } } else if (request.getParameter("p") != null) { - p = Integer.parseInt(request.getParameter("p")); + p = Integer.parseInt(request.getParameter("p")); } return p; } - public String getNameFromPanelNo(int p) - { - IWizardPanel wp = (IWizardPanel)mPanels.elementAt(p); - return wp.getId(); + public String getNameFromPanelNo(int p) { + IWizardPanel wp = (IWizardPanel) mPanels.elementAt(p); + return wp.getId(); } - public IWizardPanel getPreviousPanel(int p) - { + public IWizardPanel getPreviousPanel(int p) { CMS.debug("getPreviousPanel input p=" + p); - IWizardPanel backpanel = (IWizardPanel)mPanels.elementAt(p-1); + IWizardPanel backpanel = (IWizardPanel) mPanels.elementAt(p - 1); if (backpanel.isSubPanel()) { - backpanel = (IWizardPanel)mPanels.elementAt(p-1-1); + backpanel = (IWizardPanel) mPanels.elementAt(p - 1 - 1); } while (backpanel.shouldSkip()) { - backpanel = (IWizardPanel) + backpanel = (IWizardPanel) mPanels.elementAt(backpanel.getPanelNo() - 1); } CMS.debug("getPreviousPanel output p=" + backpanel.getPanelNo()); return backpanel; } - public IWizardPanel getNextPanel(int p) - { + public IWizardPanel getNextPanel(int p) { CMS.debug("getNextPanel input p=" + p); - IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p); + IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p); if (p == (mPanels.size() - 1)) { p = p; - } else if(panel.isSubPanel()) { - if (panel.isLoopbackPanel()) { - p = p-1; // Login Panel is a loop back panel - } else { - p = p+1; - } - } else if (panel.hasSubPanel()) { - p = p + 2; + } else if (panel.isSubPanel()) { + if (panel.isLoopbackPanel()) { + p = p - 1; // Login Panel is a loop back panel + } else { + p = p + 1; + } + } else if (panel.hasSubPanel()) { + p = p + 2; } else { p = p + 1; } @@ -291,190 +277,183 @@ public class WizardServlet extends VelocityServlet { public Template goApply(HttpServletRequest request, HttpServletResponse response, - Context context) - { + Context context) { return goNextApply(request, response, context, true); } public Template goNext(HttpServletRequest request, HttpServletResponse response, - Context context ) - { + Context context) { return goNextApply(request, response, context, false); } /* - * The parameter "stay" is used to indicate "apply" without - * moving to the next panel + * The parameter "stay" is used to indicate "apply" without moving to the + * next panel */ public Template goNextApply(HttpServletRequest request, HttpServletResponse response, - Context context, boolean stay ) - { + Context context, boolean stay) { int p = getPanelNo(request); if (stay == true) CMS.debug("WizardServlet: in reply " + p); else CMS.debug("WizardServlet: in next " + p); - IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p); + IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p); try { - panel.validate(request, response, context); - try { - panel.update(request, response, context); - if (stay == true) { // "apply" - - if (panel.showApplyButton() == true) - context.put("showApplyButton", Boolean.TRUE); - else - context.put("showApplyButton", Boolean.FALSE); - panel.display(request, response, context); - } else { // "next" - IWizardPanel nextpanel = getNextPanel(p); - - if (nextpanel.showApplyButton() == true) - context.put("showApplyButton", Boolean.TRUE); - else - context.put("showApplyButton", Boolean.FALSE); - nextpanel.display(request, response, context); - panel = nextpanel; + panel.validate(request, response, context); + try { + panel.update(request, response, context); + if (stay == true) { // "apply" + + if (panel.showApplyButton() == true) + context.put("showApplyButton", Boolean.TRUE); + else + context.put("showApplyButton", Boolean.FALSE); + panel.display(request, response, context); + } else { // "next" + IWizardPanel nextpanel = getNextPanel(p); + + if (nextpanel.showApplyButton() == true) + context.put("showApplyButton", Boolean.TRUE); + else + context.put("showApplyButton", Boolean.FALSE); + nextpanel.display(request, response, context); + panel = nextpanel; + } + context.put("errorString", ""); + } catch (Exception e) { + context.put("errorString", e.getMessage()); + panel.displayError(request, response, context); } - context.put("errorString", ""); - } catch (Exception e) { - context.put("errorString", e.getMessage()); - panel.displayError(request, response, context); - } } catch (IOException eee) { - context.put("errorString", eee.getMessage()); - panel.displayError(request, response, context); + context.put("errorString", eee.getMessage()); + panel.displayError(request, response, context); } p = panel.getPanelNo(); CMS.debug("panel no=" + p); CMS.debug("panel name=" + getNameFromPanelNo(p)); - CMS.debug("total number of panels="+mPanels.size()); + CMS.debug("total number of panels=" + mPanels.size()); context.put("p", Integer.toString(p)); context.put("panelname", getNameFromPanelNo(p)); if (p == 0) { - CMS.debug("WizardServlet: firstpanel"); - context.put("firstpanel", Boolean.TRUE); + CMS.debug("WizardServlet: firstpanel"); + context.put("firstpanel", Boolean.TRUE); } if (p == (mPanels.size() - 1)) { - CMS.debug("WizardServlet: lastpanel"); - context.put("lastpanel", Boolean.TRUE); + CMS.debug("WizardServlet: lastpanel"); + context.put("lastpanel", Boolean.TRUE); } // this is where we handle the xml request String xml = request.getParameter("xml"); if (xml != null && xml.equals("true")) { - CMS.debug("WizardServlet: found xml"); - - response.setContentType("application/xml"); - String xmlstr = xml_flatten(context); - context.put("xml", xmlstr); - try { - return Velocity.getTemplate("admin/console/config/xml.vm"); - } catch (Exception e) { - CMS.debug("Failing to get template" + e ); - } + CMS.debug("WizardServlet: found xml"); + + response.setContentType("application/xml"); + String xmlstr = xml_flatten(context); + context.put("xml", xmlstr); + try { + return Velocity.getTemplate("admin/console/config/xml.vm"); + } catch (Exception e) { + CMS.debug("Failing to get template" + e); + } } else { - try { - return Velocity.getTemplate("admin/console/config/wizard.vm"); - } catch (Exception e) { - CMS.debug("Failing to get template" + e ); - } + try { + return Velocity.getTemplate("admin/console/config/wizard.vm"); + } catch (Exception e) { + CMS.debug("Failing to get template" + e); + } } return null; } public Template goBack(HttpServletRequest request, HttpServletResponse response, - Context context ) - { + Context context) { int p = getPanelNo(request); CMS.debug("WizardServlet: in back " + p); IWizardPanel backpanel = getPreviousPanel(p); if (backpanel.showApplyButton() == true) - context.put("showApplyButton", Boolean.TRUE); + context.put("showApplyButton", Boolean.TRUE); else - context.put("showApplyButton", Boolean.FALSE); + context.put("showApplyButton", Boolean.FALSE); backpanel.display(request, response, context); - context.put("p", Integer.toString(backpanel.getPanelNo())); + context.put("p", Integer.toString(backpanel.getPanelNo())); context.put("panelname", getNameFromPanelNo(backpanel.getPanelNo())); p = backpanel.getPanelNo(); if (p == 0) { - CMS.debug("WizardServlet: firstpanel"); - context.put("firstpanel", Boolean.TRUE); + CMS.debug("WizardServlet: firstpanel"); + context.put("firstpanel", Boolean.TRUE); } if (p == (mPanels.size() - 1)) { - CMS.debug("WizardServlet: lastpanel"); - context.put("lastpanel", Boolean.TRUE); + CMS.debug("WizardServlet: lastpanel"); + context.put("lastpanel", Boolean.TRUE); } try { return Velocity.getTemplate("admin/console/config/wizard.vm"); - } catch (Exception e) { + } catch (Exception e) { } return null; } public boolean authenticate(HttpServletRequest request, HttpServletResponse response, - Context context ) { - String pin = (String)request.getSession().getAttribute("pin"); - if (pin == null) { - try { - response.sendRedirect("login"); - } catch (IOException e) { + Context context) { + String pin = (String) request.getSession().getAttribute("pin"); + if (pin == null) { + try { + response.sendRedirect("login"); + } catch (IOException e) { + } + return false; } - return false; - } - return true; + return true; } - public void outputHttpParameters(HttpServletRequest httpReq) - { + public void outputHttpParameters(HttpServletRequest httpReq) { CMS.debug("WizardServlet:service() uri = " + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { - String pn = (String)paramNames.nextElement(); + String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( pn.startsWith("__") || - pn.endsWith("password") || - pn.endsWith("passwd") || - pn.endsWith("pwd") || - pn.equalsIgnoreCase("admin_password_again") || - pn.equalsIgnoreCase("directoryManagerPwd") || - pn.equalsIgnoreCase("bindpassword") || - pn.equalsIgnoreCase("bindpwd") || - pn.equalsIgnoreCase("passwd") || - pn.equalsIgnoreCase("password") || - pn.equalsIgnoreCase("pin") || - pn.equalsIgnoreCase("pwd") || - pn.equalsIgnoreCase("pwdagain") || - pn.equalsIgnoreCase("uPasswd") ) { - CMS.debug("WizardServlet::service() param name='" + pn + - "' value='(sensitive)'" ); + if (pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("WizardServlet::service() param name='" + pn + + "' value='(sensitive)'"); } else { - CMS.debug("WizardServlet::service() param name='" + pn + - "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("WizardServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); } } } - public Template handleRequest(HttpServletRequest request, HttpServletResponse response, - Context context ) - { + Context context) { CMS.debug("WizardServlet: process"); - if (CMS.debugOn()) { - outputHttpParameters(request); + if (CMS.debugOn()) { + outputHttpParameters(request); } if (!authenticate(request, response, context)) { @@ -484,7 +463,7 @@ public class WizardServlet extends VelocityServlet { String op = request.getParameter("op"); /* operation */ if (op == null) { - op = "display"; + op = "display"; } CMS.debug("WizardServlet: op=" + op); CMS.debug("WizardServlet: size=" + mPanels.size()); diff --git a/pki/base/common/src/com/netscape/cms/shares/OldJoinShares.java b/pki/base/common/src/com/netscape/cms/shares/OldJoinShares.java index 0c4dade8..0377c2b3 100644 --- a/pki/base/common/src/com/netscape/cms/shares/OldJoinShares.java +++ b/pki/base/common/src/com/netscape/cms/shares/OldJoinShares.java @@ -23,9 +23,9 @@ import java.lang.reflect.Method; import com.netscape.certsrv.kra.IJoinShares; /** - * Use Java's reflection API to leverage CMS's - * old Share and JoinShares implementations. - * + * Use Java's reflection API to leverage CMS's old Share and JoinShares + * implementations. + * * @deprecated * @version $Revision$ $Date$ */ @@ -33,59 +33,54 @@ public class OldJoinShares implements IJoinShares { public Object mOldImpl = null; - public OldJoinShares() - { + public OldJoinShares() { } - public void initialize(int threshold) throws Exception - { - Class c = Class.forName("com.netscape.cmscore.shares.JoinShares"); - Class types[] = { int.class }; - Constructor con = c.getConstructor(types); - Object params[] = {Integer.valueOf(threshold)}; - mOldImpl = con.newInstance(params); + public void initialize(int threshold) throws Exception { + Class c = Class.forName("com.netscape.cmscore.shares.JoinShares"); + Class types[] = { int.class }; + Constructor con = c.getConstructor(types); + Object params[] = { Integer.valueOf(threshold) }; + mOldImpl = con.newInstance(params); } - public void addShare(int shareNum, byte[] share) - { - try { - Class types[] = { int.class, share.getClass() }; - Class c = mOldImpl.getClass(); - Method method = c.getMethod("addShare", types); - Object params[] = {Integer.valueOf(shareNum), share}; - method.invoke(mOldImpl, params); - } catch (Exception e) { - } + public void addShare(int shareNum, byte[] share) { + try { + Class types[] = { int.class, share.getClass() }; + Class c = mOldImpl.getClass(); + Method method = c.getMethod("addShare", types); + Object params[] = { Integer.valueOf(shareNum), share }; + method.invoke(mOldImpl, params); + } catch (Exception e) { + } } - public int getShareCount() - { - if (mOldImpl == null) - return -1; - try { - Class types[] = null; - Class c = mOldImpl.getClass(); - Method method = c.getMethod("getShareCount", types); - Object params[] = null; - Integer result = (Integer)method.invoke(mOldImpl, params); - return result.intValue(); - } catch (Exception e) { - return -1; - } + public int getShareCount() { + if (mOldImpl == null) + return -1; + try { + Class types[] = null; + Class c = mOldImpl.getClass(); + Method method = c.getMethod("getShareCount", types); + Object params[] = null; + Integer result = (Integer) method.invoke(mOldImpl, params); + return result.intValue(); + } catch (Exception e) { + return -1; + } } - public byte[] recoverSecret() - { - if (mOldImpl == null) - return null; - try { - Class types[] = null; - Class c = mOldImpl.getClass(); - Method method = c.getMethod("recoverSecret", types); - Object params[] = null; - return (byte[])method.invoke(mOldImpl, params); - } catch (Exception e) { - return null; - } + public byte[] recoverSecret() { + if (mOldImpl == null) + return null; + try { + Class types[] = null; + Class c = mOldImpl.getClass(); + Method method = c.getMethod("recoverSecret", types); + Object params[] = null; + return (byte[]) method.invoke(mOldImpl, params); + } catch (Exception e) { + return null; + } } } diff --git a/pki/base/common/src/com/netscape/cms/shares/OldShare.java b/pki/base/common/src/com/netscape/cms/shares/OldShare.java index 4e92f76a..cfd5c709 100644 --- a/pki/base/common/src/com/netscape/cms/shares/OldShare.java +++ b/pki/base/common/src/com/netscape/cms/shares/OldShare.java @@ -23,45 +23,41 @@ import java.lang.reflect.Method; import com.netscape.certsrv.kra.IShare; /** - * Use Java's reflection API to leverage CMS's - * old Share and JoinShares implementations. - * + * Use Java's reflection API to leverage CMS's old Share and JoinShares + * implementations. + * * @deprecated * @version $Revision$ $Date$ */ -public class OldShare implements IShare -{ +public class OldShare implements IShare { public Object mOldImpl = null; - public OldShare() - { + public OldShare() { } - public void initialize(byte[] secret, int threshold) throws Exception - { - try { - Class c = Class.forName("com.netscape.cmscore.shares.Share"); - Class types[] = { secret.getClass(), int.class }; - Constructor cs[] = c.getConstructors(); - Constructor con = c.getConstructor(types); - Object params[] = {secret, Integer.valueOf(threshold)}; - mOldImpl = con.newInstance(params); - } catch (Exception e) { - } + public void initialize(byte[] secret, int threshold) throws Exception { + try { + Class c = Class.forName("com.netscape.cmscore.shares.Share"); + Class types[] = { secret.getClass(), int.class }; + Constructor cs[] = c.getConstructors(); + Constructor con = c.getConstructor(types); + Object params[] = { secret, Integer.valueOf(threshold) }; + mOldImpl = con.newInstance(params); + } catch (Exception e) { + } } - public byte[] createShare(int sharenumber) - { - if (mOldImpl == null) - return null; - try { - Class types[] = { int.class }; - Class c = mOldImpl.getClass(); - Method method = c.getMethod("createShare", types); - Object params[] = {Integer.valueOf(sharenumber)}; - return (byte[])method.invoke(mOldImpl, params); - } catch (Exception e) { - return null; - } + public byte[] createShare(int sharenumber) { + if (mOldImpl == null) + return null; + try { + Class types[] = { int.class }; + Class c = mOldImpl.getClass(); + Method method = c.getMethod("createShare", types); + Object params[] = { Integer.valueOf(sharenumber) }; + return (byte[]) method.invoke(mOldImpl, params); + } catch (Exception e) { + return null; + } } } |