diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java')
| -rw-r--r-- | pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java | 1754 |
1 files changed, 664 insertions, 1090 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java index 976b8e7e..d0df7d1a 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java +++ b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; + import java.io.ByteArrayOutputStream; import java.io.FileInputStream; import java.io.FileOutputStream; @@ -100,10 +101,10 @@ import com.netscape.cmscore.cert.CertUtils; import com.netscape.cmscore.util.Debug; import com.netscape.cmsutil.crypto.CryptoUtil; + /** * Subsystem for initializing JSS> * <P> - * * @version $Revision$ $Date$ */ public final class JssSubsystem implements ICryptoSubsystem { @@ -130,15 +131,13 @@ public final class JssSubsystem implements ICryptoSubsystem { private Hashtable mNicknameMapCertsTable = new Hashtable(); private Hashtable mNicknameMapUserCertsTable = new Hashtable(); - private FileInputStream devRandomInputStream = null; + private FileInputStream devRandomInputStream=null; - // This date format is to format the date string of the certificate in such - // a way as + // This date format is to format the date string of the certificate in such a way as // May 01, 1999 01:55:55. - private static SimpleDateFormat mFormatter = new SimpleDateFormat( - "MMMMM dd, yyyy HH:mm:ss"); + private static SimpleDateFormat mFormatter = new SimpleDateFormat("MMMMM dd, yyyy HH:mm:ss"); - // SSL related variables. + // SSL related variables. private IConfigStore mSSLConfig = null; @@ -148,20 +147,20 @@ public final class JssSubsystem implements ICryptoSubsystem { private static Hashtable mCipherNames = new Hashtable(); - /* default sslv2 and sslv3 cipher suites(all), set if no prefs in config. */ - private static final String DEFAULT_CIPHERPREF = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," - + "TLS_RSA_WITH_AES_128_CBC_SHA," - + "TLS_RSA_WITH_AES_256_CBC_SHA," - + "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," - + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," - + - // "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + - // "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + - // "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA," - + "TLS_DHE_DSS_WITH_AES_256_CBC_SHA," - + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA," - + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"; + /* default sslv2 and sslv3 cipher suites(all), set if no prefs in config.*/ + private static final String DEFAULT_CIPHERPREF = + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + + "TLS_RSA_WITH_AES_128_CBC_SHA," + + "TLS_RSA_WITH_AES_256_CBC_SHA," + + "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + +// "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + +// "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + +// "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + + "TLS_DHE_DSS_WITH_AES_128_CBC_SHA," + + "TLS_DHE_DSS_WITH_AES_256_CBC_SHA," + + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA," + + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"; /* list of all ciphers JSS supports */ private static final int mJSSCipherSuites[] = { @@ -179,51 +178,50 @@ public final class JssSubsystem implements ICryptoSubsystem { SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA, SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, - SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, }; + SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, + }; static { /* set ssl cipher string names. */ - /* - * disallowing SSL2 ciphers to be turned on - * mCipherNames.put(Constants.PR_SSL2_RC4_128_WITH_MD5, - * Integer.valueOf(SSLSocket.SSL2_RC4_128_WITH_MD5)); - * mCipherNames.put(Constants.PR_SSL2_RC4_128_EXPORT40_WITH_MD5, - * Integer.valueOf(SSLSocket.SSL2_RC4_128_EXPORT40_WITH_MD5)); - * mCipherNames.put(Constants.PR_SSL2_RC2_128_CBC_WITH_MD5, - * Integer.valueOf(SSLSocket.SSL2_RC2_128_CBC_WITH_MD5)); - * mCipherNames.put(Constants.PR_SSL2_RC2_128_CBC_EXPORT40_WITH_MD5, - * Integer.valueOf(SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5)); - * mCipherNames.put(Constants.PR_SSL2_DES_64_CBC_WITH_MD5, - * Integer.valueOf(SSLSocket.SSL2_DES_64_CBC_WITH_MD5)); - * mCipherNames.put(Constants.PR_SSL2_DES_192_EDE3_CBC_WITH_MD5, - * Integer.valueOf(SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5)); - */ + /* disallowing SSL2 ciphers to be turned on + mCipherNames.put(Constants.PR_SSL2_RC4_128_WITH_MD5, + Integer.valueOf(SSLSocket.SSL2_RC4_128_WITH_MD5)); + mCipherNames.put(Constants.PR_SSL2_RC4_128_EXPORT40_WITH_MD5, + Integer.valueOf(SSLSocket.SSL2_RC4_128_EXPORT40_WITH_MD5)); + mCipherNames.put(Constants.PR_SSL2_RC2_128_CBC_WITH_MD5, + Integer.valueOf(SSLSocket.SSL2_RC2_128_CBC_WITH_MD5)); + mCipherNames.put(Constants.PR_SSL2_RC2_128_CBC_EXPORT40_WITH_MD5, + Integer.valueOf(SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5)); + mCipherNames.put(Constants.PR_SSL2_DES_64_CBC_WITH_MD5, + Integer.valueOf(SSLSocket.SSL2_DES_64_CBC_WITH_MD5)); + mCipherNames.put(Constants.PR_SSL2_DES_192_EDE3_CBC_WITH_MD5, + Integer.valueOf(SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5)); + */ mCipherNames.put(Constants.PR_SSL3_RSA_WITH_NULL_MD5, - Integer.valueOf(SSLSocket.SSL3_RSA_WITH_NULL_MD5)); + Integer.valueOf(SSLSocket.SSL3_RSA_WITH_NULL_MD5)); mCipherNames.put(Constants.PR_SSL3_RSA_EXPORT_WITH_RC4_40_MD5, - Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5)); + Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5)); mCipherNames.put(Constants.PR_SSL3_RSA_WITH_RC4_128_MD5, - Integer.valueOf(SSLSocket.SSL3_RSA_WITH_RC4_128_MD5)); + Integer.valueOf(SSLSocket.SSL3_RSA_WITH_RC4_128_MD5)); mCipherNames.put(Constants.PR_SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5, - Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5)); + Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5)); mCipherNames.put(Constants.PR_SSL3_RSA_WITH_DES_CBC_SHA, - Integer.valueOf(SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA)); + Integer.valueOf(SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA)); mCipherNames.put(Constants.PR_SSL3_RSA_WITH_3DES_EDE_CBC_SHA, - Integer.valueOf(SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA)); - mCipherNames - .put(Constants.PR_SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, - Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA)); + Integer.valueOf(SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA)); + mCipherNames.put(Constants.PR_SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, + Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA)); mCipherNames.put(Constants.PR_SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA, - Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA)); + Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA)); mCipherNames.put(Constants.PR_SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, - Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA)); + Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA)); mCipherNames.put(Constants.PR_SSL_RSA_FIPS_WITH_DES_CBC_SHA, - Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA)); + Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA)); mCipherNames.put(Constants.PR_TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, - Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA)); + Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA)); mCipherNames.put(Constants.PR_TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, - Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA)); + Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA)); } public static JssSubsystem getInstance() { @@ -241,43 +239,44 @@ public final class JssSubsystem implements ICryptoSubsystem { } public void setId(String id) throws EBaseException { - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_OPERATION")); - - } - - // Add entropy to the 'default' RNG token - public void addEntropy(int bits) - throws org.mozilla.jss.util.NotImplementedException, IOException, - TokenException { - int read = 0; - int bytes = (7 + bits) / 8; - byte[] b = new byte[bytes]; - if (devRandomInputStream == null) { - throw new IOException( - CMS.getLogMessage("CMSCORE_SECURITY_NO_ENTROPY_STREAM")); - } - do { - int c = devRandomInputStream.read(b, read, bytes - read); - read += c; - } while (read < bytes); - - CMS.debug("JssSubsystem adding " + bits + " bits (" + bytes - + " bytes) of entropy to default RNG token"); - CMS.debug(b); - PK11SecureRandom sr = new PK11SecureRandom(); - sr.setSeed(b); - } - + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_OPERATION")); + + } + + // Add entropy to the 'default' RNG token + public void addEntropy(int bits) + throws org.mozilla.jss.util.NotImplementedException, + IOException, + TokenException + { + int read=0; + int bytes = (7+bits)/8; + byte[] b = new byte[bytes]; + if (devRandomInputStream == null) { + throw new IOException(CMS.getLogMessage("CMSCORE_SECURITY_NO_ENTROPY_STREAM")); + } + do { + int c = devRandomInputStream.read(b,read,bytes-read); + read += c; + } + while (read < bytes); + + CMS.debug("JssSubsystem adding "+bits+" bits ("+bytes+" bytes) of entropy to default RNG token"); + CMS.debug(b); + PK11SecureRandom sr = new PK11SecureRandom(); + sr.setSeed(b); + } + /** - * Initializes the Jss security subsystem. + * Initializes the Jss security subsystem. * <P> */ - public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException { mLogger = CMS.getLogger(); - - if (mInited) { + + if (mInited) + { // This used to throw an exeception (e.g. - on Solaris). // If JSS is already initialized simply return. CMS.debug("JssSubsystem already inited.. returning."); @@ -310,9 +309,10 @@ public final class JssSubsystem implements ICryptoSubsystem { String certDir; certDir = config.getString(CONFIG_DIR, null); - - CryptoManager.InitializationValues vals = new CryptoManager.InitializationValues( - certDir, "", "", "secmod.db"); + + CryptoManager.InitializationValues vals = + new CryptoManager.InitializationValues(certDir, + "", "", "secmod.db"); vals.removeSunProvider = false; vals.installJSSProvider = true; @@ -321,13 +321,11 @@ public final class JssSubsystem implements ICryptoSubsystem { } catch (AlreadyInitializedException e) { // do nothing } catch (Exception e) { - String[] params = { mId, e.toString() }; - EBaseException ex = new EBaseException(CMS.getUserMessage( - "CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = {mId, e.toString()}; + EBaseException ex = new EBaseException( + CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", - ex.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); throw ex; } @@ -335,21 +333,19 @@ public final class JssSubsystem implements ICryptoSubsystem { mCryptoManager = CryptoManager.getInstance(); initSSL(); } catch (CryptoManager.NotInitializedException e) { - String[] params = { mId, e.toString() }; - EBaseException ex = new EBaseException(CMS.getUserMessage( - "CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = {mId, e.toString()}; + EBaseException ex = new EBaseException( + CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", - ex.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); throw ex; } - + mInited = true; } public String getCipherVersion() throws EBaseException { - return "cipherdomestic"; + return "cipherdomestic"; } public String getCipherPreferences() throws EBaseException { @@ -367,36 +363,36 @@ public final class JssSubsystem implements ICryptoSubsystem { public String getECType(String certType) throws EBaseException { if (mSSLConfig != null) { // for SSL server, check the value of jss.ssl.sslserver.ectype - return mSSLConfig.getString(certType + "." + PROP_SSL_ECTYPE, - "ECDHE"); + return mSSLConfig.getString(certType + "." + PROP_SSL_ECTYPE, "ECDHE"); } else { return "ECDHE"; } } public String isCipherFortezza() throws EBaseException { - // we always display fortezza suites. - // too much work to display tokens/certs corresponding to the - // suites. + // we always display fortezza suites. + // too much work to display tokens/certs corresponding to the + // suites. return "true"; } void installProvider() { int position = java.security.Security.insertProviderAt( - new com.netscape.cmscore.security.Provider(), 1); + new com.netscape.cmscore.security.Provider(), + 1); if (position == -1) { Debug.trace("Unable to install CMS provider"); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_INSTALL_PROVIDER")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_INSTALL_PROVIDER")); } } - public void setCipherPreferences(String cipherPrefs) throws EBaseException { + public void setCipherPreferences(String cipherPrefs) + throws EBaseException { if (mSSLConfig != null) { if (cipherPrefs.equals("")) - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_NO_EMPTY_CIPHERPREFS")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_NO_EMPTY_CIPHERPREFS")); mSSLConfig.putString(Constants.PR_CIPHER_PREF, cipherPrefs); } } @@ -406,7 +402,7 @@ public final class JssSubsystem implements ICryptoSubsystem { * */ private void initSSL() throws EBaseException { - // JSS will AND what is set and what is allowed by export policy + // JSS will AND what is set and what is allowed by export policy // so we can set what is requested. try { @@ -422,11 +418,11 @@ public final class JssSubsystem implements ICryptoSubsystem { if (Debug.ON) Debug.trace("configured ssl cipher prefs is " + sslCiphers); - // first, disable all ciphers, since JSS defaults to all-enabled + // first, disable all ciphers, since JSS defaults to all-enabled for (int i = mJSSCipherSuites.length - 1; i >= 0; i--) { try { - SSLSocket - .setCipherPreferenceDefault(mJSSCipherSuites[i], false); + SSLSocket.setCipherPreferenceDefault(mJSSCipherSuites[i], + false); } catch (SocketException e) { } } @@ -437,10 +433,9 @@ public final class JssSubsystem implements ICryptoSubsystem { StringTokenizer ciphers = new StringTokenizer(sslCiphers, ","); if (!ciphers.hasMoreTokens()) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_SECURITY_INVALID_CIPHER", sslCiphers)); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_PROPERTY", PROP_SSL_CIPHERPREF)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_INVALID_CIPHER", sslCiphers)); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY", PROP_SSL_CIPHERPREF)); } while (ciphers.hasMoreTokens()) { String cipher = ciphers.nextToken(); @@ -449,13 +444,13 @@ public final class JssSubsystem implements ICryptoSubsystem { if (sslcipher != null) { String msg = "setting ssl cipher " + cipher; - CMS.debug("JSSSubsystem: initSSL(): " + msg); + CMS.debug("JSSSubsystem: initSSL(): "+msg); log(ILogger.LL_INFO, msg); if (Debug.ON) Debug.trace(msg); try { SSLSocket.setCipherPreferenceDefault( - sslcipher.intValue(), true); + sslcipher.intValue(), true); } catch (SocketException e) { } } @@ -463,7 +458,7 @@ public final class JssSubsystem implements ICryptoSubsystem { } } - + /** * Retrieves a configuration store of this subsystem. * <P> @@ -477,26 +472,26 @@ public final class JssSubsystem implements ICryptoSubsystem { */ public void startup() throws EBaseException { } - + /** * Shutdowns this subsystem. * <P> */ public void shutdown() { try { - // After talking to NSS teamm, we should not call close databases - // which will call NSS_Shutdown. Web Server will call NSS_Shutdown - boolean isClosing = mConfig.getBoolean("closeDatabases", false); - if (isClosing) { - JSSDatabaseCloser closer = new JSSDatabaseCloser(); - closer.closeDatabases(); - } + // After talking to NSS teamm, we should not call close databases + // which will call NSS_Shutdown. Web Server will call NSS_Shutdown + boolean isClosing = mConfig.getBoolean("closeDatabases", false); + if (isClosing) { + JSSDatabaseCloser closer = new JSSDatabaseCloser(); + closer.closeDatabases(); + } } catch (Exception e) { } } public void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "JSS " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "JSS " + msg); } public PasswordCallback getPWCB() { @@ -510,13 +505,11 @@ public final class JssSubsystem implements ICryptoSubsystem { try { name = c.getName(); } catch (TokenException e) { - String[] params = { mId, e.toString() }; - EBaseException ex = new EBaseException(CMS.getUserMessage( - "CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = {mId, e.toString()}; + EBaseException ex = new EBaseException( + CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", - ex.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); throw ex; } @@ -533,29 +526,26 @@ public final class JssSubsystem implements ICryptoSubsystem { CryptoToken c = (CryptoToken) tokens.nextElement(); // skip builtin object token - if (c.getName() != null - && c.getName().equals("Builtin Object Token")) { + if (c.getName() != null && c.getName().equals("Builtin Object Token")) { continue; } if (num++ == 0) - tokenList = tokenList + c.getName(); - else + tokenList = tokenList + c.getName(); + else tokenList = tokenList + "," + c.getName(); } } catch (TokenException e) { - String[] params = { mId, e.toString() }; - EBaseException ex = new EBaseException(CMS.getUserMessage( - "CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = {mId, e.toString()}; + EBaseException ex = new EBaseException( + CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", - ex.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); throw ex; } - if (tokenList.equals("")) - return Constants.PR_INTERNAL_TOKEN; + if (tokenList.equals("")) + return Constants.PR_INTERNAL_TOKEN; else return (tokenList + "," + Constants.PR_INTERNAL_TOKEN); } @@ -568,74 +558,48 @@ public final class JssSubsystem implements ICryptoSubsystem { return ctoken.isLoggedIn(); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR")); } catch (NoSuchTokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } } - public void loggedInToken(String tokenName, String pwd) - throws EBaseException { + public void loggedInToken(String tokenName, String pwd) throws EBaseException { try { CryptoToken ctoken = mCryptoManager.getTokenByName(tokenName); Password clk = new Password(pwd.toCharArray()); ctoken.login(clk); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR")); } catch (IncorrectPasswordException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_LOGIN_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_LOGIN_FAILED")); } catch (NoSuchTokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } } - public String getCertSubjectName(String tokenname, String nickname) - throws EBaseException { + public String getCertSubjectName(String tokenname, String nickname) + throws EBaseException { try { return KeyCertUtil.getCertSubjectName(tokenname, nickname); } catch (NoSuchTokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); } } @@ -660,21 +624,18 @@ public final class JssSubsystem implements ICryptoSubsystem { } } } catch (TokenException e) { - String[] params = { mId, e.toString() }; - EBaseException ex = new EBaseException(CMS.getUserMessage( - "CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = {mId, e.toString()}; + EBaseException ex = new EBaseException( + CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", - ex.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); throw ex; } return certNames; } - public String getCertListWithoutTokenName(String name) - throws EBaseException { + public String getCertListWithoutTokenName(String name) throws EBaseException { CryptoToken c = null; String certNames = ""; @@ -692,7 +653,7 @@ public final class JssSubsystem implements ICryptoSubsystem { if (list == null) return ""; - + for (int i = 0; i < list.length; i++) { String nickname = list[i].getNickname(); int index = nickname.indexOf(":"); @@ -709,22 +670,18 @@ public final class JssSubsystem implements ICryptoSubsystem { return ""; } catch (TokenException e) { - String[] params = { mId, e.toString() }; - EBaseException ex = new EBaseException(CMS.getUserMessage( - "CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = {mId, e.toString()}; + EBaseException ex = new EBaseException( + CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", - ex.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); throw ex; } catch (NoSuchTokenException e) { - String[] params = { mId, e.toString() }; - EBaseException ex = new EBaseException(CMS.getUserMessage( - "CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = {mId, e.toString()}; + EBaseException ex = new EBaseException( + CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", - ex.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); throw ex; } } @@ -747,7 +704,7 @@ public final class JssSubsystem implements ICryptoSubsystem { if (list == null) return ""; - + for (int i = 0; i < list.length; i++) { String nickname = list[i].getNickname(); @@ -761,28 +718,24 @@ public final class JssSubsystem implements ICryptoSubsystem { return ""; } catch (TokenException e) { - String[] params = { mId, e.toString() }; - EBaseException ex = new EBaseException(CMS.getUserMessage( - "CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = {mId, e.toString()}; + EBaseException ex = new EBaseException( + CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", - ex.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); throw ex; } catch (NoSuchTokenException e) { - String[] params = { mId, e.toString() }; - EBaseException ex = new EBaseException(CMS.getUserMessage( - "CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = {mId, e.toString()}; + EBaseException ex = new EBaseException( + CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", - ex.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); throw ex; } } - public AlgorithmId getAlgorithmId(String algname, IConfigStore store) - throws EBaseException { + public AlgorithmId getAlgorithmId(String algname, IConfigStore store) + throws EBaseException { try { if (algname.equals("DSA")) { byte[] p = store.getByteArray("ca.dsaP", null); @@ -799,72 +752,60 @@ public final class JssSubsystem implements ICryptoSubsystem { } return AlgorithmId.getAlgorithmId(algname); } catch (NoSuchAlgorithmException e) { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_ALG_NOT_SUPPORTED", "")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", "")); } } public String getSignatureAlgorithm(String nickname) throws EBaseException { try { - X509Certificate cert = CryptoManager.getInstance() - .findCertByNickname(nickname); + X509Certificate cert = + CryptoManager.getInstance().findCertByNickname(nickname); X509CertImpl impl = new X509CertImpl(cert.getEncoded()); return impl.getSigAlgName(); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (ObjectNotFoundException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - "")); - } + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); + } } public KeyPair getKeyPair(String nickname) throws EBaseException { try { - X509Certificate cert = CryptoManager.getInstance() - .findCertByNickname(nickname); - PrivateKey priKey = CryptoManager.getInstance().findPrivKeyByCert( - cert); + X509Certificate cert = + CryptoManager.getInstance().findCertByNickname(nickname); + PrivateKey priKey = + CryptoManager.getInstance().findPrivKeyByCert(cert); PublicKey publicKey = cert.getPublicKey(); return new KeyPair(publicKey, priKey); } catch (NotInitializedException e) { log(ILogger.LL_FAILURE, "Key Pair Error " + e); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (ObjectNotFoundException e) { log(ILogger.LL_FAILURE, "Key Pair Error " + e); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); } catch (TokenException e) { log(ILogger.LL_FAILURE, "Key Pair Error " + e); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } } - public KeyPair getKeyPair(String tokenName, String alg, int keySize) - throws EBaseException { + public KeyPair getKeyPair(String tokenName, String alg, + int keySize) throws EBaseException { return getKeyPair(tokenName, alg, keySize, null); } - public KeyPair getKeyPair(String tokenName, String alg, int keySize, - PQGParams pqg) throws EBaseException { + public KeyPair getKeyPair(String tokenName, String alg, + int keySize, PQGParams pqg) throws EBaseException { String t = tokenName; if (tokenName.equals(Constants.PR_INTERNAL_TOKEN)) @@ -872,13 +813,12 @@ public final class JssSubsystem implements ICryptoSubsystem { CryptoToken token = null; try { - token = mCryptoManager.getTokenByName(t); + token = mCryptoManager.getTokenByName(t); } catch (NoSuchTokenException e) { log(ILogger.LL_FAILURE, "Generate Key Pair Error " + e); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", tokenName)); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", tokenName)); } - + KeyPairAlgorithm kpAlg = null; if (alg.equals("RSA")) @@ -888,35 +828,26 @@ public final class JssSubsystem implements ICryptoSubsystem { } try { - KeyPair kp = KeyCertUtil - .generateKeyPair(token, kpAlg, keySize, pqg); + KeyPair kp = KeyCertUtil.generateKeyPair(token, kpAlg, keySize, pqg); return kp; } catch (InvalidParameterException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_SECURITY_KEY_PAIR", e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_KEYSIZE_PARAMS", "" + keySize)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEYSIZE_PARAMS", + "" + keySize)); } catch (PQGParamGenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_SECURITY_KEY_PAIR", e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED")); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_SECURITY_KEY_PAIR", e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_ALG_NOT_SUPPORTED", kpAlg.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", + kpAlg.toString())); } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_SECURITY_KEY_PAIR", e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_KEY_GEN_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_KEY_GEN_FAILED")); } catch (InvalidAlgorithmParameterException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_SECURITY_KEY_PAIR", e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_ALG_NOT_SUPPORTED", "DSA")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", "DSA")); } } @@ -924,108 +855,69 @@ public final class JssSubsystem implements ICryptoSubsystem { try { X500Name name = new X500Name(dn); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_X500_NAME", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_X500_NAME", dn)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_X500_NAME", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_X500_NAME", dn)); } } - public String getCertRequest(String subjectName, KeyPair kp) - throws EBaseException { + public String getCertRequest(String subjectName, KeyPair kp) + throws EBaseException { try { - netscape.security.pkcs.PKCS10 pkcs = KeyCertUtil.getCertRequest( - subjectName, kp); + netscape.security.pkcs.PKCS10 pkcs = + KeyCertUtil.getCertRequest(subjectName, kp); ByteArrayOutputStream bs = new ByteArrayOutputStream(); PrintStream ps = new PrintStream(bs); pkcs.print(ps); return bs.toString(); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_ALG_NOT_SUPPORTED", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", "")); } catch (NoSuchProviderException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_PROVIDER_NOT_SUPPORTED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_PROVIDER_NOT_SUPPORTED")); } catch (InvalidKeyException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_REQ_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_REQ_FAILED")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_CERT", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_CERT", e.toString())); } catch (SignatureException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_SIGNATURE")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_SIGNATURE")); } } - public void importCert(String b64E, String nickname, String certType) - throws EBaseException { + public void importCert(String b64E, String nickname, String certType) + throws EBaseException { try { KeyCertUtil.importCert(b64E, nickname, certType); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { String eString = e.toString(); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - if (eString - .contains("Failed to find certificate that was just imported")) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + if (eString.contains("Failed to find certificate that was just imported")) { throw new EBaseException(eString); } else { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } } catch (UserCertConflictException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_USERCERT_CONFLICT")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_USERCERT_CONFLICT")); } catch (NicknameConflictException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_NICKNAME_CONFLICT")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_NICKNAME_CONFLICT")); } catch (NoSuchItemOnTokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); } } @@ -1036,7 +928,8 @@ public final class JssSubsystem implements ICryptoSubsystem { String tmp = (String) properties.get(Constants.PR_TOKEN_NAME); - if ((tmp != null) && (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) + if ((tmp != null) && + (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) tokenname = tmp; tmp = (String) properties.get(Constants.PR_KEY_TYPE); if (tmp != null) @@ -1058,9 +951,9 @@ public final class JssSubsystem implements ICryptoSubsystem { KeyPair pair = null; String tmp = (String) properties.get(Constants.PR_TOKEN_NAME); - if (tmp != null) + if (tmp != null) token = tmp; - + tmp = (String) properties.get(Constants.PR_KEY_CURVENAME); if (tmp != null) keyCurve = tmp; @@ -1071,110 +964,77 @@ public final class JssSubsystem implements ICryptoSubsystem { return pair; } - - public KeyPair getECCKeyPair(String token, String keyCurve, String certType) - throws EBaseException { + + public KeyPair getECCKeyPair(String token, String keyCurve, String certType) throws EBaseException { KeyPair pair = null; if ((token == null) || (token.equals(""))) token = Constants.PR_INTERNAL_TOKEN_NAME; if ((keyCurve == null) || (keyCurve.equals(""))) - keyCurve = "nistp512"; + keyCurve = "nistp512"; String ectype = getECType(certType); // ECDHE needs "SIGN" but no "DERIVE" - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE }; + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE + }; // ECDH needs "DERIVE" but no any kind of "SIGN" org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = { - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, }; + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, + }; try { - if (ectype.equals("ECDHE")) - pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, - usages_mask); + if (ectype.equals("ECDHE")) + pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, usages_mask); else - pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, - ECDH_usages_mask); + pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, ECDH_usages_mask); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (NoSuchTokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_NO_SUCH_ALGORITHM", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_NO_SUCH_ALGORITHM", e.toString())); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } return pair; - } + } public void importCert(X509CertImpl signedCert, String nickname, - String certType) throws EBaseException { + String certType) throws EBaseException { try { KeyCertUtil.importCert(signedCert, nickname, certType); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_ENCODE_CERT_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ENCODE_CERT_FAILED")); } catch (UserCertConflictException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_USERCERT_CONFLICT")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_USERCERT_CONFLICT")); } catch (NicknameConflictException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_NICKNAME_CONFLICT")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_NICKNAME_CONFLICT")); } catch (NoSuchItemOnTokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_ENCODE_CERT_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ENCODE_CERT_FAILED")); } } @@ -1184,94 +1044,70 @@ public final class JssSubsystem implements ICryptoSubsystem { X509CertImpl impl = new X509CertImpl(b); NameValuePairs results = new NameValuePairs(); - results.add(Constants.PR_CERT_SUBJECT_NAME, impl.getSubjectDN() - .getName()); + results.add(Constants.PR_CERT_SUBJECT_NAME, impl.getSubjectDN().getName()); results.add(Constants.PR_ISSUER_NAME, impl.getIssuerDN().getName()); - results.add(Constants.PR_SERIAL_NUMBER, impl.getSerialNumber() - .toString()); - results.add(Constants.PR_BEFORE_VALIDDATE, impl.getNotBefore() - .toString()); - results.add(Constants.PR_AFTER_VALIDDATE, impl.getNotAfter() - .toString()); + results.add(Constants.PR_SERIAL_NUMBER, impl.getSerialNumber().toString()); + results.add(Constants.PR_BEFORE_VALIDDATE, impl.getNotBefore().toString()); + results.add(Constants.PR_AFTER_VALIDDATE, impl.getNotAfter().toString()); // fingerprint is using MD5 hash return results; } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_CERT_INFO", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_INFO", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_CERT_INFO", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_INFO", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); } } - public void deleteUserCert(String nickname, String serialno, - String issuername) throws EBaseException { + public void deleteUserCert(String nickname, String serialno, String issuername) + throws EBaseException { try { - X509Certificate cert = getCertificate(nickname, serialno, - issuername); + X509Certificate cert = getCertificate(nickname, serialno, issuername); if (cert instanceof TokenCertificate) { TokenCertificate tcert = (TokenCertificate) cert; CryptoStore store = tcert.getOwningToken().getCryptoStore(); - CMS.debug("*** deleting this token cert"); +CMS.debug("*** deleting this token cert"); tcert.getOwningToken().getCryptoStore().deleteCert(tcert); - CMS.debug("*** finish deleting this token cert"); +CMS.debug("*** finish deleting this token cert"); } else { - CryptoToken token = CryptoManager.getInstance() - .getInternalKeyStorageToken(); - CryptoStore store = token.getCryptoStore(); + CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken(); + CryptoStore store = token.getCryptoStore(); - CMS.debug("*** deleting this interna cert"); - store.deleteCert(cert); - CMS.debug("*** removing this interna cert"); +CMS.debug("*** deleting this interna cert"); + store.deleteCert(cert); +CMS.debug("*** removing this interna cert"); } } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (NoSuchItemOnTokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); } } - public void deleteRootCert(String nickname, String serialno, - String issuername) throws EBaseException { + public void deleteRootCert(String nickname, String serialno, + String issuername) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { - nickname = nickname.substring(index + 1); + nickname = nickname.substring(index+1); } try { if (mNicknameMapCertsTable != null) { - X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable - .get(nickname); + X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable.get(nickname); if (certs == null) { - EBaseException e = new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_SECURITY_DELETE_CA_CERT", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CA_CERT", e.toString())); throw e; } else { for (int i = 0; i < certs.length; i++) { @@ -1279,27 +1115,24 @@ public final class JssSubsystem implements ICryptoSubsystem { X509CertImpl impl = new X509CertImpl(cert.getEncoded()); String num = impl.getSerialNumber().toString(); String issuer = impl.getIssuerDN().toString(); - CMS.debug("*** num " + num); - CMS.debug("*** issuer " + issuer); +CMS.debug("*** num "+num); +CMS.debug("*** issuer "+issuer); if (num.equals(serialno) && issuername.equals(issuer)) { - CMS.debug("*** removing root cert"); +CMS.debug("*** removing root cert"); if (cert instanceof TokenCertificate) { TokenCertificate tcert = (TokenCertificate) cert; - CryptoStore store = tcert.getOwningToken() - .getCryptoStore(); - - CMS.debug("*** deleting this token cert"); - tcert.getOwningToken().getCryptoStore() - .deleteCert(tcert); - CMS.debug("*** finish deleting this token cert"); + CryptoStore store = tcert.getOwningToken().getCryptoStore(); + +CMS.debug("*** deleting this token cert"); + tcert.getOwningToken().getCryptoStore().deleteCert(tcert); +CMS.debug("*** finish deleting this token cert"); } else { - CryptoToken token = CryptoManager.getInstance() - .getInternalKeyStorageToken(); + CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken(); CryptoStore store = token.getCryptoStore(); - - CMS.debug("*** deleting this interna cert"); + +CMS.debug("*** deleting this interna cert"); store.deleteCert(cert); - CMS.debug("*** removing this interna cert"); +CMS.debug("*** removing this interna cert"); } mNicknameMapCertsTable.remove(nickname); break; @@ -1309,29 +1142,17 @@ public final class JssSubsystem implements ICryptoSubsystem { } } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (NoSuchItemOnTokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } } @@ -1354,15 +1175,14 @@ public final class JssSubsystem implements ICryptoSubsystem { for (int i = 0; i < list.length; i++) { try { - PrivateKey key = CryptoManager.getInstance() - .findPrivKeyByCert(list[i]); + PrivateKey key = + CryptoManager.getInstance().findPrivKeyByCert(list[i]); Debug.trace("JssSubsystem getRootCerts: find private key " - + list[i].getNickname()); + +list[i].getNickname()); } catch (ObjectNotFoundException e) { String nickname = list[i].getNickname(); - if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { - nickname = Constants.PR_INTERNAL_TOKEN_NAME + ":" - + nickname; + if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { + nickname = Constants.PR_INTERNAL_TOKEN_NAME+":"+nickname; } X509CertImpl impl = null; @@ -1383,15 +1203,14 @@ public final class JssSubsystem implements ICryptoSubsystem { } String serialno = impl.getSerialNumber().toString(); String issuer = impl.getIssuerDN().toString(); - nvps.add(nickname + "," + serialno, issuer); - Debug.trace("getRootCerts: nickname=" + nickname - + ", serialno=" + serialno + ", issuer=" - + issuer); + nvps.add(nickname+","+serialno, issuer); + Debug.trace("getRootCerts: nickname="+nickname+", serialno="+ + serialno+", issuer="+issuer); continue; } catch (CryptoManager.NotInitializedException e) { continue; } - } + } // convert hashtable of vectors to hashtable of arrays Enumeration elms = vecTable.keys(); @@ -1405,11 +1224,8 @@ public final class JssSubsystem implements ICryptoSubsystem { } } } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); } return nvps; @@ -1430,18 +1246,16 @@ public final class JssSubsystem implements ICryptoSubsystem { for (int i = 0; i < list.length; i++) { try { - PrivateKey key = CryptoManager.getInstance() - .findPrivKeyByCert(list[i]); + PrivateKey key = + CryptoManager.getInstance().findPrivKeyByCert(list[i]); String nickname = list[i].getNickname(); - if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME) - || tokenName - .equals(Constants.PR_FULL_INTERNAL_TOKEN_NAME)) { - nickname = Constants.PR_INTERNAL_TOKEN_NAME + ":" - + nickname; + if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME) || + tokenName.equals(Constants.PR_FULL_INTERNAL_TOKEN_NAME)) { + nickname = Constants.PR_INTERNAL_TOKEN_NAME+":"+nickname; } X509CertImpl impl = null; - try { + try { impl = new X509CertImpl(list[i].getEncoded()); } catch (CertificateException e) { // skip bad certificate @@ -1450,25 +1264,21 @@ public final class JssSubsystem implements ICryptoSubsystem { } String serialno = impl.getSerialNumber().toString(); String issuer = impl.getIssuerDN().toString(); - nvps.add(nickname + "," + serialno, issuer); - Debug.trace("getUserCerts: nickname=" + nickname - + ", serialno=" + serialno + ", issuer=" - + issuer); + nvps.add(nickname+","+serialno, issuer); + Debug.trace("getUserCerts: nickname="+nickname+", serialno="+ + serialno+", issuer="+issuer); } catch (ObjectNotFoundException e) { Debug.trace("JssSubsystem getUserCerts: cant find private key " - + list[i].getNickname()); + +list[i].getNickname()); continue; } catch (CryptoManager.NotInitializedException e) { continue; } - } + } } } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); } return nvps; @@ -1481,8 +1291,8 @@ public final class JssSubsystem implements ICryptoSubsystem { public NameValuePairs getAllCertsManage() throws EBaseException { /* - * first get all CA certs (internal only), then all user certs (both - * internal and external) + * first get all CA certs (internal only), + * then all user certs (both internal and external) */ NameValuePairs pairs = getCACerts(); @@ -1502,14 +1312,14 @@ public final class JssSubsystem implements ICryptoSubsystem { for (int i = 0; i < list.length; i++) { String nickname = list[i].getNickname(); - X509Certificate[] certificates = CryptoManager - .getInstance().findCertsByNickname(nickname); + X509Certificate[] certificates = + CryptoManager.getInstance().findCertsByNickname(nickname); mNicknameMapUserCertsTable.put(nickname, certificates); X509CertImpl impl = null; - try { + try { impl = new X509CertImpl(list[i].getEncoded()); } catch (CertificateException e) { // skip bad certificate @@ -1520,7 +1330,7 @@ public final class JssSubsystem implements ICryptoSubsystem { String dateStr = mFormatter.format(date); NameValuePair pair = pairs.getPair(nickname); - /* always user cert here */ + /* always user cert here*/ String certValue = dateStr + "," + "u"; if (pair == null) @@ -1531,27 +1341,19 @@ public final class JssSubsystem implements ICryptoSubsystem { if (vvalue.endsWith(",u")) { pair.setValue(vvalue + ";" + certValue); } - } + } } } /* while */ } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); // } catch (CertificateException e) { - // log(ILogger.LL_FAILURE, - // CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", - // e.toString())); - // throw new EBaseException(BaseResources.CERT_ERROR); + // log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString())); + // throw new EBaseException(BaseResources.CERT_ERROR); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); } return pairs; @@ -1560,28 +1362,26 @@ public final class JssSubsystem implements ICryptoSubsystem { public NameValuePairs getCACerts() throws EBaseException { NameValuePairs pairs = new NameValuePairs(); - // InternalCertificate[] certs; + //InternalCertificate[] certs; X509Certificate[] certs; try { - certs = CryptoManager.getInstance().getCACerts(); + certs = + CryptoManager.getInstance().getCACerts(); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } - if (mNicknameMapCertsTable == null) { - CMS.debug("JssSubsystem::getCACerts() - " - + "mNicknameMapCertsTable is null!"); - throw new EBaseException("mNicknameMapCertsTable is null"); + if( mNicknameMapCertsTable == null ) { + CMS.debug( "JssSubsystem::getCACerts() - " + + "mNicknameMapCertsTable is null!" ); + throw new EBaseException( "mNicknameMapCertsTable is null" ); } else { mNicknameMapCertsTable.clear(); } - // a temp hashtable with vectors + // a temp hashtable with vectors Hashtable vecTable = new Hashtable(); for (int i = 0; i < certs.length; i++) { @@ -1611,13 +1411,12 @@ public final class JssSubsystem implements ICryptoSubsystem { mNicknameMapCertsTable.put(key, a); } - Enumeration keys = mNicknameMapCertsTable.keys(); + Enumeration keys = mNicknameMapCertsTable.keys(); while (keys.hasMoreElements()) { String nickname = (String) keys.nextElement(); - X509Certificate[] value = (X509Certificate[]) mNicknameMapCertsTable - .get(nickname); - + X509Certificate[] value = (X509Certificate[]) mNicknameMapCertsTable.get(nickname); + for (int i = 0; i < value.length; i++) { InternalCertificate icert = null; @@ -1627,13 +1426,14 @@ public final class JssSubsystem implements ICryptoSubsystem { Debug.trace("cert is not an InternalCertificate"); Debug.trace("nickname: " + nickname + " index " + i); Debug.trace("cert: " + value[i]); - continue; + continue; } - + int flag = icert.getSSLTrust(); String trust = "U"; - if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == InternalCertificate.TRUSTED_CLIENT_CA) + if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == + InternalCertificate.TRUSTED_CLIENT_CA) trust = "T"; X509CertImpl impl = null; @@ -1650,122 +1450,96 @@ public final class JssSubsystem implements ICryptoSubsystem { String vvalue = pair.getValue(); pair.setValue(vvalue + ";" + certValue); - } + } } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_SECURITY_GET_CA_CERT_FOR", nickname, - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT_FOR", nickname, e.toString())); // allow it to continue with other certs even if one blows // up - // throw new EBaseException(BaseResources.CERT_ERROR); + // throw new EBaseException(BaseResources.CERT_ERROR); } } } return pairs; } - public void trustCert(String nickname, String date, String trust) - throws EBaseException { + public void trustCert(String nickname, String date, String trust) throws + EBaseException { try { if (mNicknameMapCertsTable != null) { - X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable - .get(nickname); + X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable.get(nickname); if (certs == null) { - EBaseException e = new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", e.toString())); throw e; } else { for (int i = 0; i < certs.length; i++) { X509Certificate cert = certs[i]; - X509CertImpl certImpl = new X509CertImpl( - cert.getEncoded()); + X509CertImpl certImpl = new X509CertImpl(cert.getEncoded()); Date notAfter = certImpl.getNotAfter(); Date qualifier = mFormatter.parse(date); if (notAfter.equals(qualifier)) { if (cert instanceof InternalCertificate) { if (trust.equals("Trust")) { - int trustflag = InternalCertificate.TRUSTED_CA - | InternalCertificate.TRUSTED_CLIENT_CA - | InternalCertificate.VALID_CA; + int trustflag = InternalCertificate.TRUSTED_CA | + InternalCertificate.TRUSTED_CLIENT_CA | + InternalCertificate.VALID_CA; - ((InternalCertificate) cert) - .setSSLTrust(trustflag); + ((InternalCertificate) cert).setSSLTrust(trustflag); } else - ((InternalCertificate) cert) - .setSSLTrust(InternalCertificate.VALID_CA); + ((InternalCertificate) cert).setSSLTrust(InternalCertificate.VALID_CA); break; } else { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_CERT_ERROR", "")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); } } } } } - } catch (ParseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + } catch (ParseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } } /** * Delete the CA certificate from the perm database. - * * @param nickname The nickname of the CA certificate. - * @param notAfterTime The notAfter of the certificate. It is possible to - * get multiple certificates under the same nickname. If one of - * the certificates match the notAfterTime, then the certificate - * will get deleted. The format of the notAfterTime has to be in - * "MMMMM dd, yyyy HH:mm:ss" format. - */ - public void deleteCACert(String nickname, String notAfterTime) - throws EBaseException { + * @param notAfterTime The notAfter of the certificate. It is possible to get multiple + * certificates under the same nickname. If one of the certificates match the notAfterTime, + * then the certificate will get deleted. The format of the notAfterTime has to be + * in "MMMMM dd, yyyy HH:mm:ss" format. + */ + public void deleteCACert(String nickname, String notAfterTime) throws EBaseException { try { if (mNicknameMapCertsTable != null) { - X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable - .get(nickname); + X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable.get(nickname); if (certs == null) { - EBaseException e = new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_SECURITY_DELETE_CA_CERT", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CA_CERT", e.toString())); throw e; } else { for (int i = 0; i < certs.length; i++) { X509Certificate cert = certs[i]; - X509CertImpl certImpl = new X509CertImpl( - cert.getEncoded()); + X509CertImpl certImpl = new X509CertImpl(cert.getEncoded()); Date notAfter = certImpl.getNotAfter(); Date qualifier = mFormatter.parse(notAfterTime); if (notAfter.equals(qualifier)) { if (cert instanceof TokenCertificate) { TokenCertificate tcert = (TokenCertificate) cert; - CryptoStore store = tcert.getOwningToken() - .getCryptoStore(); + CryptoStore store = tcert.getOwningToken().getCryptoStore(); - tcert.getOwningToken().getCryptoStore() - .deleteCert(tcert); + tcert.getOwningToken().getCryptoStore().deleteCert(tcert); } else { - CryptoToken token = CryptoManager.getInstance() - .getInternalKeyStorageToken(); + CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken(); CryptoStore store = token.getCryptoStore(); store.deleteCert(cert); @@ -1777,64 +1551,45 @@ public final class JssSubsystem implements ICryptoSubsystem { } } } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (NoSuchItemOnTokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); } catch (ParseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } } /** * Delete any certificate from the any token. - * * @param nickname The nickname of the certificate. - * @param notAfterTime The notAfter of the certificate. It is possible to - * get multiple certificates under the same nickname. If one of - * the certificates match the notAfterTime, then the certificate - * will get deleted. The format of the notAfterTime has to be in - * "MMMMM dd, yyyy HH:mm:ss" format. - */ - public void deleteCert(String nickname, String notAfterTime) - throws EBaseException { + * @param notAfterTime The notAfter of the certificate. It is possible to get multiple + * certificates under the same nickname. If one of the certificates match the notAfterTime, + * then the certificate will get deleted. The format of the notAfterTime has to be + * in "MMMMM dd, yyyy HH:mm:ss" format. + */ + public void deleteCert(String nickname, String notAfterTime) throws EBaseException { boolean isUserCert = false; - X509Certificate[] certs = null; - ; + X509Certificate[] certs = null;; try { if (mNicknameMapCertsTable != null) { - certs = (X509Certificate[]) mNicknameMapCertsTable - .get(nickname); + certs = + (X509Certificate[]) mNicknameMapCertsTable.get(nickname); } if (certs == null) { if (mNicknameMapUserCertsTable != null) { - certs = (X509Certificate[]) mNicknameMapUserCertsTable - .get(nickname); + certs = + (X509Certificate[]) mNicknameMapUserCertsTable.get(nickname); if (certs != null) { CMS.debug("in mNicknameMapUserCertsTable, isUserCert is true"); isUserCert = true; @@ -1845,12 +1600,9 @@ public final class JssSubsystem implements ICryptoSubsystem { } if (certs == null) { - EBaseException e = new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); throw e; } else { @@ -1863,14 +1615,11 @@ public final class JssSubsystem implements ICryptoSubsystem { if (notAfter.equals(qualifier)) { if (cert instanceof TokenCertificate) { TokenCertificate tcert = (TokenCertificate) cert; - CryptoStore store = tcert.getOwningToken() - .getCryptoStore(); + CryptoStore store = tcert.getOwningToken().getCryptoStore(); - tcert.getOwningToken().getCryptoStore() - .deleteCert(tcert); + tcert.getOwningToken().getCryptoStore().deleteCert(tcert); } else { - CryptoToken token = CryptoManager.getInstance() - .getInternalKeyStorageToken(); + CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken(); CryptoStore store = token.getCryptoStore(); store.deleteCert(cert); @@ -1886,51 +1635,33 @@ public final class JssSubsystem implements ICryptoSubsystem { } } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (NoSuchItemOnTokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); } catch (ParseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } } - public void deleteTokenCertificate(String nickname, String pathname) - throws EBaseException { + public void deleteTokenCertificate(String nickname, String pathname) throws EBaseException { try { - X509Certificate cert = CryptoManager.getInstance() - .findCertByNickname(nickname); + X509Certificate cert = CryptoManager.getInstance().findCertByNickname(nickname); String issuerName = cert.getSubjectDN().getName(); Principal principal = cert.getSubjectDN(); DN dn = new DN(principal.getName()); BigInteger serialno = cert.getSerialNumber(); String suffix = "." + System.currentTimeMillis(); String b64E = com.netscape.osutil.OSUtil.BtoA(cert.getEncoded()); - PrintStream stream = new PrintStream(new FileOutputStream(pathname - + suffix)); + PrintStream stream = new PrintStream(new FileOutputStream(pathname + suffix)); stream.println("-----BEGIN CERTIFICATE-----"); stream.print(b64E); @@ -1941,279 +1672,212 @@ public final class JssSubsystem implements ICryptoSubsystem { CryptoStore store = tcert.getOwningToken().getCryptoStore(); tcert.getOwningToken().getCryptoStore().deleteCert(tcert); - } else - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_NOT_TOKEN_CERT")); + } else + throw new EBaseException(CMS.getUserMessage("CMS_BASE_NOT_TOKEN_CERT")); int index = nickname.indexOf(":"); - - // the deleted certificate is on the hardware token. We should - // delete the same one from + + // the deleted certificate is on the hardware token. We should delete the same one from // the internal token. if (index > 0) { - CryptoToken cToken = CryptoManager.getInstance() - .getInternalKeyStorageToken(); + CryptoToken cToken = CryptoManager.getInstance().getInternalKeyStorageToken(); CryptoStore store = cToken.getCryptoStore(); - X509Certificate[] allcerts = CryptoManager.getInstance() - .getCACerts(); + X509Certificate[] allcerts = CryptoManager.getInstance().getCACerts(); for (int i = 0; i < allcerts.length; i++) { try { - X509CertImpl certImpl = new X509CertImpl( - allcerts[i].getEncoded()); - String certIssuerName = certImpl.getSubjectDN() - .getName(); + X509CertImpl certImpl = new X509CertImpl(allcerts[i].getEncoded()); + String certIssuerName = certImpl.getSubjectDN().getName(); Principal certPrincipal = certImpl.getSubjectDN(); DN certdn = new DN(certPrincipal.getName()); BigInteger certSerialNo = certImpl.getSerialNumber(); - if (dn.equals(certdn) - && certSerialNo.compareTo(serialno) == 0) { + if (dn.equals(certdn) && certSerialNo.compareTo(serialno) == 0) { store.deleteCert(allcerts[i]); break; } } catch (Exception ee) { - Debug.trace("JssSubsystem:deleteTokenCertificate: " - + ee.toString()); + Debug.trace("JssSubsystem:deleteTokenCertificate: " + ee.toString()); } } } } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (NoSuchItemOnTokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (ObjectNotFoundException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } } public String getSubjectDN(String nickname) throws EBaseException { try { - X509Certificate cert = CryptoManager.getInstance() - .findCertByNickname(nickname); + X509Certificate cert = + CryptoManager.getInstance().findCertByNickname(nickname); X509CertImpl impl = new X509CertImpl(cert.getEncoded()); return impl.getSubjectDN().getName(); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (ObjectNotFoundException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } } public void setRootCertTrust(String nickname, String serialno, - String issuerName, String trust) throws EBaseException { - + String issuerName, String trust) throws EBaseException { + X509Certificate cert = getCertificate(nickname, serialno, issuerName); if (cert instanceof InternalCertificate) { if (trust.equals("trust")) { - int trustflag = InternalCertificate.TRUSTED_CA - | InternalCertificate.TRUSTED_CLIENT_CA - | InternalCertificate.VALID_CA; + int trustflag = InternalCertificate.TRUSTED_CA | + InternalCertificate.TRUSTED_CLIENT_CA | + InternalCertificate.VALID_CA; ((InternalCertificate) cert).setSSLTrust(trustflag); } else { - ((InternalCertificate) cert) - .setSSLTrust(InternalCertificate.VALID_CA); + ((InternalCertificate) cert).setSSLTrust(InternalCertificate.VALID_CA); } } } public X509Certificate getCertificate(String nickname, String serialno, - String issuerName) throws EBaseException { + String issuerName) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { - nickname = nickname.substring(index + 1); + nickname = nickname.substring(index+1); } try { - X509Certificate[] certs = CryptoManager.getInstance() - .findCertsByNickname(nickname); + X509Certificate[] certs = + CryptoManager.getInstance().findCertsByNickname(nickname); X509CertImpl impl = null; - int i = 0; + int i=0; if (certs != null && certs.length > 0) { for (; i < certs.length; i++) { impl = new X509CertImpl(certs[i].getEncoded()); - if (impl.getIssuerDN().toString().equals(issuerName) - && impl.getSerialNumber().toString() - .equals(serialno)) + if (impl.getIssuerDN().toString().equals(issuerName) && + impl.getSerialNumber().toString().equals(serialno)) return certs[i]; } } else { - EBaseException e = new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + EBaseException e = + new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); throw e; } } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); - } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } - + return null; } public String getRootCertTrustBit(String nickname, String serialno, - String issuerName) throws EBaseException { + String issuerName) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { - nickname = nickname.substring(index + 1); + nickname = nickname.substring(index+1); } try { - X509Certificate[] certs = CryptoManager.getInstance() - .findCertsByNickname(nickname); + X509Certificate[] certs = + CryptoManager.getInstance().findCertsByNickname(nickname); X509CertImpl impl = null; - int i = 0; + int i=0; if (certs != null && certs.length > 0) { for (; i < certs.length; i++) { impl = new X509CertImpl(certs[i].getEncoded()); - if (impl.getIssuerDN().toString().equals(issuerName) - && impl.getSerialNumber().toString() - .equals(serialno)) + if (impl.getIssuerDN().toString().equals(issuerName) && + impl.getSerialNumber().toString().equals(serialno)) break; } } else { - EBaseException e = new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + EBaseException e = + new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); throw e; } String trust = "U"; if (certs[i] instanceof InternalCertificate) { - InternalCertificate icert = (InternalCertificate) certs[i]; + InternalCertificate icert = (InternalCertificate)certs[i]; int flag = icert.getSSLTrust(); - if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == InternalCertificate.TRUSTED_CLIENT_CA) + if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == + InternalCertificate.TRUSTED_CLIENT_CA) trust = "T"; - } else + } else trust = "N/A"; return trust; } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); - } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } } public String getCertPrettyPrint(String nickname, String serialno, - String issuerName, Locale locale) throws EBaseException { + String issuerName, Locale locale) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { - nickname = nickname.substring(index + 1); + nickname = nickname.substring(index+1); } try { - X509Certificate[] certs = CryptoManager.getInstance() - .findCertsByNickname(nickname); + X509Certificate[] certs = + CryptoManager.getInstance().findCertsByNickname(nickname); X509CertImpl impl = null; if (certs != null && certs.length > 0) { for (int i = 0; i < certs.length; i++) { impl = new X509CertImpl(certs[i].getEncoded()); - if (impl.getIssuerDN().toString().equals(issuerName) - && impl.getSerialNumber().toString() - .equals(serialno)) + if (impl.getIssuerDN().toString().equals(issuerName) && + impl.getSerialNumber().toString().equals(serialno)) break; } } else { - EBaseException e = new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); + EBaseException e = + new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); throw e; } CertPrettyPrint print = null; @@ -2226,114 +1890,86 @@ public final class JssSubsystem implements ICryptoSubsystem { else return null; } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } } - public String getCertPrettyPrintAndFingerPrint(String nickname, - String serialno, String issuerName, Locale locale) - throws EBaseException { + public String getCertPrettyPrintAndFingerPrint(String nickname, String serialno, + String issuerName, Locale locale) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { - nickname = nickname.substring(index + 1); + nickname = nickname.substring(index+1); } try { - X509Certificate[] certs = CryptoManager.getInstance() - .findCertsByNickname(nickname); + X509Certificate[] certs = + CryptoManager.getInstance().findCertsByNickname(nickname); X509CertImpl impl = null; if (certs != null && certs.length > 0) { for (int i = 0; i < certs.length; i++) { impl = new X509CertImpl(certs[i].getEncoded()); - if (impl.getIssuerDN().toString().equals(issuerName) - && impl.getSerialNumber().toString() - .equals(serialno)) + if (impl.getIssuerDN().toString().equals(issuerName) && + impl.getSerialNumber().toString().equals(serialno)) break; } } else { - EBaseException e = new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); + EBaseException e = + new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); throw e; } CertPrettyPrint print = null; - String fingerPrint = ""; + String fingerPrint = ""; if (impl != null) { print = new CertPrettyPrint(impl); - fingerPrint = CMS.getFingerPrints(impl.getEncoded()); - } + fingerPrint = CMS.getFingerPrints(impl.getEncoded()); + } if ((print != null) && (fingerPrint != "")) { - String pp = print.toString(locale) + "\n" - + "Certificate Fingerprints:" + '\n' + fingerPrint; + String pp = print.toString(locale) + "\n" + + "Certificate Fingerprints:"+ '\n' + fingerPrint; return pp; } else return null; } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_NO_SUCH_ALGORITHM", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_NO_SUCH_ALGORITHM", e.toString())); } } - public String getCertPrettyPrint(String nickname, String date, Locale locale) - throws EBaseException { + public String getCertPrettyPrint(String nickname, String date, + Locale locale) throws EBaseException { try { - X509Certificate[] certs = CryptoManager.getInstance() - .findCertsByNickname(nickname); + X509Certificate[] certs = + CryptoManager.getInstance().findCertsByNickname(nickname); - if ((certs == null || certs.length == 0) - && mNicknameMapCertsTable != null) { - certs = (X509Certificate[]) mNicknameMapCertsTable - .get(nickname); + if ((certs == null || certs.length == 0) && + mNicknameMapCertsTable != null) { + certs = (X509Certificate[]) mNicknameMapCertsTable.get(nickname); } if (certs == null) { - EBaseException e = new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); throw e; } X509CertImpl impl = null; @@ -2357,35 +1993,22 @@ public final class JssSubsystem implements ICryptoSubsystem { else return null; } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } catch (ParseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } } - public String getCertPrettyPrint(String b64E, Locale locale) - throws EBaseException { - try { + public String getCertPrettyPrint(String b64E, Locale locale) throws EBaseException { + try { try { byte[] b = KeyCertUtil.convertB64EToByteArray(b64E); X509CertImpl impl = new X509CertImpl(b); @@ -2400,8 +2023,8 @@ public final class JssSubsystem implements ICryptoSubsystem { String normalized = CertUtils.normalizeCertStr(noHeader); byte data[] = com.netscape.osutil.OSUtil.AtoB(normalized); - ContentInfo ci = (ContentInfo) ASN1Util.decode( - ContentInfo.getTemplate(), data); + ContentInfo ci = (ContentInfo) + ASN1Util.decode(ContentInfo.getTemplate(), data); if (!ci.getContentType().equals(ContentInfo.SIGNED_DATA)) { throw new CertificateException( @@ -2427,28 +2050,20 @@ public final class JssSubsystem implements ICryptoSubsystem { return content; } } catch (InvalidBERException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - "Failed to decode")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + "Failed to decode")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.getMessage())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.getMessage())); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); } } - public X509CertImpl getSignedCert(KeyCertData data, String certType, - java.security.PrivateKey priKey) throws EBaseException { + public X509CertImpl getSignedCert(KeyCertData data, String certType, java.security.PrivateKey priKey) + throws EBaseException { CertificateInfo cert = null; if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { @@ -2462,8 +2077,7 @@ public final class JssSubsystem implements ICryptoSubsystem { } if (cert == null) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - "")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); } X509CertInfo certInfo = null; @@ -2471,28 +2085,19 @@ public final class JssSubsystem implements ICryptoSubsystem { try { certInfo = cert.getCertInfo(); - SignatureAlgorithm sigAlg = (SignatureAlgorithm) data - .get(Constants.PR_SIGNATURE_ALGORITHM); + SignatureAlgorithm sigAlg = + (SignatureAlgorithm) data.get(Constants.PR_SIGNATURE_ALGORITHM); signedCert = KeyCertUtil.signCert(priKey, certInfo, sigAlg); } catch (NoSuchTokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (PQGParamGenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED")); } return signedCert; @@ -2500,30 +2105,28 @@ public final class JssSubsystem implements ICryptoSubsystem { public boolean isCACert(String fullNickname) throws EBaseException { try { - X509Certificate cert = mCryptoManager - .findCertByNickname(fullNickname); + X509Certificate cert = mCryptoManager.findCertByNickname(fullNickname); X509CertImpl impl = new X509CertImpl(cert.getEncoded()); - X509CertInfo certinfo = (X509CertInfo) impl.get(X509CertImpl.NAME - + "." + X509CertImpl.INFO); + X509CertInfo certinfo = (X509CertInfo) impl.get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); if (certinfo == null) return false; else { - CertificateExtensions exts = (CertificateExtensions) certinfo - .get(X509CertInfo.EXTENSIONS); + CertificateExtensions exts = + (CertificateExtensions) certinfo.get(X509CertInfo.EXTENSIONS); if (exts == null) return false; else { try { - BasicConstraintsExtension ext = (BasicConstraintsExtension) exts - .get(BasicConstraintsExtension.NAME); + BasicConstraintsExtension ext = (BasicConstraintsExtension) + exts.get(BasicConstraintsExtension.NAME); if (ext == null) return false; else { - Boolean bool = (Boolean) ext - .get(BasicConstraintsExtension.IS_CA); + Boolean bool = (Boolean) ext.get(BasicConstraintsExtension.IS_CA); return bool.booleanValue(); } @@ -2533,69 +2136,42 @@ public final class JssSubsystem implements ICryptoSubsystem { } } } catch (ObjectNotFoundException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR")); } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); } } - public CertificateExtensions getExtensions(String tokenname, String nickname) - throws EBaseException { + public CertificateExtensions getExtensions(String tokenname, String nickname) + throws EBaseException { try { return KeyCertUtil.getExtensions(tokenname, nickname); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR")); } catch (ObjectNotFoundException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); } } @@ -2603,10 +2179,8 @@ public final class JssSubsystem implements ICryptoSubsystem { KeyCertUtil.checkCertificateExt(ext); } - public void checkKeyLength(String keyType, int keyLength, String certType, - int minRSAKeyLen) throws EBaseException { - // KeyCertUtil.checkKeyLength(keyType, keyLength, certType, - // minRSAKeyLen); + public void checkKeyLength(String keyType, int keyLength, String certType, int minRSAKeyLen) throws EBaseException { + // KeyCertUtil.checkKeyLength(keyType, keyLength, certType, minRSAKeyLen); } public PQGParams getPQG(int keysize) { @@ -2614,25 +2188,25 @@ public final class JssSubsystem implements ICryptoSubsystem { } public PQGParams getCAPQG(int keysize, IConfigStore store) - throws EBaseException { + throws EBaseException { return KeyCertUtil.getCAPQG(keysize, store); } - public CertificateExtensions getCertExtensions(String tokenname, - String nickname) throws NotInitializedException, TokenException, - ObjectNotFoundException, + public CertificateExtensions getCertExtensions(String tokenname, String nickname) + throws NotInitializedException, TokenException, ObjectNotFoundException, IOException, CertificateException { return KeyCertUtil.getExtensions(tokenname, nickname); } } -class JSSDatabaseCloser extends org.mozilla.jss.DatabaseCloser { +class JSSDatabaseCloser extends org.mozilla.jss.DatabaseCloser +{ public JSSDatabaseCloser() throws Exception { - super(); + super(); } public void closeDatabases() { - super.closeDatabases(); + super.closeDatabases(); } } |