diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/cert')
13 files changed, 430 insertions, 448 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertDateCompare.java b/pki/base/common/src/com/netscape/cmscore/cert/CertDateCompare.java index ed20d76f..d8b29812 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CertDateCompare.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CertDateCompare.java @@ -17,16 +17,14 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import java.util.Comparator; import java.util.Date; import netscape.security.x509.X509CertImpl; - /** * Compares validity dates for use in sorting. - * + * * @author kanda * @version $Revision$, $Date$ */ @@ -44,11 +42,11 @@ public class CertDateCompare implements Comparator { } catch (Exception e) { e.printStackTrace(); } - if (d1 == d2) return 0; + if (d1 == d2) + return 0; if (d1.after(d2)) return 1; else return -1; } } - diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertPrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/CertPrettyPrint.java index 3168b92f..726fa5e1 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CertPrettyPrint.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CertPrettyPrint.java @@ -17,16 +17,14 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import java.security.cert.Certificate; import com.netscape.certsrv.base.ICertPrettyPrint; - /** * This class will display the certificate content in predefined * format. - * + * * @author Jack Pan-Chen * @version $Revision$, $Date$ */ diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java b/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java index 97db7921..72325db0 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; @@ -64,10 +63,10 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.osutil.OSUtil; /** - * Utility class with assorted methods to check for + * Utility class with assorted methods to check for * smime pairs, determining the type of cert - signature * or encryption ..etc. - * + * * @author kanda * @version $Revision$, $Date$ */ @@ -79,9 +78,9 @@ public class CertUtils { public static final String CERT_RENEWAL_HEADER = "-----BEGIN RENEWAL CERTIFICATE REQUEST-----"; public static final String CERT_RENEWAL_TRAILER = "-----END RENEWAL CERTIFICATE REQUEST-----"; public static final String BEGIN_CRL_HEADER = - "-----BEGIN CERTIFICATE REVOCATION LIST-----"; + "-----BEGIN CERTIFICATE REVOCATION LIST-----"; public static final String END_CRL_HEADER = - "-----END CERTIFICATE REVOCATION LIST-----"; + "-----END CERTIFICATE REVOCATION LIST-----"; protected static ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION = @@ -91,7 +90,7 @@ public class CertUtils { * Remove the header and footer in the PKCS10 request. */ public static String unwrapPKCS10(String request, boolean checkHeader) - throws EBaseException { + throws EBaseException { String unwrapped; String header = null; int head = -1; @@ -167,8 +166,8 @@ public class CertUtils { return pkcs10; } - public static void setRSAKeyToCertInfo(X509CertInfo info, - byte encoded[]) throws EBaseException { + public static void setRSAKeyToCertInfo(X509CertInfo info, + byte encoded[]) throws EBaseException { try { if (info == null) { throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_OPERATION")); @@ -183,20 +182,20 @@ public class CertUtils { } public static X509CertInfo createCertInfo(int ver, - BigInteger serialno, String alg, String issuerName, - Date notBefore, Date notAfter) throws EBaseException { + BigInteger serialno, String alg, String issuerName, + Date notBefore, Date notAfter) throws EBaseException { try { X509CertInfo info = new X509CertInfo(); info.set(X509CertInfo.VERSION, new CertificateVersion(ver)); - info.set(X509CertInfo.SERIAL_NUMBER, new - CertificateSerialNumber(serialno)); - info.set(X509CertInfo.ALGORITHM_ID, new - CertificateAlgorithmId(AlgorithmId.getAlgorithmId(alg))); - info.set(X509CertInfo.ISSUER, new - CertificateIssuerName(new X500Name(issuerName))); - info.set(X509CertInfo.VALIDITY, new - CertificateValidity(notBefore, notAfter)); + info.set(X509CertInfo.SERIAL_NUMBER, new + CertificateSerialNumber(serialno)); + info.set(X509CertInfo.ALGORITHM_ID, new + CertificateAlgorithmId(AlgorithmId.getAlgorithmId(alg))); + info.set(X509CertInfo.ISSUER, new + CertificateIssuerName(new X500Name(issuerName))); + info.set(X509CertInfo.VALIDITY, new + CertificateValidity(notBefore, notAfter)); return info; } catch (Exception e) { System.out.println(e.toString()); @@ -233,11 +232,12 @@ public class CertUtils { return false; else if (keyUsage.length == 3) return keyUsage[2]; - else return keyUsage[2] || keyUsage[3]; + else + return keyUsage[2] || keyUsage[3]; } public static boolean haveSameValidityPeriod(X509CertImpl cert1, - X509CertImpl cert2) { + X509CertImpl cert2) { long notBefDiff = 0; long notAfterDiff = 0; @@ -264,7 +264,7 @@ public class CertUtils { if (!sameSubjectDN(dn1, dn2)) return false; } - + // Check for the presence of signing and encryption certs. boolean hasSigningCert = isSigningCert(cert1) || isSigningCert(cert2); @@ -276,15 +276,15 @@ public class CertUtils { if (!hasEncryptionCert) return false; - // If both certs have signing & encryption usage set, they are - // not really pairs. + // If both certs have signing & encryption usage set, they are + // not really pairs. if ((isSigningCert(cert1) && isEncryptionCert(cert1)) || - (isSigningCert(cert2) && isEncryptionCert(cert2))) + (isSigningCert(cert2) && isEncryptionCert(cert2))) return false; - // See if the certs have the same validity. - boolean haveSameValidity = - haveSameValidityPeriod(cert1, cert2); + // See if the certs have the same validity. + boolean haveSameValidity = + haveSameValidityPeriod(cert1, cert2); return haveSameValidity; } @@ -358,7 +358,7 @@ public class CertUtils { } public static String getRenewedCertsDisplayInfo(String cn, - X509CertImpl[] validCerts, X509CertImpl[] renewedCerts) { + X509CertImpl[] validCerts, X509CertImpl[] renewedCerts) { StringBuffer sb = new StringBuffer(1024); if (validCerts != null) { @@ -397,11 +397,11 @@ public class CertUtils { /** * Returns the index of the given cert in an array of certs. - * - * Assumptions: The certs are issued by the same CA - * - * @param certArray The array of certs. - * @param givenCert The certificate we are lokking for in the array. + * + * Assumptions: The certs are issued by the same CA + * + * @param certArray The array of certs. + * @param givenCert The certificate we are lokking for in the array. * @return -1 if not found or the index of the given cert in the array. */ public static int getCertIndex(X509CertImpl[] certArray, X509CertImpl givenCert) { @@ -419,20 +419,20 @@ public class CertUtils { /** * Returns the most recently issued signing certificate from an - * an array of certs. - * - * Assumptions: The certs are issued by the same CA - * - * @param certArray The array of certs. - * @param givenCert The certificate we are lokking for in the array. + * an array of certs. + * + * Assumptions: The certs are issued by the same CA + * + * @param certArray The array of certs. + * @param givenCert The certificate we are lokking for in the array. * @return null if there is no recent cert or the most recent cert. */ public static X509CertImpl getRecentSigningCert(X509CertImpl[] certArray, - X509CertImpl currentCert) { + X509CertImpl currentCert) { if (certArray == null || currentCert == null) return null; - // Sort the certificate array. + // Sort the certificate array. Arrays.sort(certArray, new CertDateCompare()); // Get the index of the current cert in the array. @@ -447,7 +447,7 @@ public class CertUtils { // Check if it is a signing cert and has its // NotAfter later than the current cert. if (isSigningCert(certArray[i]) && - certArray[i].getNotAfter().after(recentCert.getNotAfter())) + certArray[i].getNotAfter().after(recentCert.getNotAfter())) recentCert = certArray[i]; } return ((recentCert == currentCert) ? null : recentCert); @@ -467,13 +467,13 @@ public class CertUtils { // Is is object signing cert? try { CertificateExtensions extns = (CertificateExtensions) - cert.get(X509CertImpl.NAME + "." + - X509CertImpl.INFO + "." + - X509CertInfo.EXTENSIONS); + cert.get(X509CertImpl.NAME + "." + + X509CertImpl.INFO + "." + + X509CertInfo.EXTENSIONS); if (extns != null) { NSCertTypeExtension nsExtn = (NSCertTypeExtension) - extns.get(NSCertTypeExtension.class.getSimpleName()); + extns.get(NSCertTypeExtension.class.getSimpleName()); if (nsExtn != null) { String nsType = getNSExtensionInfo(nsExtn); @@ -485,7 +485,7 @@ public class CertUtils { } } } - }catch (Exception e) { + } catch (Exception e) { } return (sb.length() > 0) ? sb.toString() : null; } @@ -517,14 +517,14 @@ public class CertUtils { res = (Boolean) nsExtn.get(NSCertTypeExtension.OBJECT_SIGNING_CA); if (res.equals(Boolean.TRUE)) sb.append(" object_signing_CA"); - }catch (Exception e) { + } catch (Exception e) { } return (sb.length() > 0) ? sb.toString() : null; } public static byte[] readFromFile(String fileName) - throws IOException { + throws IOException { FileInputStream fin = new FileInputStream(fileName); int available = fin.available(); byte[] ba = new byte[available]; @@ -537,7 +537,7 @@ public class CertUtils { } public static void storeInFile(String fileName, byte[] ba) - throws IOException { + throws IOException { FileOutputStream fout = new FileOutputStream(fileName); fout.write(ba); @@ -546,17 +546,16 @@ public class CertUtils { public static String toMIME64(X509CertImpl cert) { try { - return - "-----BEGIN CERTIFICATE-----\n" + - com.netscape.osutil.OSUtil.BtoA(cert.getEncoded()) + - "-----END CERTIFICATE-----\n"; + return "-----BEGIN CERTIFICATE-----\n" + + com.netscape.osutil.OSUtil.BtoA(cert.getEncoded()) + + "-----END CERTIFICATE-----\n"; } catch (CertificateException e) { } return null; } - public static X509Certificate mapCert(String mime64) - throws IOException { + public static X509Certificate mapCert(String mime64) + throws IOException { mime64 = stripCertBrackets(mime64.trim()); String newval = normalizeCertStr(mime64); byte rawPub[] = com.netscape.osutil.OSUtil.AtoB(newval); @@ -569,8 +568,8 @@ public class CertUtils { return cert; } - public static X509Certificate[] mapCertFromPKCS7(String mime64) - throws IOException { + public static X509Certificate[] mapCertFromPKCS7(String mime64) + throws IOException { mime64 = stripCertBrackets(mime64.trim()); String newval = normalizeCertStr(mime64); byte rawPub[] = com.netscape.osutil.OSUtil.AtoB(newval); @@ -584,8 +583,8 @@ public class CertUtils { } } - public static X509CRL mapCRL(String mime64) - throws IOException { + public static X509CRL mapCRL(String mime64) + throws IOException { mime64 = stripCRLBrackets(mime64.trim()); String newval = normalizeCertStr(mime64); byte rawPub[] = com.netscape.osutil.OSUtil.AtoB(newval); @@ -598,8 +597,8 @@ public class CertUtils { return crl; } - public static X509CRL mapCRL1(String mime64) - throws IOException { + public static X509CRL mapCRL1(String mime64) + throws IOException { mime64 = stripCRLBrackets(mime64.trim()); byte rawPub[] = OSUtil.AtoB(mime64); X509CRL crl = null; @@ -635,7 +634,7 @@ public class CertUtils { return s; } if ((s.startsWith("-----BEGIN CERTIFICATE REVOCATION LIST-----")) && - (s.endsWith("-----END CERTIFICATE REVOCATION LIST-----"))) { + (s.endsWith("-----END CERTIFICATE REVOCATION LIST-----"))) { return (s.substring(43, (s.length() - 41))); } return s; @@ -643,8 +642,9 @@ public class CertUtils { /** * strips out the begin and end certificate brackets + * * @param s the string potentially bracketed with - * "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" + * "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" * @return string without the brackets */ public static String stripCertBrackets(String s) { @@ -653,13 +653,13 @@ public class CertUtils { } if ((s.startsWith("-----BEGIN CERTIFICATE-----")) && - (s.endsWith("-----END CERTIFICATE-----"))) { + (s.endsWith("-----END CERTIFICATE-----"))) { return (s.substring(27, (s.length() - 25))); } // To support Thawte's header and footer if ((s.startsWith("-----BEGIN PKCS #7 SIGNED DATA-----")) && - (s.endsWith("-----END PKCS #7 SIGNED DATA-----"))) { + (s.endsWith("-----END PKCS #7 SIGNED DATA-----"))) { return (s.substring(35, (s.length() - 33))); } @@ -669,11 +669,12 @@ public class CertUtils { /** * Returns a string that represents a cert's fingerprint. * The fingerprint is a MD5 digest of the DER encoded certificate. - * @param cert Certificate to get the fingerprint of. + * + * @param cert Certificate to get the fingerprint of. * @return a String that represents the cert's fingerprint. */ - public static String getFingerPrint(Certificate cert) - throws CertificateEncodingException, NoSuchAlgorithmException { + public static String getFingerPrint(Certificate cert) + throws CertificateEncodingException, NoSuchAlgorithmException { byte certDer[] = cert.getEncoded(); MessageDigest md = MessageDigest.getInstance("MD5"); @@ -685,16 +686,18 @@ public class CertUtils { sb.append(pp.toHexString(digestedCert, 4, 20)); return sb.toString(); } - + /** - * Returns a string that has the certificate's fingerprint using + * Returns a string that has the certificate's fingerprint using * MD5, MD2 and SHA1 hashes. - * A certificate's fingerprint is a hash digest of the DER encoded + * A certificate's fingerprint is a hash digest of the DER encoded * certificate. + * * @param cert Certificate to get the fingerprints of. * @return a String with fingerprints using the MD5, MD2 and SHA1 hashes. - * For example, - * <pre> + * For example, + * + * <pre> * MD2: 78:7E:D1:F9:3E:AF:50:18:68:A7:29:50:C3:21:1F:71 * * MD5: 0E:89:91:AC:40:50:F7:BE:6E:7B:39:4F:56:73:75:75 @@ -703,9 +706,9 @@ public class CertUtils { * </pre> */ public static String getFingerPrints(Certificate cert) - throws NoSuchAlgorithmException, CertificateEncodingException { + throws NoSuchAlgorithmException, CertificateEncodingException { byte certDer[] = cert.getEncoded(); - /* + /* String[] hashes = new String[] {"MD2", "MD5", "SHA1"}; String certFingerprints = ""; PrettyPrintFormat pp = new PrettyPrintFormat(":"); @@ -718,19 +721,21 @@ public class CertUtils { pp.toHexString(md.digest(), 6 - hashes[i].length()); } return certFingerprints; - */ - return getFingerPrints(certDer); + */ + return getFingerPrints(certDer); } - + /** - * Returns a string that has the certificate's fingerprint using + * Returns a string that has the certificate's fingerprint using * MD5, MD2 and SHA1 hashes. - * A certificate's fingerprint is a hash digest of the DER encoded + * A certificate's fingerprint is a hash digest of the DER encoded * certificate. + * * @param cert Certificate to get the fingerprints of. * @return a String with fingerprints using the MD5, MD2 and SHA1 hashes. - * For example, - * <pre> + * For example, + * + * <pre> * MD2: 78:7E:D1:F9:3E:AF:50:18:68:A7:29:50:C3:21:1F:71 * * MD5: 0E:89:91:AC:40:50:F7:BE:6E:7B:39:4F:56:73:75:75 @@ -739,9 +744,9 @@ public class CertUtils { * </pre> */ public static String getFingerPrints(byte[] certDer) - throws NoSuchAlgorithmException/*, CertificateEncodingException*/ { - // byte certDer[] = cert.getEncoded(); - String[] hashes = new String[] {"MD2", "MD5", "SHA1", "SHA256", "SHA512"}; + throws NoSuchAlgorithmException/*, CertificateEncodingException*/{ + // byte certDer[] = cert.getEncoded(); + String[] hashes = new String[] { "MD2", "MD5", "SHA1", "SHA256", "SHA512" }; String certFingerprints = ""; PrettyPrintFormat pp = new PrettyPrintFormat(":"); @@ -756,19 +761,20 @@ public class CertUtils { } /** - * Check if a object identifier in string form is valid, + * Check if a object identifier in string form is valid, * that is a string in the form n.n.n.n and der encode and decode-able. + * * @param attrName attribute name (from the configuration file) * @param value object identifier string. - */ + */ public static ObjectIdentifier checkOID(String attrName, String value) - throws EBaseException { + throws EBaseException { String msg = "value must be a object identifier in the form n.n.n.n"; String msg1 = "not a valid object identifier."; ObjectIdentifier oid; - try { - oid = ObjectIdentifier.getObjectIdentifier(value); + try { + oid = ObjectIdentifier.getObjectIdentifier(value); } catch (Exception e) { throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", attrName, msg)); @@ -776,7 +782,7 @@ public class CertUtils { // if the OID isn't valid (ex. n.n) the error isn't caught til // encoding time leaving a bad request in the request queue. - try { + try { DerOutputStream derOut = new DerOutputStream(); derOut.putOID(oid); @@ -803,20 +809,20 @@ public class CertUtils { return tmp.toString(); } - + /* * verify a certificate by its nickname * returns true if it verifies; false if any not */ public static boolean verifySystemCertByNickname(String nickname, String certusage) { boolean r = true; - CertificateUsage cu = null; + CertificateUsage cu = null; cu = getCertificateUsage(certusage); int ccu = 0; if (cu == null) { - CMS.debug("CertUtils: verifySystemCertByNickname() failed: "+ - nickname + " with unsupported certusage ="+ certusage); + CMS.debug("CertUtils: verifySystemCertByNickname() failed: " + + nickname + " with unsupported certusage =" + certusage); return false; } @@ -839,7 +845,7 @@ public class CertUtils { if (ccu == CertificateUsage.basicCertificateUsages) { /* cert is good for nothing */ r = false; - CMS.debug("CertUtils: verifySystemCertByNickname() failed: cert is good for nothing:"+ nickname); + CMS.debug("CertUtils: verifySystemCertByNickname() failed: cert is good for nothing:" + nickname); } else { r = true; CMS.debug("CertUtils: verifySystemCertByNickname() passed:" + nickname); @@ -871,8 +877,8 @@ public class CertUtils { } } } catch (Exception e) { - CMS.debug("CertUtils: verifySystemCertByNickname() failed: "+ - e.toString()); + CMS.debug("CertUtils: verifySystemCertByNickname() failed: " + + e.toString()); r = false; } return r; @@ -905,12 +911,12 @@ public class CertUtils { r = false; return r; } - String nickname = config.getString(subsysType+".cert."+tag+".nickname", ""); + String nickname = config.getString(subsysType + ".cert." + tag + ".nickname", ""); if (nickname.equals("")) { CMS.debug("CertUtils: verifySystemCertByTag() nickname for cert tag " + tag + " undefined in CS.cfg"); r = false; } - String certusage = config.getString(subsysType+".cert."+tag+".certusage", ""); + String certusage = config.getString(subsysType + ".cert." + tag + ".certusage", ""); if (certusage.equals("")) { CMS.debug("CertUtils: verifySystemCertByTag() certusage for cert tag " + tag + " undefined in CS.cfg, getting current certificate usage"); } @@ -918,9 +924,9 @@ public class CertUtils { if (r == true) { // audit here auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - ILogger.SYSTEM_UID, - ILogger.SUCCESS, + LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, + ILogger.SYSTEM_UID, + ILogger.SUCCESS, nickname); audit(auditMessage); @@ -935,8 +941,8 @@ public class CertUtils { audit(auditMessage); } } catch (Exception e) { - CMS.debug("CertUtils: verifySystemCertsByTag() failed: "+ - e.toString()); + CMS.debug("CertUtils: verifySystemCertsByTag() failed: " + + e.toString()); auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, ILogger.SYSTEM_UID, @@ -1022,9 +1028,9 @@ public class CertUtils { r = false; return r; } - String certlist = config.getString(subsysType+".cert.list", ""); + String certlist = config.getString(subsysType + ".cert.list", ""); if (certlist.equals("")) { - CMS.debug("CertUtils: verifySystemCerts() "+subsysType+ ".cert.list not defined in CS.cfg. System certificates verification not done"); + CMS.debug("CertUtils: verifySystemCerts() " + subsysType + ".cert.list not defined in CS.cfg. System certificates verification not done"); auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, ILogger.SYSTEM_UID, @@ -1050,7 +1056,7 @@ public class CertUtils { ILogger.FAILURE, ""); - audit(auditMessage); + audit(auditMessage); r = false; CMS.debug("CertUtils: verifySystemCerts():" + e.toString()); } @@ -1075,6 +1081,7 @@ public class CertUtils { /** * Signed Audit Log * This method is called to store messages to the signed audit log. + * * @param msg signed audit log message */ private static void audit(String msg) { @@ -1085,11 +1092,10 @@ public class CertUtils { } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } - } diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java b/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java index effd86ed..51f0b079 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import java.io.IOException; import java.io.OutputStream; import java.security.cert.CertificateException; @@ -34,10 +33,9 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.cert.ICrossCertPairSubsystem; - /** * This class implements CertificatePair used for Cross Certification - * + * * @author cfu * @version $Revision$, $Date$ */ @@ -47,14 +45,15 @@ public class CertificatePair implements ASN1Value { private static final Tag TAG = SEQUENCE.TAG; /** - * construct a CertificatePair. It doesn't matter which is - * forward and which is reverse in the parameters. It will figure + * construct a CertificatePair. It doesn't matter which is + * forward and which is reverse in the parameters. It will figure * it out + * * @param cert1 one X509Certificate * @param cert2 one X509Certificate */ - public CertificatePair (X509Certificate cert1, X509Certificate cert2) - throws EBaseException { + public CertificatePair(X509Certificate cert1, X509Certificate cert2) + throws EBaseException { if ((cert1 == null) || (cert2 == null)) throw new EBaseException("CertificatePair: both certs can not be null"); debug("in CertificatePair()"); @@ -74,14 +73,15 @@ public class CertificatePair implements ASN1Value { } /** - * construct a CertificatePair. It doesn't matter which is - * forward and which is reverse in the parameters. It will figure + * construct a CertificatePair. It doesn't matter which is + * forward and which is reverse in the parameters. It will figure * it out + * * @param cert1 one certificate byte array * @param cert2 one certificate byte array */ - public CertificatePair (byte[] cert1, byte[] cert2) - throws EBaseException { + public CertificatePair(byte[] cert1, byte[] cert2) + throws EBaseException { if ((cert1 == null) || (cert2 == null)) throw new EBaseException("CertificatePair: both certs can not be null"); boolean rightOrder = certOrders(cert1, cert2); @@ -100,7 +100,7 @@ public class CertificatePair implements ASN1Value { * returns false if c2 is forward and cert1 is reverse */ private boolean certOrders(X509Certificate c1, X509Certificate c2) - throws EBaseException { + throws EBaseException { debug("in certOrders() with X509Cert"); ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); @@ -224,10 +224,10 @@ public class CertificatePair implements ASN1Value { * returns false if cert2 is forward and cert1 is reverse */ private boolean certOrders(byte[] cert1, byte[] cert2) - throws EBaseException { + throws EBaseException { debug("in certOrders() with byte[]"); ICrossCertPairSubsystem ccps = - (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair"); + (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair"); X509Certificate c1 = null; X509Certificate c2 = null; diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CrlCachePrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/CrlCachePrettyPrint.java index 5c3c8001..a205e53a 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CrlCachePrettyPrint.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CrlCachePrettyPrint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import java.text.DateFormat; import java.util.Iterator; import java.util.Locale; @@ -37,12 +36,11 @@ import com.netscape.certsrv.ca.ICertificateAuthority; /** * This class will display the certificate content in predefined * format. - * + * * @author Andrew Wnuk * @version $Revision$, $Date$ */ -public class CrlCachePrettyPrint implements ICRLPrettyPrint -{ +public class CrlCachePrettyPrint implements ICRLPrettyPrint { /*========================================================== * constants @@ -72,7 +70,7 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint * This method return string representation of the certificate * revocation list in predefined format using specified client * local. I18N Support. - * + * * @param clientLocale Locale to be used for localization * @return string representation of the certificate */ @@ -107,8 +105,8 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint } sb.append(pp.indent(12) + resource.getString( PrettyPrintResources.TOKEN_ISSUER) + - ((ICertificateAuthority)(mIP.getCertificateAuthority())) - .getCRLX500Name().toString() + "\n"); + ((ICertificateAuthority) (mIP.getCertificateAuthority())) + .getCRLX500Name().toString() + "\n"); // Format thisUpdate String thisUpdate = dateFormater.format(mIP.getLastUpdate()); @@ -124,17 +122,17 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) { // Do NOT append timezone ID sb.append(pp.indent(12) - + resource.getString( - PrettyPrintResources.TOKEN_THIS_UPDATE) - + thisUpdate - + "\n"); + + resource.getString( + PrettyPrintResources.TOKEN_THIS_UPDATE) + + thisUpdate + + "\n"); } else { // Append timezone ID sb.append(pp.indent(12) - + resource.getString( - PrettyPrintResources.TOKEN_THIS_UPDATE) - + thisUpdate - + " " + tzid + "\n"); + + resource.getString( + PrettyPrintResources.TOKEN_THIS_UPDATE) + + thisUpdate + + " " + tzid + "\n"); } // Check for presence of NextUpdate if (mIP.getNextUpdate() != null) { @@ -152,17 +150,17 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) { // Do NOT append timezone ID sb.append(pp.indent(12) - + resource.getString( - PrettyPrintResources.TOKEN_NEXT_UPDATE) - + nextUpdate - + "\n"); + + resource.getString( + PrettyPrintResources.TOKEN_NEXT_UPDATE) + + nextUpdate + + "\n"); } else { // Append timezone ID sb.append(pp.indent(12) - + resource.getString( - PrettyPrintResources.TOKEN_NEXT_UPDATE) - + nextUpdate - + " " + tzid + "\n"); + + resource.getString( + PrettyPrintResources.TOKEN_NEXT_UPDATE) + + nextUpdate + + " " + tzid + "\n"); } } @@ -170,7 +168,7 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint sb.append(pp.indent(12) + resource.getString( PrettyPrintResources.TOKEN_REVOKED_CERTIFICATES) + crlSize + "\n"); } else if ((crlSize == 0 && pageStart == 0 && pageSize == 0) || - (crlSize > 0 && pageStart > 0 && pageSize > 0)) { + (crlSize > 0 && pageStart > 0 && pageSize > 0)) { sb.append(pp.indent(12) + resource.getString( PrettyPrintResources.TOKEN_REVOKED_CERTIFICATES)); long upperLimit = crlSize; @@ -183,7 +181,7 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint } sb.append("\n"); - Set<RevokedCertificate> revokedCerts = mIP.getRevokedCertificates((int)(pageStart-1), (int)upperLimit); + Set<RevokedCertificate> revokedCerts = mIP.getRevokedCertificates((int) (pageStart - 1), (int) upperLimit); if (revokedCerts != null) { Iterator<RevokedCertificate> i = revokedCerts.iterator(); @@ -195,35 +193,35 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint if ((crlSize == 0) || (upperLimit - pageStart + 1 >= l)) { sb.append(pp.indent(16) + resource.getString( PrettyPrintResources.TOKEN_SERIAL) + "0x" + - revokedCert.getSerialNumber().toString(16).toUpperCase() + "\n"); + revokedCert.getSerialNumber().toString(16).toUpperCase() + "\n"); String revocationDate = - dateFormater.format(revokedCert.getRevocationDate()); + dateFormater.format(revokedCert.getRevocationDate()); // re-get timezone // (just in case it is different . . .) if (TimeZone.getDefault() != null) { tz = TimeZone.getDefault().getDisplayName( TimeZone.getDefault().inDaylightTime( - revokedCert.getRevocationDate()), + revokedCert.getRevocationDate()), TimeZone.SHORT, clientLocale); } // Specify revocationDate if (tz.equals(tzid) || - tzid.equals(CUSTOM_LOCALE)) { + tzid.equals(CUSTOM_LOCALE)) { // Do NOT append timezone ID sb.append(pp.indent(16) - + resource.getString( - PrettyPrintResources.TOKEN_REVOCATION_DATE) - + revocationDate - + "\n"); + + resource.getString( + PrettyPrintResources.TOKEN_REVOCATION_DATE) + + revocationDate + + "\n"); } else { // Append timezone ID sb.append(pp.indent(16) - + resource.getString( - PrettyPrintResources.TOKEN_REVOCATION_DATE) - + revocationDate - + " " + tzid + "\n"); + + resource.getString( + PrettyPrintResources.TOKEN_REVOCATION_DATE) + + revocationDate + + " " + tzid + "\n"); } if (revokedCert.hasExtensions()) { sb.append(pp.indent(16) + resource.getString( @@ -254,7 +252,7 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint } catch (Exception e) { sb.append("\n\n" + pp.indent(4) + resource.getString( PrettyPrintResources.TOKEN_DECODING_ERROR) + "\n\n"); - CMS.debug("Exception="+e.toString()); + CMS.debug("Exception=" + e.toString()); CMS.debugStackTrace(); } diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CrlPrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/CrlPrettyPrint.java index 1a3969b4..1d6048c8 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CrlPrettyPrint.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CrlPrettyPrint.java @@ -17,16 +17,14 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import netscape.security.x509.X509CRLImpl; import com.netscape.certsrv.base.ICRLPrettyPrint; - /** * This class will display the certificate content in predefined * format. - * + * * @author Andrew Wnuk * @version $Revision$, $Date$ */ diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java b/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java index 663585bf..25a3baef 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -47,23 +46,21 @@ import com.netscape.certsrv.publish.IPublisherProcessor; import com.netscape.certsrv.publish.IXcertPublisherProcessor; import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; - /** * Subsystem for handling cross certificate pairing and publishing * Intended use: * <ul> - * <li> when signing a subordinate CA cert which is intended to be - * part of the crossCertificatePair - * <li> when this ca submits a request (with existing CA signing key - * material to another ca for cross-signing - *</ul> - * In both cases, administrator needs to "import" the crossSigned - * certificates via the admin console. When importCert() is called, + * <li>when signing a subordinate CA cert which is intended to be part of the crossCertificatePair + * <li>when this ca submits a request (with existing CA signing key material to another ca for cross-signing + * </ul> + * In both cases, administrator needs to "import" the crossSigned + * certificates via the admin console. When importCert() is called, * the imported cert will be stored in the internal db * first until it's pairing cert shows up. * If it happens that the above two cases finds its pairing * cert already there, then a CertifiatePair is created and put * in the internal db "crosscertificatepair;binary" attribute + * * @author cfu * @version $Revision$, $Date$ */ @@ -100,7 +97,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { } public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { try { mConfig = config; mLogger = CMS.getLogger(); @@ -112,21 +109,21 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { if (ldapConfig == null) { log(ILogger.LL_MISCONF, - CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR", - PROP_LDAP)); + CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR", + PROP_LDAP)); return; } mBaseDN = ldapConfig.getString(PROP_BASEDN, null); - + mLdapConnFactory = new LdapBoundConnFactory(); if (mLdapConnFactory != null) mLdapConnFactory.init(ldapConfig); else { log(ILogger.LL_MISCONF, - CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR", - PROP_LDAP)); + CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR", + PROP_LDAP)); return; } } catch (EBaseException e) { @@ -144,7 +141,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { * If it happens that it finds its pairing * cert already there, then a CertifiatePair is created and put * in the internal db "crosscertificatepair;binary" attribute - * + * * @param certBytes cert in byte array to be imported */ public void importCert(byte[] certBytes) throws EBaseException { @@ -169,7 +166,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { * If it happens that it finds its pairing * cert already there, then a CertifiatePair is created and put * in the internal db "crosscertificatepair;binary" attribute - * + * * @param certBytes cert in byte array to be imported */ public synchronized void importCert(Object certObj) throws EBaseException { @@ -208,7 +205,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { } Enumeration en = caCerts.getByteValues(); - + if ((en == null) || (en.hasMoreElements() == false)) { debug("1st potential xcert"); addCAcert(conn, cert.getEncoded()); @@ -232,8 +229,8 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { // caCertificate attr, and publish if so configured debug("found a pair!"); CertificatePair cp = new - // CertificatePair(inCert.getEncoded(), cert.getEncoded()); - CertificatePair(inCert, cert); + // CertificatePair(inCert.getEncoded(), cert.getEncoded()); + CertificatePair(inCert, cert); addXCertPair(conn, certPairs, cp); deleteCAcert(conn, inCert.getEncoded()); @@ -279,27 +276,28 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { /** * are cert1 and cert2 cross-signed certs? + * * @param cert1 the cert for comparison in our internal db * @param cert2 the cert that's being considered */ protected boolean arePair(X509Certificate cert1, X509Certificate cert2) { // 1. does cert1's issuer match cert2's subject? // 2. does cert2's issuer match cert1's subject? - if ((cert1.getIssuerDN().equals((Object) cert2.getSubjectDN())) - && (cert2.getIssuerDN().equals((Object) cert1.getSubjectDN()))) + if ((cert1.getIssuerDN().equals((Object) cert2.getSubjectDN())) + && (cert2.getIssuerDN().equals((Object) cert1.getSubjectDN()))) return true; else return false; } - public X509Certificate byteArray2X509Cert(byte[] certBytes) - throws CertificateException { + public X509Certificate byteArray2X509Cert(byte[] certBytes) + throws CertificateException { debug("in bytearray2X509Cert()"); ByteArrayInputStream inStream = new - ByteArrayInputStream(certBytes); + ByteArrayInputStream(certBytes); CertificateFactory cf = - CertificateFactory.getInstance("X.509"); + CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate) cf.generateCertificate(inStream); @@ -308,12 +306,12 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { } public synchronized void addXCertPair(LDAPConnection conn, - LDAPAttribute certPairs, CertificatePair pair) - throws LDAPException, IOException { + LDAPAttribute certPairs, CertificatePair pair) + throws LDAPException, IOException { ByteArrayOutputStream bos = new ByteArrayOutputStream(); pair.encode(bos); - + if (ByteValueExists(certPairs, bos.toByteArray()) == true) { debug("cross cert pair exists in internal db, don't add again"); return; @@ -322,9 +320,9 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { // add certificatePair LDAPModificationSet modSet = new LDAPModificationSet(); - modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_ATTR_XCERT_PAIR, bos.toByteArray())); - conn.modify(DN_XCERTS + "," + mBaseDN, modSet); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(LDAP_ATTR_XCERT_PAIR, bos.toByteArray())); + conn.modify(DN_XCERTS + "," + mBaseDN, modSet); } /** @@ -366,24 +364,24 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { debug("exiting byteArraysAreEqual(): true"); return true; } - + public synchronized void addCAcert(LDAPConnection conn, byte[] certEnc) - throws LDAPException { + throws LDAPException { LDAPModificationSet modSet = new - LDAPModificationSet(); - + LDAPModificationSet(); + modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_ATTR_CA_CERT, certEnc)); + new LDAPAttribute(LDAP_ATTR_CA_CERT, certEnc)); conn.modify(DN_XCERTS + "," + mBaseDN, modSet); } public synchronized void deleteCAcert(LDAPConnection conn, byte[] certEnc) - throws LDAPException { + throws LDAPException { LDAPModificationSet modSet = new - LDAPModificationSet(); + LDAPModificationSet(); modSet.add(LDAPModification.DELETE, - new LDAPAttribute(LDAP_ATTR_CA_CERT, certEnc)); + new LDAPAttribute(LDAP_ATTR_CA_CERT, certEnc)); conn.modify(DN_XCERTS + "," + mBaseDN, modSet); } @@ -394,7 +392,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { LDAPConnection conn = null; if ((mPublisherProcessor == null) || - !mPublisherProcessor.enabled()) + !mPublisherProcessor.enabled()) return; try { @@ -421,7 +419,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { } Enumeration en = xcerts.getByteValues(); - + if ((en == null) || (en.hasMoreElements() == false)) { debug("publishCertPair found no pairs in internal db"); return; @@ -476,7 +474,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { try { mLdapConnFactory.reset(); } catch (ELdapException e) { - CMS.debug("CrossCertPairSubsystem shutdown exception: "+e.toString()); + CMS.debug("CrossCertPairSubsystem shutdown exception: " + e.toString()); } } mLdapConnFactory = null; @@ -494,7 +492,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { protected void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, - ILogger.S_XCERT, level, msg); + ILogger.S_XCERT, level, msg); } private static void debug(String msg) { diff --git a/pki/base/common/src/com/netscape/cmscore/cert/ExtPrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/ExtPrettyPrint.java index ea9fabf2..5f5c66a4 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/ExtPrettyPrint.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/ExtPrettyPrint.java @@ -17,16 +17,14 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import netscape.security.x509.Extension; import com.netscape.certsrv.base.IExtPrettyPrint; - /** * This class will display the certificate content in predefined * format. - * + * * @author Andrew Wnuk * @version $Revision$, $Date$ */ @@ -36,4 +34,3 @@ public class ExtPrettyPrint extends netscape.security.util.ExtPrettyPrint implem super(ext, indentSize); } } - diff --git a/pki/base/common/src/com/netscape/cmscore/cert/OidLoaderSubsystem.java b/pki/base/common/src/com/netscape/cmscore/cert/OidLoaderSubsystem.java index 9353ae8f..b5e89d5d 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/OidLoaderSubsystem.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/OidLoaderSubsystem.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import java.security.cert.CertificateException; import java.util.Enumeration; @@ -38,7 +37,6 @@ import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.ISubsystem; import com.netscape.cmscore.util.Debug; - /** * * @author stevep @@ -47,7 +45,7 @@ import com.netscape.cmscore.util.Debug; public class OidLoaderSubsystem implements ISubsystem { private IConfigStore mConfig = null; - public static final String ID = "oidmap"; + public static final String ID = "oidmap"; private String mId = ID; private static final String PROP_OID = "oid"; @@ -77,61 +75,58 @@ public class OidLoaderSubsystem implements ISubsystem { public static OidLoaderSubsystem getInstance() { return mInstance; } - + private static final int CertType_data[] = { 2, 16, 840, 1, 113730, 1, 1 }; /** * Identifies the particular public key used to sign the certificate. */ public static final ObjectIdentifier CertType_Id = new - ObjectIdentifier(CertType_data); + ObjectIdentifier(CertType_data); private static final String[][] oidMapEntries = new String[][] { - {NSCertTypeExtension.class.getName(), - CertType_Id.toString(), - NSCertTypeExtension.class.getSimpleName()}, - {CertificateRenewalWindowExtension.class.getName(), - CertificateRenewalWindowExtension.ID.toString(), - CertificateRenewalWindowExtension.class.getSimpleName()}, - {CertificateScopeOfUseExtension.class.getName(), - CertificateScopeOfUseExtension.ID.toString(), - CertificateScopeOfUseExtension.NAME}, - {DeltaCRLIndicatorExtension.class.getName(), - DeltaCRLIndicatorExtension.OID, - DeltaCRLIndicatorExtension.class.getSimpleName()}, - {HoldInstructionExtension.class.getName(), - HoldInstructionExtension.OID, - HoldInstructionExtension.class.getSimpleName()}, - {InvalidityDateExtension.class.getName(), - InvalidityDateExtension.OID, - InvalidityDateExtension.class.getSimpleName()}, - {IssuingDistributionPointExtension.class.getName(), - IssuingDistributionPointExtension.OID, - IssuingDistributionPointExtension.class.getSimpleName()}, - {FreshestCRLExtension.class.getName(), - FreshestCRLExtension.OID, - FreshestCRLExtension.class.getSimpleName()}, + { NSCertTypeExtension.class.getName(), + CertType_Id.toString(), + NSCertTypeExtension.class.getSimpleName() }, + { CertificateRenewalWindowExtension.class.getName(), + CertificateRenewalWindowExtension.ID.toString(), + CertificateRenewalWindowExtension.class.getSimpleName() }, + { CertificateScopeOfUseExtension.class.getName(), + CertificateScopeOfUseExtension.ID.toString(), + CertificateScopeOfUseExtension.NAME }, + { DeltaCRLIndicatorExtension.class.getName(), + DeltaCRLIndicatorExtension.OID, + DeltaCRLIndicatorExtension.class.getSimpleName() }, + { HoldInstructionExtension.class.getName(), + HoldInstructionExtension.OID, + HoldInstructionExtension.class.getSimpleName() }, + { InvalidityDateExtension.class.getName(), + InvalidityDateExtension.OID, + InvalidityDateExtension.class.getSimpleName() }, + { IssuingDistributionPointExtension.class.getName(), + IssuingDistributionPointExtension.OID, + IssuingDistributionPointExtension.class.getSimpleName() }, + { FreshestCRLExtension.class.getName(), + FreshestCRLExtension.OID, + FreshestCRLExtension.class.getSimpleName() }, }; /** - * Initializes this subsystem with the given + * Initializes this subsystem with the given * configuration store. * It first initializes resident subsystems, * and it loads and initializes loadable * subsystem specified in the configuration * store. * <P> - * Note that individual subsystem should be - * initialized in a separated thread if - * it has dependency on the initialization - * of other subsystems. + * Note that individual subsystem should be initialized in a separated thread if it has dependency on the initialization of other subsystems. * <P> - * + * * @param owner owner of this subsystem * @param config configuration store */ public synchronized void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { if (Debug.ON) { Debug.trace("OIDLoaderSubsystem started"); } @@ -144,8 +139,8 @@ public class OidLoaderSubsystem implements ISubsystem { for (int i = 0; i < oidMapEntries.length; i++) { try { OIDMap.addAttribute(oidMapEntries[i][0], - oidMapEntries[i][1], - oidMapEntries[i][2]); + oidMapEntries[i][1], + oidMapEntries[i][2]); } catch (Exception e) { } } @@ -161,8 +156,8 @@ public class OidLoaderSubsystem implements ISubsystem { String classname = substore.getString(PROP_CLASS); OIDMap.addAttribute(classname, - oidname, - substorename); + oidname, + substorename); } catch (EPropertyNotFound e) { // Log error } catch (CertificateException e) { diff --git a/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintFormat.java b/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintFormat.java index 3ace3c67..fb97a5cc 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintFormat.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintFormat.java @@ -17,14 +17,12 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import com.netscape.certsrv.base.IPrettyPrintFormat; - /** * This class will display the certificate content in predefined * format. - * + * * @author Andrew Wnuk * @version $Revision$, $Date$ */ @@ -42,11 +40,11 @@ public class PrettyPrintFormat implements IPrettyPrintFormat { * *==========================================================*/ private final static String spaces = - " " + - " " + - " " + - " " + - " "; + " " + + " " + + " " + + " " + + " "; /*========================================================== * constructors @@ -70,8 +68,7 @@ public class PrettyPrintFormat implements IPrettyPrintFormat { /*========================================================== * Private methods *==========================================================*/ - - + /*========================================================== * public methods *==========================================================*/ @@ -79,6 +76,7 @@ public class PrettyPrintFormat implements IPrettyPrintFormat { /** * Provide white space indention * stevep - speed improvements. Factor of 10 improvement + * * @param numSpace number of white space to be returned * @return white spaces */ @@ -94,17 +92,18 @@ public class PrettyPrintFormat implements IPrettyPrintFormat { /** * Convert Byte Array to Hex String Format * stevep - speedup by factor of 8 + * * @param byte array of data to hexify * @param indentSize number of spaces to prepend before each line * @param lineLen number of bytes to output on each line (0 - means: put everything on one line + * means: put everything on one line * @param separator the first character of this string will be used as - the separator between bytes. + * the separator between bytes. * @return string representation */ - public String toHexString(byte[] in, int indentSize, - int lineLen, String separator) { + public String toHexString(byte[] in, int indentSize, + int lineLen, String separator) { StringBuffer sb = new StringBuffer(); int hexCount = 0; char c[]; diff --git a/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintResources.java b/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintResources.java index 4bf1147a..361f50b4 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintResources.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintResources.java @@ -17,21 +17,19 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import java.util.ListResourceBundle; import netscape.security.extensions.NSCertTypeExtension; import netscape.security.x509.KeyUsageExtension; - /** * Resource Boundle for the Pretty Print - * + * * @author Jack Pan-Chen * @version $Revision$, $Date$ */ -public class PrettyPrintResources extends ListResourceBundle { +public class PrettyPrintResources extends ListResourceBundle { /** * Returns content @@ -176,120 +174,120 @@ public class PrettyPrintResources extends ListResourceBundle { //Tokens should have blank_space as trailer static final Object[][] contents = { - {TOKEN_CERTIFICATE, "Certificate: "}, - {TOKEN_DATA, "Data: "}, - {TOKEN_VERSION, "Version: "}, - {TOKEN_SERIAL, "Serial Number: "}, - {TOKEN_SIGALG, "Signature Algorithm: "}, - {TOKEN_ISSUER, "Issuer: "}, - {TOKEN_VALIDITY, "Validity: "}, - {TOKEN_NOT_BEFORE, "Not Before: "}, - {TOKEN_NOT_AFTER, "Not After: "}, - {TOKEN_SUBJECT, "Subject: "}, - {TOKEN_SPKI, "Subject Public Key Info: "}, - {TOKEN_ALGORITHM, "Algorithm: "}, - {TOKEN_PUBLIC_KEY, "Public Key: "}, - {TOKEN_PUBLIC_KEY_MODULUS, "Public Key Modulus: "}, - {TOKEN_PUBLIC_KEY_EXPONENT, "Exponent: "}, - {TOKEN_EXTENSIONS, "Extensions: "}, - {TOKEN_SIGNATURE, "Signature: "}, - {TOKEN_YES, "yes "}, - {TOKEN_NO, "no "}, - {TOKEN_IDENTIFIER, "Identifier: "}, - {TOKEN_CRITICAL, "Critical: "}, - {TOKEN_VALUE, "Value: "}, - {TOKEN_KEY_TYPE, "Key Type "}, - {TOKEN_CERT_TYPE, "Netscape Certificate Type "}, - {TOKEN_SKI, "Subject Key Identifier "}, - {TOKEN_AKI, "Authority Key Identifier "}, - {TOKEN_ACCESS_DESC, "Access Description: "}, - {TOKEN_OCSP_NOCHECK, "OCSP NoCheck: "}, - {TOKEN_EXTENDED_KEY_USAGE, "Extended Key Usage: "}, - {TOKEN_PRIVATE_KEY_USAGE, "Private Key Usage: "}, - {TOKEN_PRESENCE_SERVER, "Presence Server: "}, - {TOKEN_AIA, "Authority Info Access: "}, - {TOKEN_KEY_USAGE, "Key Usage: "}, - {KeyUsageExtension.DIGITAL_SIGNATURE, "Digital Signature "}, - {KeyUsageExtension.NON_REPUDIATION, "Non Repudiation "}, - {KeyUsageExtension.KEY_ENCIPHERMENT, "Key Encipherment "}, - {KeyUsageExtension.DATA_ENCIPHERMENT, "Data Encipherment "}, - {KeyUsageExtension.KEY_AGREEMENT, "Key Agreement "}, - {KeyUsageExtension.KEY_CERTSIGN, "Key CertSign "}, - {KeyUsageExtension.CRL_SIGN, "Crl Sign "}, - {KeyUsageExtension.ENCIPHER_ONLY, "Encipher Only "}, - {KeyUsageExtension.DECIPHER_ONLY, "Decipher Only "}, - {TOKEN_CERT_USAGE, "Certificate Usage: "}, - {NSCertTypeExtension.SSL_CLIENT, "SSL Client "}, - {NSCertTypeExtension.SSL_SERVER, "SSL Server "}, - {NSCertTypeExtension.EMAIL, "Secure Email "}, - {NSCertTypeExtension.OBJECT_SIGNING, "Object Signing "}, - {NSCertTypeExtension.SSL_CA, "SSL CA "}, - {NSCertTypeExtension.EMAIL_CA, "Secure Email CA "}, - {NSCertTypeExtension.OBJECT_SIGNING_CA, "ObjectSigning CA "}, - {TOKEN_KEY_ID, "Key Identifier: "}, - {TOKEN_AUTH_NAME, "Authority Name: "}, - {TOKEN_CRL, "Certificate Revocation List: "}, - {TOKEN_THIS_UPDATE, "This Update: "}, - {TOKEN_NEXT_UPDATE, "Next Update: "}, - {TOKEN_REVOKED_CERTIFICATES, "Revoked Certificates: "}, - {TOKEN_REVOCATION_DATE, "Revocation Date: "}, - {TOKEN_REVOCATION_REASON, "Revocation Reason "}, - {TOKEN_REASON, "Reason: "}, - {TOKEN_BASIC_CONSTRAINTS, "Basic Constraints "}, - {TOKEN_NAME_CONSTRAINTS, "Name Constraints "}, - {TOKEN_NSC_COMMENT, "Netscape Comment "}, - {TOKEN_IS_CA, "Is CA: "}, - {TOKEN_PATH_LEN, "Path Length Constraint: "}, - {TOKEN_PATH_LEN_UNLIMITED, "UNLIMITED"}, - {TOKEN_PATH_LEN_UNDEFINED, "UNDEFINED"}, - {TOKEN_PATH_LEN_INVALID, "INVALID"}, - {TOKEN_CRL_NUMBER, "CRL Number "}, - {TOKEN_NUMBER, "Number: "}, - {TOKEN_DELTA_CRL_INDICATOR, "Delta CRL Indicator "}, - {TOKEN_BASE_CRL_NUMBER, "Base CRL Number: "}, - {TOKEN_CERT_SCOPE_OF_USE, "Certificate Scope of Use "}, - {TOKEN_SCOPE_OF_USE, "Scope of Use: "}, - {TOKEN_PORT, "Port: "}, - {TOKEN_ISSUER_ALT_NAME, "Issuer Alternative Name "}, - {TOKEN_ISSUER_NAMES, "Issuer Names: "}, - {TOKEN_SUBJECT_ALT_NAME, "Subject Alternative Name "}, - {TOKEN_DECODING_ERROR, "Decoding Error"}, - {TOKEN_FRESHEST_CRL_EXT, "Freshest CRL "}, - {TOKEN_CRL_DP_EXT, "CRL Distribution Points "}, - {TOKEN_CRLDP_NUMPOINTS, "Number of Points: "}, - {TOKEN_CRLDP_POINTN, "Point "}, - {TOKEN_CRLDP_DISTPOINT, "Distribution Point: "}, - {TOKEN_CRLDP_REASONS, "Reason Flags: "}, - {TOKEN_CRLDP_CRLISSUER, "CRL Issuer: "}, - {TOKEN_ISSUING_DIST_POINT, "Issuing Distribution Point "}, - {TOKEN_DIST_POINT_NAME, "Distribution Point: "}, - {TOKEN_FULL_NAME, "Full Name: "}, - {TOKEN_RELATIVE_NAME, "Name Relative To CRL Issuer: "}, - {TOKEN_ONLY_USER_CERTS, "Only Contains User Certificates: "}, - {TOKEN_ONLY_CA_CERTS, "Only Contains CA Certificates: "}, - {TOKEN_ONLY_SOME_REASONS, "Only Some Reasons: "}, - {TOKEN_INDIRECT_CRL, "Indirect CRL: "}, - {TOKEN_INVALIDITY_DATE, "Invalidity Date "}, - {TOKEN_DATE_OF_INVALIDITY, "Invalidity Date: "}, - {TOKEN_CERTIFICATE_ISSUER, "Certificate Issuer "}, - {TOKEN_HOLD_INSTRUCTION, "Hold Instruction Code "}, - {TOKEN_HOLD_INSTRUCTION_CODE, "Hold Instruction Code: "}, - {TOKEN_POLICY_CONSTRAINTS, "Policy Constraints "}, - {TOKEN_INHIBIT_POLICY_MAPPING, "Inhibit Policy Mapping: "}, - {TOKEN_REQUIRE_EXPLICIT_POLICY, "Require Explicit Policy: "}, - {TOKEN_POLICY_MAPPINGS, "Policy Mappings "}, - {TOKEN_MAPPINGS, "Mappings: "}, - {TOKEN_MAP, "Map "}, - {TOKEN_ISSUER_DOMAIN_POLICY, "Issuer Domain Policy: "}, - {TOKEN_SUBJECT_DOMAIN_POLICY, "Subject Domain Policy: "}, - {TOKEN_SUBJECT_DIR_ATTR, "Subject Directory Attributes "}, - {TOKEN_ATTRIBUTES, "Attributes:" }, - {TOKEN_ATTRIBUTE, "Attribute "}, - {TOKEN_VALUES, "Values: "}, - {TOKEN_NOT_SET, "not set"}, - {TOKEN_NONE, "none"}, - {TOKEN_CACHE_NOT_AVAILABLE, "CRL cache is not available. "}, - {TOKEN_CACHE_IS_EMPTY, "CRL cache is empty. "}, + { TOKEN_CERTIFICATE, "Certificate: " }, + { TOKEN_DATA, "Data: " }, + { TOKEN_VERSION, "Version: " }, + { TOKEN_SERIAL, "Serial Number: " }, + { TOKEN_SIGALG, "Signature Algorithm: " }, + { TOKEN_ISSUER, "Issuer: " }, + { TOKEN_VALIDITY, "Validity: " }, + { TOKEN_NOT_BEFORE, "Not Before: " }, + { TOKEN_NOT_AFTER, "Not After: " }, + { TOKEN_SUBJECT, "Subject: " }, + { TOKEN_SPKI, "Subject Public Key Info: " }, + { TOKEN_ALGORITHM, "Algorithm: " }, + { TOKEN_PUBLIC_KEY, "Public Key: " }, + { TOKEN_PUBLIC_KEY_MODULUS, "Public Key Modulus: " }, + { TOKEN_PUBLIC_KEY_EXPONENT, "Exponent: " }, + { TOKEN_EXTENSIONS, "Extensions: " }, + { TOKEN_SIGNATURE, "Signature: " }, + { TOKEN_YES, "yes " }, + { TOKEN_NO, "no " }, + { TOKEN_IDENTIFIER, "Identifier: " }, + { TOKEN_CRITICAL, "Critical: " }, + { TOKEN_VALUE, "Value: " }, + { TOKEN_KEY_TYPE, "Key Type " }, + { TOKEN_CERT_TYPE, "Netscape Certificate Type " }, + { TOKEN_SKI, "Subject Key Identifier " }, + { TOKEN_AKI, "Authority Key Identifier " }, + { TOKEN_ACCESS_DESC, "Access Description: " }, + { TOKEN_OCSP_NOCHECK, "OCSP NoCheck: " }, + { TOKEN_EXTENDED_KEY_USAGE, "Extended Key Usage: " }, + { TOKEN_PRIVATE_KEY_USAGE, "Private Key Usage: " }, + { TOKEN_PRESENCE_SERVER, "Presence Server: " }, + { TOKEN_AIA, "Authority Info Access: " }, + { TOKEN_KEY_USAGE, "Key Usage: " }, + { KeyUsageExtension.DIGITAL_SIGNATURE, "Digital Signature " }, + { KeyUsageExtension.NON_REPUDIATION, "Non Repudiation " }, + { KeyUsageExtension.KEY_ENCIPHERMENT, "Key Encipherment " }, + { KeyUsageExtension.DATA_ENCIPHERMENT, "Data Encipherment " }, + { KeyUsageExtension.KEY_AGREEMENT, "Key Agreement " }, + { KeyUsageExtension.KEY_CERTSIGN, "Key CertSign " }, + { KeyUsageExtension.CRL_SIGN, "Crl Sign " }, + { KeyUsageExtension.ENCIPHER_ONLY, "Encipher Only " }, + { KeyUsageExtension.DECIPHER_ONLY, "Decipher Only " }, + { TOKEN_CERT_USAGE, "Certificate Usage: " }, + { NSCertTypeExtension.SSL_CLIENT, "SSL Client " }, + { NSCertTypeExtension.SSL_SERVER, "SSL Server " }, + { NSCertTypeExtension.EMAIL, "Secure Email " }, + { NSCertTypeExtension.OBJECT_SIGNING, "Object Signing " }, + { NSCertTypeExtension.SSL_CA, "SSL CA " }, + { NSCertTypeExtension.EMAIL_CA, "Secure Email CA " }, + { NSCertTypeExtension.OBJECT_SIGNING_CA, "ObjectSigning CA " }, + { TOKEN_KEY_ID, "Key Identifier: " }, + { TOKEN_AUTH_NAME, "Authority Name: " }, + { TOKEN_CRL, "Certificate Revocation List: " }, + { TOKEN_THIS_UPDATE, "This Update: " }, + { TOKEN_NEXT_UPDATE, "Next Update: " }, + { TOKEN_REVOKED_CERTIFICATES, "Revoked Certificates: " }, + { TOKEN_REVOCATION_DATE, "Revocation Date: " }, + { TOKEN_REVOCATION_REASON, "Revocation Reason " }, + { TOKEN_REASON, "Reason: " }, + { TOKEN_BASIC_CONSTRAINTS, "Basic Constraints " }, + { TOKEN_NAME_CONSTRAINTS, "Name Constraints " }, + { TOKEN_NSC_COMMENT, "Netscape Comment " }, + { TOKEN_IS_CA, "Is CA: " }, + { TOKEN_PATH_LEN, "Path Length Constraint: " }, + { TOKEN_PATH_LEN_UNLIMITED, "UNLIMITED" }, + { TOKEN_PATH_LEN_UNDEFINED, "UNDEFINED" }, + { TOKEN_PATH_LEN_INVALID, "INVALID" }, + { TOKEN_CRL_NUMBER, "CRL Number " }, + { TOKEN_NUMBER, "Number: " }, + { TOKEN_DELTA_CRL_INDICATOR, "Delta CRL Indicator " }, + { TOKEN_BASE_CRL_NUMBER, "Base CRL Number: " }, + { TOKEN_CERT_SCOPE_OF_USE, "Certificate Scope of Use " }, + { TOKEN_SCOPE_OF_USE, "Scope of Use: " }, + { TOKEN_PORT, "Port: " }, + { TOKEN_ISSUER_ALT_NAME, "Issuer Alternative Name " }, + { TOKEN_ISSUER_NAMES, "Issuer Names: " }, + { TOKEN_SUBJECT_ALT_NAME, "Subject Alternative Name " }, + { TOKEN_DECODING_ERROR, "Decoding Error" }, + { TOKEN_FRESHEST_CRL_EXT, "Freshest CRL " }, + { TOKEN_CRL_DP_EXT, "CRL Distribution Points " }, + { TOKEN_CRLDP_NUMPOINTS, "Number of Points: " }, + { TOKEN_CRLDP_POINTN, "Point " }, + { TOKEN_CRLDP_DISTPOINT, "Distribution Point: " }, + { TOKEN_CRLDP_REASONS, "Reason Flags: " }, + { TOKEN_CRLDP_CRLISSUER, "CRL Issuer: " }, + { TOKEN_ISSUING_DIST_POINT, "Issuing Distribution Point " }, + { TOKEN_DIST_POINT_NAME, "Distribution Point: " }, + { TOKEN_FULL_NAME, "Full Name: " }, + { TOKEN_RELATIVE_NAME, "Name Relative To CRL Issuer: " }, + { TOKEN_ONLY_USER_CERTS, "Only Contains User Certificates: " }, + { TOKEN_ONLY_CA_CERTS, "Only Contains CA Certificates: " }, + { TOKEN_ONLY_SOME_REASONS, "Only Some Reasons: " }, + { TOKEN_INDIRECT_CRL, "Indirect CRL: " }, + { TOKEN_INVALIDITY_DATE, "Invalidity Date " }, + { TOKEN_DATE_OF_INVALIDITY, "Invalidity Date: " }, + { TOKEN_CERTIFICATE_ISSUER, "Certificate Issuer " }, + { TOKEN_HOLD_INSTRUCTION, "Hold Instruction Code " }, + { TOKEN_HOLD_INSTRUCTION_CODE, "Hold Instruction Code: " }, + { TOKEN_POLICY_CONSTRAINTS, "Policy Constraints " }, + { TOKEN_INHIBIT_POLICY_MAPPING, "Inhibit Policy Mapping: " }, + { TOKEN_REQUIRE_EXPLICIT_POLICY, "Require Explicit Policy: " }, + { TOKEN_POLICY_MAPPINGS, "Policy Mappings " }, + { TOKEN_MAPPINGS, "Mappings: " }, + { TOKEN_MAP, "Map " }, + { TOKEN_ISSUER_DOMAIN_POLICY, "Issuer Domain Policy: " }, + { TOKEN_SUBJECT_DOMAIN_POLICY, "Subject Domain Policy: " }, + { TOKEN_SUBJECT_DIR_ATTR, "Subject Directory Attributes " }, + { TOKEN_ATTRIBUTES, "Attributes:" }, + { TOKEN_ATTRIBUTE, "Attribute " }, + { TOKEN_VALUES, "Values: " }, + { TOKEN_NOT_SET, "not set" }, + { TOKEN_NONE, "none" }, + { TOKEN_CACHE_NOT_AVAILABLE, "CRL cache is not available. " }, + { TOKEN_CACHE_IS_EMPTY, "CRL cache is empty. " }, }; } diff --git a/pki/base/common/src/com/netscape/cmscore/cert/PubKeyPrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/PubKeyPrettyPrint.java index 01e58fa1..9ea58181 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/PubKeyPrettyPrint.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/PubKeyPrettyPrint.java @@ -17,14 +17,12 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import java.security.PublicKey; - /** * This class will display the certificate content in predefined * format. - * + * * @author Jack Pan-Chen * @author Andrew Wnuk * @version $Revision$, $Date$ diff --git a/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java b/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java index 539ec82b..8f5964b7 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import java.util.Enumeration; import java.util.Hashtable; import java.util.StringTokenizer; @@ -35,13 +34,11 @@ import com.netscape.certsrv.base.ISubsystem; import com.netscape.certsrv.logging.ILogger; import com.netscape.cmscore.util.Debug; - /** - * Subsystem for configuring X500Name related things. - * It is used for the following. + * Subsystem for configuring X500Name related things. + * It is used for the following. * <ul> - * <li>Add X500Name (string to oid) maps for attributes that - * are not supported by default. + * <li>Add X500Name (string to oid) maps for attributes that are not supported by default. * <li>Specify an order for encoding Directory Strings other than the default. * </ul> * @@ -51,11 +48,10 @@ import com.netscape.cmscore.util.Debug; public class X500NameSubsystem implements ISubsystem { private IConfigStore mConfig = null; - public static final String ID = "X500Name"; + public static final String ID = "X500Name"; private String mId = ID; - private static final String - PROP_DIR_STR_ENCODING_ORDER = "directoryStringEncodingOrder"; + private static final String PROP_DIR_STR_ENCODING_ORDER = "directoryStringEncodingOrder"; private static final String PROP_ATTR = "attr"; private static final String PROP_OID = "oid"; @@ -82,57 +78,60 @@ public class X500NameSubsystem implements ISubsystem { public static X500NameSubsystem getInstance() { return mInstance; } - + /** * Initializes this subsystem with the given configuration store. - * All paramters are optional. + * All paramters are optional. * <ul> - * <li>Change encoding order of Directory Strings: + * <li>Change encoding order of Directory Strings: + * * <pre> * X500Name.directoryStringEncodingOrder=order seperated by commas * For example: Printable,BMPString,UniversalString. * </pre> - * Possible values are: + * + * Possible values are: * <ul> * <li>Printable * <li>IA5String * <li>UniversalString * <li>BMPString - * <li>UTF8String + * <li>UTF8String * </ul> * <p> - * <li>Add X500Name attributes: + * <li>Add X500Name attributes: + * * <pre> * X500Name.attr.attribute-name.oid=n.n.n.n - * X500Name.attr.attribute-name.class=value converter class + * X500Name.attr.attribute-name.class=value converter class * </pre> * - * The value converter class converts a string to a ASN.1 value. - * It must implement netscape.security.x509.AVAValueConverter interface. - * Converter classes provided in CMS are: + * The value converter class converts a string to a ASN.1 value. It must implement netscape.security.x509.AVAValueConverter interface. Converter classes provided in CMS are: + * * <pre> * netscape.security.x509.PrintableConverter - - * Converts to a Printable String value. String must have only - * printable characters. + * Converts to a Printable String value. String must have only + * printable characters. * netscape.security.x509.IA5StringConverter - - * Converts to a IA5String value. String must have only IA5String - * characters. + * Converts to a IA5String value. String must have only IA5String + * characters. * netscape.security.x509.DirStrConverter - - * Converts to a Directory (v3) String. String is expected to - * be in Directory String format according to rfc2253. + * Converts to a Directory (v3) String. String is expected to + * be in Directory String format according to rfc2253. * netscape.security.x509.GenericValueConverter - - * Converts string character by character in the following order - * from smaller character sets to broadest character set. - * Printable, IA5String, BMPString, Universal String. + * Converts string character by character in the following order + * from smaller character sets to broadest character set. + * Printable, IA5String, BMPString, Universal String. * </pre> + * * </ul> * <P> - * + * * @param owner owner of this subsystem * @param config configuration store */ public synchronized void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mLogger = CMS.getLogger(); if (Debug.ON) { Debug.trace(ID + " started"); @@ -147,11 +146,11 @@ public class X500NameSubsystem implements ISubsystem { } /** - * Loads X500Name String to attribute maps. + * Loads X500Name String to attribute maps. * Called from init. */ private void loadX500NameAttrMaps() - throws EBaseException { + throws EBaseException { X500NameAttrMap globalMap = X500NameAttrMap.getDefault(); IConfigStore attrSubStore = mConfig.getSubStore(PROP_ATTR); Enumeration attrNames = attrSubStore.getSubStoreNames(); @@ -180,14 +179,14 @@ public class X500NameSubsystem implements ISubsystem { } /** - * Set directory string encoding order. + * Set directory string encoding order. * Called from init(). */ - private void setDirStrEncodingOrder() - throws EBaseException { + private void setDirStrEncodingOrder() + throws EBaseException { String order = mConfig.getString(PROP_DIR_STR_ENCODING_ORDER, null); - if (order == null || order.length() == 0) // nothing. + if (order == null || order.length() == 0) // nothing. return; StringTokenizer toker = new StringTokenizer(order, ", \t"); int numTokens = toker.countTokens(); @@ -196,7 +195,7 @@ public class X500NameSubsystem implements ISubsystem { String msg = "must be a list of DER tag names seperated by commas."; log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CERT_DIR_STRING", PROP_DIR_STR_ENCODING_ORDER)); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", PROP_DIR_STR_ENCODING_ORDER, msg)); } @@ -211,7 +210,7 @@ public class X500NameSubsystem implements ISubsystem { String msg = "unknown DER tag '" + nextTag + "'."; log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CERT_UNKNOWN_TAG", PROP_DIR_STR_ENCODING_ORDER, nextTag)); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", PROP_DIR_STR_ENCODING_ORDER, msg)); } } @@ -230,27 +229,27 @@ public class X500NameSubsystem implements ISubsystem { static { mDerStr2TagHash.put( - PRINTABLESTRING, Byte.valueOf(DerValue.tag_PrintableString)); + PRINTABLESTRING, Byte.valueOf(DerValue.tag_PrintableString)); mDerStr2TagHash.put( - IA5STRING, Byte.valueOf(DerValue.tag_IA5String)); + IA5STRING, Byte.valueOf(DerValue.tag_IA5String)); mDerStr2TagHash.put( - VISIBLESTRING, Byte.valueOf(DerValue.tag_VisibleString)); + VISIBLESTRING, Byte.valueOf(DerValue.tag_VisibleString)); mDerStr2TagHash.put( - T61STRING, Byte.valueOf(DerValue.tag_T61String)); + T61STRING, Byte.valueOf(DerValue.tag_T61String)); mDerStr2TagHash.put( - BMPSTRING, Byte.valueOf(DerValue.tag_BMPString)); + BMPSTRING, Byte.valueOf(DerValue.tag_BMPString)); mDerStr2TagHash.put( - UNIVERSALSTRING, Byte.valueOf(DerValue.tag_UniversalString)); + UNIVERSALSTRING, Byte.valueOf(DerValue.tag_UniversalString)); mDerStr2TagHash.put( - UFT8STRING, Byte.valueOf(DerValue.tag_UTF8String)); + UFT8STRING, Byte.valueOf(DerValue.tag_UTF8String)); } private byte derStr2Tag(String s) { - if (s == null || s.length() == 0) + if (s == null || s.length() == 0) throw new IllegalArgumentException(); Byte tag = (Byte) mDerStr2TagHash.get(s); - if (tag == null) + if (tag == null) throw new IllegalArgumentException(); return tag.byteValue(); } @@ -278,7 +277,7 @@ public class X500NameSubsystem implements ISubsystem { protected void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, - ILogger.S_ADMIN, level, msg); + ILogger.S_ADMIN, level, msg); } } |