diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/security')
14 files changed, 571 insertions, 615 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java b/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java index 04f442a3..bba12561 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java +++ b/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.IOException; import java.math.BigInteger; import java.security.KeyPair; @@ -34,7 +33,6 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; - /** * CA signing certificate. * @@ -43,8 +41,8 @@ import com.netscape.certsrv.security.KeyCertData; */ public class CASigningCert extends CertificateInfo { - public static final String SUBJECT_NAME = - "CN=Certificate Authority, O=Netscape Communications, C=US"; + public static final String SUBJECT_NAME = + "CN=Certificate Authority, O=Netscape Communications, C=US"; public CASigningCert(KeyCertData properties) { this(properties, null); @@ -107,7 +105,7 @@ public class CASigningCert extends CertificateInfo { BigInteger P = new BigInteger(p); BigInteger Q = new BigInteger(q); BigInteger G = new BigInteger(g); - BigInteger pqgSeed = new BigInteger(seed); + BigInteger pqgSeed = new BigInteger(seed); BigInteger pqgH = new BigInteger(H); return new PQGParams(P, Q, G, pqgSeed, counter, pqgH); @@ -135,7 +133,7 @@ public class CASigningCert extends CertificateInfo { cmsFileTmp.putString("ca.signing.cacertnickname", nickname); else cmsFileTmp.putString("ca.signing.cacertnickname", - tokenname + ":" + nickname); + tokenname + ":" + nickname); cmsFileTmp.commit(false); } @@ -162,4 +160,3 @@ public class CASigningCert extends CertificateInfo { return extension; } } - diff --git a/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java b/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java index 1b0c9f2f..e28e3a51 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java +++ b/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.IOException; import java.math.BigInteger; import java.security.InvalidKeyException; @@ -60,7 +59,6 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; - /** * This base class provides methods to import CA signing cert or get certificate * request. @@ -118,30 +116,30 @@ public abstract class CertificateInfo { notBeforeDate = new Date(Long.parseLong(notBeforeStr)); notAfterDate = new Date(Long.parseLong(notAfterStr)); } else { - int beginYear = - Integer.parseInt(mProperties.getBeginYear()) - 1900; - int afterYear = - Integer.parseInt(mProperties.getAfterYear()) - 1900; + int beginYear = + Integer.parseInt(mProperties.getBeginYear()) - 1900; + int afterYear = + Integer.parseInt(mProperties.getAfterYear()) - 1900; int beginMonth = - Integer.parseInt(mProperties.getBeginMonth()); + Integer.parseInt(mProperties.getBeginMonth()); int afterMonth = - Integer.parseInt(mProperties.getAfterMonth()); + Integer.parseInt(mProperties.getAfterMonth()); int beginDate = - Integer.parseInt(mProperties.getBeginDate()); - int afterDate = - Integer.parseInt(mProperties.getAfterDate()); + Integer.parseInt(mProperties.getBeginDate()); + int afterDate = + Integer.parseInt(mProperties.getAfterDate()); int beginHour = - Integer.parseInt(mProperties.getBeginHour()); + Integer.parseInt(mProperties.getBeginHour()); int afterHour = - Integer.parseInt(mProperties.getAfterHour()); + Integer.parseInt(mProperties.getAfterHour()); int beginMin = - Integer.parseInt(mProperties.getBeginMin()); + Integer.parseInt(mProperties.getBeginMin()); int afterMin = - Integer.parseInt(mProperties.getAfterMin()); + Integer.parseInt(mProperties.getAfterMin()); int beginSec = - Integer.parseInt(mProperties.getBeginSec()); + Integer.parseInt(mProperties.getBeginSec()); int afterSec = - Integer.parseInt(mProperties.getAfterSec()); + Integer.parseInt(mProperties.getAfterSec()); Calendar calendar = Calendar.getInstance(); calendar.set(beginYear, beginMonth, beginDate, @@ -159,11 +157,11 @@ public abstract class CertificateInfo { try { certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); BigInteger serialNumber = mProperties.getSerialNumber(); certInfo.set(X509CertInfo.SERIAL_NUMBER, - new CertificateSerialNumber(serialNumber)); + new CertificateSerialNumber(serialNumber)); certInfo.set(X509CertInfo.EXTENSIONS, getExtensions()); certInfo.set(X509CertInfo.VALIDITY, getCertificateValidity()); String issuerName = mProperties.getIssuerName(); @@ -172,20 +170,20 @@ public abstract class CertificateInfo { issuerName = getSubjectName(); } - certInfo.set(X509CertInfo.ISSUER, - new CertificateIssuerName(new X500Name(issuerName))); + certInfo.set(X509CertInfo.ISSUER, + new CertificateIssuerName(new X500Name(issuerName))); certInfo.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(new X500Name(getSubjectName()))); - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateSubjectName(new X500Name(getSubjectName()))); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); PublicKey pubk = mKeyPair.getPublic(); X509Key xKey = KeyCertUtil.convertPublicKeyToX509Key(pubk); certInfo.set(X509CertInfo.KEY, new CertificateX509Key(xKey)); //SignatureAlgorithm algm = getSigningAlgorithm(); - SignatureAlgorithm algm = - (SignatureAlgorithm) mProperties.get(Constants.PR_SIGNATURE_ALGORITHM); + SignatureAlgorithm algm = + (SignatureAlgorithm) mProperties.get(Constants.PR_SIGNATURE_ALGORITHM); if (algm == null) { String hashtype = (String) mProperties.get(ConfigConstants.PR_HASH_TYPE); @@ -197,16 +195,16 @@ public abstract class CertificateInfo { AlgorithmId sigAlgId = getAlgorithmId(); if (sigAlgId == null) { - byte[]encodedOID = ASN1Util.encode(algm.toOID()); + byte[] encodedOID = ASN1Util.encode(algm.toOID()); sigAlgId = new AlgorithmId(new ObjectIdentifier( new DerInputStream(encodedOID))); } certInfo.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId(sigAlgId)); + new CertificateAlgorithmId(sigAlgId)); } catch (InvalidKeyException e) { throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY")); - } catch (CertificateException e) { + } catch (CertificateException e) { throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_CERT", e.toString())); } catch (IOException e) { throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_CERT", e.toString())); @@ -246,7 +244,7 @@ public abstract class CertificateInfo { if (isKeyUsageEnabled) { KeyCertUtil.setKeyUsageExtension( - exts, getKeyUsageExtension()); + exts, getKeyUsageExtension()); } return exts; } @@ -256,7 +254,7 @@ public abstract class CertificateInfo { } public void setAuthorityKeyIdExt(CertificateExtensions caexts, CertificateExtensions ext) - throws IOException, CertificateException, CertificateEncodingException, + throws IOException, CertificateException, CertificateEncodingException, CertificateParsingException { SubjectKeyIdentifierExtension subjKeyExt = null; @@ -272,10 +270,9 @@ public abstract class CertificateInfo { KeyIdentifier keyId = (KeyIdentifier) subjKeyExt.get( SubjectKeyIdentifierExtension.KEY_ID); AuthorityKeyIdentifierExtension authExt = - new AuthorityKeyIdentifierExtension(false, keyId, null, null); + new AuthorityKeyIdentifierExtension(false, keyId, null, null); ext.set(AuthorityKeyIdentifierExtension.class.getSimpleName(), authExt); } } } - diff --git a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java index 372b966b..032fce3e 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java +++ b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.ByteArrayOutputStream; import java.io.FileInputStream; import java.io.FileOutputStream; @@ -101,10 +100,10 @@ import com.netscape.cmscore.cert.CertUtils; import com.netscape.cmscore.util.Debug; import com.netscape.cmsutil.crypto.CryptoUtil; - /** * Subsystem for initializing JSS> * <P> + * * @version $Revision$ $Date$ */ public final class JssSubsystem implements ICryptoSubsystem { @@ -131,7 +130,7 @@ public final class JssSubsystem implements ICryptoSubsystem { private Hashtable<String, X509Certificate[]> mNicknameMapCertsTable = new Hashtable<String, X509Certificate[]>(); private Hashtable<String, X509Certificate[]> mNicknameMapUserCertsTable = new Hashtable<String, X509Certificate[]>(); - private FileInputStream devRandomInputStream=null; + private FileInputStream devRandomInputStream = null; // This date format is to format the date string of the certificate in such a way as // May 01, 1999 01:55:55. @@ -148,19 +147,19 @@ public final class JssSubsystem implements ICryptoSubsystem { private static Hashtable<String, Integer> mCipherNames = new Hashtable<String, Integer>(); /* default sslv2 and sslv3 cipher suites(all), set if no prefs in config.*/ - private static final String DEFAULT_CIPHERPREF = - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + - "TLS_RSA_WITH_AES_128_CBC_SHA," + - "TLS_RSA_WITH_AES_256_CBC_SHA," + - "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + -// "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + -// "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + -// "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA," + - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA," + - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA," + - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"; + private static final String DEFAULT_CIPHERPREF = + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + + "TLS_RSA_WITH_AES_128_CBC_SHA," + + "TLS_RSA_WITH_AES_256_CBC_SHA," + + "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + + // "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + + // "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + + // "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + + "TLS_DHE_DSS_WITH_AES_128_CBC_SHA," + + "TLS_DHE_DSS_WITH_AES_256_CBC_SHA," + + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA," + + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"; /* list of all ciphers JSS supports */ private static final int mJSSCipherSuites[] = { @@ -199,29 +198,29 @@ public final class JssSubsystem implements ICryptoSubsystem { Integer.valueOf(SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5)); */ mCipherNames.put(Constants.PR_SSL3_RSA_WITH_NULL_MD5, - Integer.valueOf(SSLSocket.SSL3_RSA_WITH_NULL_MD5)); + Integer.valueOf(SSLSocket.SSL3_RSA_WITH_NULL_MD5)); mCipherNames.put(Constants.PR_SSL3_RSA_EXPORT_WITH_RC4_40_MD5, - Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5)); + Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5)); mCipherNames.put(Constants.PR_SSL3_RSA_WITH_RC4_128_MD5, - Integer.valueOf(SSLSocket.SSL3_RSA_WITH_RC4_128_MD5)); + Integer.valueOf(SSLSocket.SSL3_RSA_WITH_RC4_128_MD5)); mCipherNames.put(Constants.PR_SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5, - Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5)); + Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5)); mCipherNames.put(Constants.PR_SSL3_RSA_WITH_DES_CBC_SHA, - Integer.valueOf(SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA)); + Integer.valueOf(SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA)); mCipherNames.put(Constants.PR_SSL3_RSA_WITH_3DES_EDE_CBC_SHA, - Integer.valueOf(SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA)); + Integer.valueOf(SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA)); mCipherNames.put(Constants.PR_SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, - Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA)); + Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA)); mCipherNames.put(Constants.PR_SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA, - Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA)); + Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA)); mCipherNames.put(Constants.PR_SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, - Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA)); + Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA)); mCipherNames.put(Constants.PR_SSL_RSA_FIPS_WITH_DES_CBC_SHA, - Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA)); + Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA)); mCipherNames.put(Constants.PR_TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, - Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA)); + Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA)); mCipherNames.put(Constants.PR_TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, - Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA)); + Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA)); } public static JssSubsystem getInstance() { @@ -243,40 +242,37 @@ public final class JssSubsystem implements ICryptoSubsystem { } - // Add entropy to the 'default' RNG token - public void addEntropy(int bits) - throws org.mozilla.jss.util.NotImplementedException, - IOException, - TokenException - { - int read=0; - int bytes = (7+bits)/8; - byte[] b = new byte[bytes]; - if (devRandomInputStream == null) { - throw new IOException(CMS.getLogMessage("CMSCORE_SECURITY_NO_ENTROPY_STREAM")); - } - do { - int c = devRandomInputStream.read(b,read,bytes-read); - read += c; - } - while (read < bytes); - - CMS.debug("JssSubsystem adding "+bits+" bits ("+bytes+" bytes) of entropy to default RNG token"); - CMS.debug(b); - PK11SecureRandom sr = new PK11SecureRandom(); - sr.setSeed(b); - } - + // Add entropy to the 'default' RNG token + public void addEntropy(int bits) + throws org.mozilla.jss.util.NotImplementedException, + IOException, + TokenException { + int read = 0; + int bytes = (7 + bits) / 8; + byte[] b = new byte[bytes]; + if (devRandomInputStream == null) { + throw new IOException(CMS.getLogMessage("CMSCORE_SECURITY_NO_ENTROPY_STREAM")); + } + do { + int c = devRandomInputStream.read(b, read, bytes - read); + read += c; + } while (read < bytes); + + CMS.debug("JssSubsystem adding " + bits + " bits (" + bytes + " bytes) of entropy to default RNG token"); + CMS.debug(b); + PK11SecureRandom sr = new PK11SecureRandom(); + sr.setSeed(b); + } + /** - * Initializes the Jss security subsystem. + * Initializes the Jss security subsystem. * <P> */ - public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException { mLogger = CMS.getLogger(); - - if (mInited) - { + + if (mInited) { // This used to throw an exeception (e.g. - on Solaris). // If JSS is already initialized simply return. CMS.debug("JssSubsystem already inited.. returning."); @@ -309,9 +305,9 @@ public final class JssSubsystem implements ICryptoSubsystem { String certDir; certDir = config.getString(CONFIG_DIR, null); - - CryptoManager.InitializationValues vals = - new CryptoManager.InitializationValues(certDir, + + CryptoManager.InitializationValues vals = + new CryptoManager.InitializationValues(certDir, "", "", "secmod.db"); vals.removeSunProvider = false; @@ -321,7 +317,7 @@ public final class JssSubsystem implements ICryptoSubsystem { } catch (AlreadyInitializedException e) { // do nothing } catch (Exception e) { - String[] params = {mId, e.toString()}; + String[] params = { mId, e.toString() }; EBaseException ex = new EBaseException( CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); @@ -333,19 +329,19 @@ public final class JssSubsystem implements ICryptoSubsystem { mCryptoManager = CryptoManager.getInstance(); initSSL(); } catch (CryptoManager.NotInitializedException e) { - String[] params = {mId, e.toString()}; + String[] params = { mId, e.toString() }; EBaseException ex = new EBaseException( CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); throw ex; } - + mInited = true; } public String getCipherVersion() throws EBaseException { - return "cipherdomestic"; + return "cipherdomestic"; } public String getCipherPreferences() throws EBaseException { @@ -383,13 +379,13 @@ public final class JssSubsystem implements ICryptoSubsystem { if (position == -1) { Debug.trace("Unable to install CMS provider"); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_INSTALL_PROVIDER")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_INSTALL_PROVIDER")); } } - public void setCipherPreferences(String cipherPrefs) - throws EBaseException { + public void setCipherPreferences(String cipherPrefs) + throws EBaseException { if (mSSLConfig != null) { if (cipherPrefs.equals("")) throw new EBaseException(CMS.getUserMessage("CMS_BASE_NO_EMPTY_CIPHERPREFS")); @@ -418,11 +414,11 @@ public final class JssSubsystem implements ICryptoSubsystem { if (Debug.ON) Debug.trace("configured ssl cipher prefs is " + sslCiphers); - // first, disable all ciphers, since JSS defaults to all-enabled + // first, disable all ciphers, since JSS defaults to all-enabled for (int i = mJSSCipherSuites.length - 1; i >= 0; i--) { try { SSLSocket.setCipherPreferenceDefault(mJSSCipherSuites[i], - false); + false); } catch (SocketException e) { } } @@ -433,8 +429,8 @@ public final class JssSubsystem implements ICryptoSubsystem { StringTokenizer ciphers = new StringTokenizer(sslCiphers, ","); if (!ciphers.hasMoreTokens()) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_INVALID_CIPHER", sslCiphers)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_INVALID_CIPHER", sslCiphers)); throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY", PROP_SSL_CIPHERPREF)); } while (ciphers.hasMoreTokens()) { @@ -444,13 +440,13 @@ public final class JssSubsystem implements ICryptoSubsystem { if (sslcipher != null) { String msg = "setting ssl cipher " + cipher; - CMS.debug("JSSSubsystem: initSSL(): "+msg); + CMS.debug("JSSSubsystem: initSSL(): " + msg); log(ILogger.LL_INFO, msg); if (Debug.ON) Debug.trace(msg); try { SSLSocket.setCipherPreferenceDefault( - sslcipher.intValue(), true); + sslcipher.intValue(), true); } catch (SocketException e) { } } @@ -458,7 +454,7 @@ public final class JssSubsystem implements ICryptoSubsystem { } } - + /** * Retrieves a configuration store of this subsystem. * <P> @@ -472,26 +468,26 @@ public final class JssSubsystem implements ICryptoSubsystem { */ public void startup() throws EBaseException { } - + /** * Shutdowns this subsystem. * <P> */ public void shutdown() { try { - // After talking to NSS teamm, we should not call close databases - // which will call NSS_Shutdown. Web Server will call NSS_Shutdown - boolean isClosing = mConfig.getBoolean("closeDatabases", false); - if (isClosing) { - JSSDatabaseCloser closer = new JSSDatabaseCloser(); - closer.closeDatabases(); - } + // After talking to NSS teamm, we should not call close databases + // which will call NSS_Shutdown. Web Server will call NSS_Shutdown + boolean isClosing = mConfig.getBoolean("closeDatabases", false); + if (isClosing) { + JSSDatabaseCloser closer = new JSSDatabaseCloser(); + closer.closeDatabases(); + } } catch (Exception e) { } } public void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "JSS " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "JSS " + msg); } public PasswordCallback getPWCB() { @@ -505,7 +501,7 @@ public final class JssSubsystem implements ICryptoSubsystem { try { name = c.getName(); } catch (TokenException e) { - String[] params = {mId, e.toString()}; + String[] params = { mId, e.toString() }; EBaseException ex = new EBaseException( CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); @@ -519,12 +515,12 @@ public final class JssSubsystem implements ICryptoSubsystem { public String getTokenList() throws EBaseException { String tokenList = ""; @SuppressWarnings("unchecked") - Enumeration<CryptoToken> tokens = mCryptoManager.getExternalTokens(); + Enumeration<CryptoToken> tokens = mCryptoManager.getExternalTokens(); int num = 0; try { while (tokens.hasMoreElements()) { - CryptoToken c = tokens.nextElement(); + CryptoToken c = tokens.nextElement(); // skip builtin object token if (c.getName() != null && c.getName().equals("Builtin Object Token")) { @@ -532,12 +528,12 @@ public final class JssSubsystem implements ICryptoSubsystem { } if (num++ == 0) - tokenList = tokenList + c.getName(); - else + tokenList = tokenList + c.getName(); + else tokenList = tokenList + "," + c.getName(); } } catch (TokenException e) { - String[] params = {mId, e.toString()}; + String[] params = { mId, e.toString() }; EBaseException ex = new EBaseException( CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); @@ -545,8 +541,8 @@ public final class JssSubsystem implements ICryptoSubsystem { throw ex; } - if (tokenList.equals("")) - return Constants.PR_INTERNAL_TOKEN; + if (tokenList.equals("")) + return Constants.PR_INTERNAL_TOKEN; else return (tokenList + "," + Constants.PR_INTERNAL_TOKEN); } @@ -585,8 +581,8 @@ public final class JssSubsystem implements ICryptoSubsystem { } } - public String getCertSubjectName(String tokenname, String nickname) - throws EBaseException { + public String getCertSubjectName(String tokenname, String nickname) + throws EBaseException { try { return KeyCertUtil.getCertSubjectName(tokenname, nickname); } catch (NoSuchTokenException e) { @@ -609,7 +605,7 @@ public final class JssSubsystem implements ICryptoSubsystem { try { @SuppressWarnings("unchecked") - Enumeration<CryptoToken> enums = mCryptoManager.getAllTokens(); + Enumeration<CryptoToken> enums = mCryptoManager.getAllTokens(); while (enums.hasMoreElements()) { CryptoToken token = enums.nextElement(); @@ -626,7 +622,7 @@ public final class JssSubsystem implements ICryptoSubsystem { } } } catch (TokenException e) { - String[] params = {mId, e.toString()}; + String[] params = { mId, e.toString() }; EBaseException ex = new EBaseException( CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); @@ -655,7 +651,7 @@ public final class JssSubsystem implements ICryptoSubsystem { if (list == null) return ""; - + for (int i = 0; i < list.length; i++) { String nickname = list[i].getNickname(); int index = nickname.indexOf(":"); @@ -672,14 +668,14 @@ public final class JssSubsystem implements ICryptoSubsystem { return ""; } catch (TokenException e) { - String[] params = {mId, e.toString()}; + String[] params = { mId, e.toString() }; EBaseException ex = new EBaseException( CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); throw ex; } catch (NoSuchTokenException e) { - String[] params = {mId, e.toString()}; + String[] params = { mId, e.toString() }; EBaseException ex = new EBaseException( CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); @@ -706,7 +702,7 @@ public final class JssSubsystem implements ICryptoSubsystem { if (list == null) return ""; - + for (int i = 0; i < list.length; i++) { String nickname = list[i].getNickname(); @@ -720,14 +716,14 @@ public final class JssSubsystem implements ICryptoSubsystem { return ""; } catch (TokenException e) { - String[] params = {mId, e.toString()}; + String[] params = { mId, e.toString() }; EBaseException ex = new EBaseException( CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); throw ex; } catch (NoSuchTokenException e) { - String[] params = {mId, e.toString()}; + String[] params = { mId, e.toString() }; EBaseException ex = new EBaseException( CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); @@ -736,8 +732,8 @@ public final class JssSubsystem implements ICryptoSubsystem { } } - public AlgorithmId getAlgorithmId(String algname, IConfigStore store) - throws EBaseException { + public AlgorithmId getAlgorithmId(String algname, IConfigStore store) + throws EBaseException { try { if (algname.equals("DSA")) { byte[] p = store.getByteArray("ca.dsaP", null); @@ -760,8 +756,8 @@ public final class JssSubsystem implements ICryptoSubsystem { public String getSignatureAlgorithm(String nickname) throws EBaseException { try { - X509Certificate cert = - CryptoManager.getInstance().findCertByNickname(nickname); + X509Certificate cert = + CryptoManager.getInstance().findCertByNickname(nickname); X509CertImpl impl = new X509CertImpl(cert.getEncoded()); return impl.getSigAlgName(); @@ -777,15 +773,15 @@ public final class JssSubsystem implements ICryptoSubsystem { } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); - } + } } public KeyPair getKeyPair(String nickname) throws EBaseException { try { - X509Certificate cert = - CryptoManager.getInstance().findCertByNickname(nickname); - PrivateKey priKey = - CryptoManager.getInstance().findPrivKeyByCert(cert); + X509Certificate cert = + CryptoManager.getInstance().findCertByNickname(nickname); + PrivateKey priKey = + CryptoManager.getInstance().findPrivKeyByCert(cert); PublicKey publicKey = cert.getPublicKey(); return new KeyPair(publicKey, priKey); @@ -802,12 +798,12 @@ public final class JssSubsystem implements ICryptoSubsystem { } public KeyPair getKeyPair(String tokenName, String alg, - int keySize) throws EBaseException { + int keySize) throws EBaseException { return getKeyPair(tokenName, alg, keySize, null); } public KeyPair getKeyPair(String tokenName, String alg, - int keySize, PQGParams pqg) throws EBaseException { + int keySize, PQGParams pqg) throws EBaseException { String t = tokenName; if (tokenName.equals(Constants.PR_INTERNAL_TOKEN)) @@ -815,12 +811,12 @@ public final class JssSubsystem implements ICryptoSubsystem { CryptoToken token = null; try { - token = mCryptoManager.getTokenByName(t); + token = mCryptoManager.getTokenByName(t); } catch (NoSuchTokenException e) { log(ILogger.LL_FAILURE, "Generate Key Pair Error " + e); throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", tokenName)); } - + KeyPairAlgorithm kpAlg = null; if (alg.equals("RSA")) @@ -862,11 +858,11 @@ public final class JssSubsystem implements ICryptoSubsystem { } } - public String getCertRequest(String subjectName, KeyPair kp) - throws EBaseException { + public String getCertRequest(String subjectName, KeyPair kp) + throws EBaseException { try { netscape.security.pkcs.PKCS10 pkcs = - KeyCertUtil.getCertRequest(subjectName, kp); + KeyCertUtil.getCertRequest(subjectName, kp); ByteArrayOutputStream bs = new ByteArrayOutputStream(); PrintStream ps = new PrintStream(bs); @@ -893,8 +889,8 @@ public final class JssSubsystem implements ICryptoSubsystem { } } - public void importCert(String b64E, String nickname, String certType) - throws EBaseException { + public void importCert(String b64E, String nickname, String certType) + throws EBaseException { try { KeyCertUtil.importCert(b64E, nickname, certType); } catch (CertificateException e) { @@ -931,7 +927,7 @@ public final class JssSubsystem implements ICryptoSubsystem { String tmp = (String) properties.get(Constants.PR_TOKEN_NAME); if ((tmp != null) && - (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) + (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) tokenname = tmp; tmp = (String) properties.get(Constants.PR_KEY_TYPE); if (tmp != null) @@ -953,9 +949,9 @@ public final class JssSubsystem implements ICryptoSubsystem { KeyPair pair = null; String tmp = (String) properties.get(Constants.PR_TOKEN_NAME); - if (tmp != null) + if (tmp != null) token = tmp; - + tmp = (String) properties.get(Constants.PR_KEY_CURVENAME); if (tmp != null) keyCurve = tmp; @@ -966,7 +962,7 @@ public final class JssSubsystem implements ICryptoSubsystem { return pair; } - + public KeyPair getECCKeyPair(String token, String keyCurve, String certType) throws EBaseException { KeyPair pair = null; @@ -974,26 +970,26 @@ public final class JssSubsystem implements ICryptoSubsystem { token = Constants.PR_INTERNAL_TOKEN_NAME; if ((keyCurve == null) || (keyCurve.equals(""))) - keyCurve = "nistp512"; + keyCurve = "nistp512"; String ectype = getECType(certType); // ECDHE needs "SIGN" but no "DERIVE" org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE }; // ECDH needs "DERIVE" but no any kind of "SIGN" org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = { - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, }; try { - if (ectype.equals("ECDHE")) - pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, usages_mask); + if (ectype.equals("ECDHE")) + pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, usages_mask); else - pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, ECDH_usages_mask); + pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, ECDH_usages_mask); } catch (NotInitializedException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); @@ -1009,10 +1005,10 @@ public final class JssSubsystem implements ICryptoSubsystem { } return pair; - } + } public void importCert(X509CertImpl signedCert, String nickname, - String certType) throws EBaseException { + String certType) throws EBaseException { try { KeyCertUtil.importCert(signedCert, nickname, certType); @@ -1065,23 +1061,23 @@ public final class JssSubsystem implements ICryptoSubsystem { } public void deleteUserCert(String nickname, String serialno, String issuername) - throws EBaseException { + throws EBaseException { try { X509Certificate cert = getCertificate(nickname, serialno, issuername); if (cert instanceof TokenCertificate) { TokenCertificate tcert = (TokenCertificate) cert; CryptoStore store = tcert.getOwningToken().getCryptoStore(); -CMS.debug("*** deleting this token cert"); + CMS.debug("*** deleting this token cert"); tcert.getOwningToken().getCryptoStore().deleteCert(tcert); -CMS.debug("*** finish deleting this token cert"); + CMS.debug("*** finish deleting this token cert"); } else { - CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken(); - CryptoStore store = token.getCryptoStore(); + CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken(); + CryptoStore store = token.getCryptoStore(); -CMS.debug("*** deleting this interna cert"); - store.deleteCert(cert); -CMS.debug("*** removing this interna cert"); + CMS.debug("*** deleting this interna cert"); + store.deleteCert(cert); + CMS.debug("*** removing this interna cert"); } } catch (NotInitializedException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); @@ -1095,12 +1091,12 @@ CMS.debug("*** removing this interna cert"); } } - public void deleteRootCert(String nickname, String serialno, - String issuername) throws EBaseException { + public void deleteRootCert(String nickname, String serialno, + String issuername) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { - nickname = nickname.substring(index+1); + nickname = nickname.substring(index + 1); } try { if (mNicknameMapCertsTable != null) { @@ -1117,24 +1113,24 @@ CMS.debug("*** removing this interna cert"); X509CertImpl impl = new X509CertImpl(cert.getEncoded()); String num = impl.getSerialNumber().toString(); String issuer = impl.getIssuerDN().toString(); -CMS.debug("*** num "+num); -CMS.debug("*** issuer "+issuer); + CMS.debug("*** num " + num); + CMS.debug("*** issuer " + issuer); if (num.equals(serialno) && issuername.equals(issuer)) { -CMS.debug("*** removing root cert"); + CMS.debug("*** removing root cert"); if (cert instanceof TokenCertificate) { TokenCertificate tcert = (TokenCertificate) cert; CryptoStore store = tcert.getOwningToken().getCryptoStore(); - -CMS.debug("*** deleting this token cert"); - tcert.getOwningToken().getCryptoStore().deleteCert(tcert); -CMS.debug("*** finish deleting this token cert"); + + CMS.debug("*** deleting this token cert"); + tcert.getOwningToken().getCryptoStore().deleteCert(tcert); + CMS.debug("*** finish deleting this token cert"); } else { - CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken(); + CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken(); CryptoStore store = token.getCryptoStore(); - -CMS.debug("*** deleting this interna cert"); + + CMS.debug("*** deleting this interna cert"); store.deleteCert(cert); -CMS.debug("*** removing this interna cert"); + CMS.debug("*** removing this interna cert"); } mNicknameMapCertsTable.remove(nickname); break; @@ -1162,7 +1158,7 @@ CMS.debug("*** removing this interna cert"); NameValuePairs nvps = new NameValuePairs(); try { @SuppressWarnings("unchecked") - Enumeration<CryptoToken> enums = mCryptoManager.getAllTokens(); + Enumeration<CryptoToken> enums = mCryptoManager.getAllTokens(); if (mNicknameMapCertsTable != null) mNicknameMapCertsTable.clear(); @@ -1178,21 +1174,21 @@ CMS.debug("*** removing this interna cert"); for (int i = 0; i < list.length; i++) { try { - PrivateKey key = - CryptoManager.getInstance().findPrivKeyByCert(list[i]); + PrivateKey key = + CryptoManager.getInstance().findPrivKeyByCert(list[i]); Debug.trace("JssSubsystem getRootCerts: find private key " - +list[i].getNickname()); + + list[i].getNickname()); } catch (ObjectNotFoundException e) { String nickname = list[i].getNickname(); - if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { - nickname = Constants.PR_INTERNAL_TOKEN_NAME+":"+nickname; + if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { + nickname = Constants.PR_INTERNAL_TOKEN_NAME + ":" + nickname; } X509CertImpl impl = null; try { Vector<X509Certificate> v; if (vecTable.containsKey((Object) nickname) == true) { - v = vecTable.get(nickname); + v = vecTable.get(nickname); } else { v = new Vector<X509Certificate>(); } @@ -1206,20 +1202,20 @@ CMS.debug("*** removing this interna cert"); } String serialno = impl.getSerialNumber().toString(); String issuer = impl.getIssuerDN().toString(); - nvps.add(nickname+","+serialno, issuer); - Debug.trace("getRootCerts: nickname="+nickname+", serialno="+ - serialno+", issuer="+issuer); + nvps.add(nickname + "," + serialno, issuer); + Debug.trace("getRootCerts: nickname=" + nickname + ", serialno=" + + serialno + ", issuer=" + issuer); continue; } catch (CryptoManager.NotInitializedException e) { continue; } - } + } // convert hashtable of vectors to hashtable of arrays Enumeration<String> elms = vecTable.keys(); while (elms.hasMoreElements()) { String key = (String) elms.nextElement(); - Vector<X509Certificate> v = vecTable.get((Object) key); + Vector<X509Certificate> v = vecTable.get((Object) key); X509Certificate[] a = new X509Certificate[v.size()]; v.copyInto((Object[]) a); @@ -1239,7 +1235,7 @@ CMS.debug("*** removing this interna cert"); NameValuePairs nvps = new NameValuePairs(); try { @SuppressWarnings("unchecked") - Enumeration<CryptoToken> enums = mCryptoManager.getAllTokens(); + Enumeration<CryptoToken> enums = mCryptoManager.getAllTokens(); while (enums.hasMoreElements()) { CryptoToken token = (CryptoToken) enums.nextElement(); @@ -1250,16 +1246,16 @@ CMS.debug("*** removing this interna cert"); for (int i = 0; i < list.length; i++) { try { - PrivateKey key = - CryptoManager.getInstance().findPrivKeyByCert(list[i]); + PrivateKey key = + CryptoManager.getInstance().findPrivKeyByCert(list[i]); String nickname = list[i].getNickname(); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME) || - tokenName.equals(Constants.PR_FULL_INTERNAL_TOKEN_NAME)) { - nickname = Constants.PR_INTERNAL_TOKEN_NAME+":"+nickname; + tokenName.equals(Constants.PR_FULL_INTERNAL_TOKEN_NAME)) { + nickname = Constants.PR_INTERNAL_TOKEN_NAME + ":" + nickname; } X509CertImpl impl = null; - try { + try { impl = new X509CertImpl(list[i].getEncoded()); } catch (CertificateException e) { // skip bad certificate @@ -1268,17 +1264,17 @@ CMS.debug("*** removing this interna cert"); } String serialno = impl.getSerialNumber().toString(); String issuer = impl.getIssuerDN().toString(); - nvps.add(nickname+","+serialno, issuer); - Debug.trace("getUserCerts: nickname="+nickname+", serialno="+ - serialno+", issuer="+issuer); + nvps.add(nickname + "," + serialno, issuer); + Debug.trace("getUserCerts: nickname=" + nickname + ", serialno=" + + serialno + ", issuer=" + issuer); } catch (ObjectNotFoundException e) { Debug.trace("JssSubsystem getUserCerts: cant find private key " - +list[i].getNickname()); + + list[i].getNickname()); continue; } catch (CryptoManager.NotInitializedException e) { continue; } - } + } } } catch (TokenException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString())); @@ -1306,7 +1302,7 @@ CMS.debug("*** removing this interna cert"); try { @SuppressWarnings("unchecked") - Enumeration<CryptoToken> enums = mCryptoManager.getAllTokens(); + Enumeration<CryptoToken> enums = mCryptoManager.getAllTokens(); while (enums.hasMoreElements()) { CryptoToken token = (CryptoToken) enums.nextElement(); @@ -1317,14 +1313,14 @@ CMS.debug("*** removing this interna cert"); for (int i = 0; i < list.length; i++) { String nickname = list[i].getNickname(); - X509Certificate[] certificates = - CryptoManager.getInstance().findCertsByNickname(nickname); + X509Certificate[] certificates = + CryptoManager.getInstance().findCertsByNickname(nickname); mNicknameMapUserCertsTable.put(nickname, certificates); X509CertImpl impl = null; - try { + try { impl = new X509CertImpl(list[i].getEncoded()); } catch (CertificateException e) { // skip bad certificate @@ -1346,7 +1342,7 @@ CMS.debug("*** removing this interna cert"); if (vvalue.endsWith(",u")) { pair.setValue(vvalue + ";" + certValue); } - } + } } } /* while */ @@ -1371,22 +1367,22 @@ CMS.debug("*** removing this interna cert"); X509Certificate[] certs; try { - certs = + certs = CryptoManager.getInstance().getCACerts(); } catch (NotInitializedException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } - if( mNicknameMapCertsTable == null ) { - CMS.debug( "JssSubsystem::getCACerts() - " - + "mNicknameMapCertsTable is null!" ); - throw new EBaseException( "mNicknameMapCertsTable is null" ); + if (mNicknameMapCertsTable == null) { + CMS.debug("JssSubsystem::getCACerts() - " + + "mNicknameMapCertsTable is null!"); + throw new EBaseException("mNicknameMapCertsTable is null"); } else { mNicknameMapCertsTable.clear(); } - // a temp hashtable with vectors + // a temp hashtable with vectors Hashtable<String, Vector<X509Certificate>> vecTable = new Hashtable<String, Vector<X509Certificate>>(); for (int i = 0; i < certs.length; i++) { @@ -1396,7 +1392,7 @@ CMS.debug("*** removing this interna cert"); Vector<X509Certificate> v; if (vecTable.containsKey((Object) nickname) == true) { - v = vecTable.get(nickname); + v = vecTable.get(nickname); } else { v = new Vector<X509Certificate>(); } @@ -1409,19 +1405,19 @@ CMS.debug("*** removing this interna cert"); while (elms.hasMoreElements()) { String key = (String) elms.nextElement(); - Vector<X509Certificate> v = vecTable.get((Object) key); + Vector<X509Certificate> v = vecTable.get((Object) key); X509Certificate[] a = new X509Certificate[v.size()]; v.copyInto((Object[]) a); mNicknameMapCertsTable.put(key, a); } - Enumeration<String> keys = mNicknameMapCertsTable.keys(); + Enumeration<String> keys = mNicknameMapCertsTable.keys(); while (keys.hasMoreElements()) { String nickname = (String) keys.nextElement(); X509Certificate[] value = (X509Certificate[]) mNicknameMapCertsTable.get(nickname); - + for (int i = 0; i < value.length; i++) { InternalCertificate icert = null; @@ -1431,14 +1427,13 @@ CMS.debug("*** removing this interna cert"); Debug.trace("cert is not an InternalCertificate"); Debug.trace("nickname: " + nickname + " index " + i); Debug.trace("cert: " + value[i]); - continue; + continue; } - + int flag = icert.getSSLTrust(); String trust = "U"; - if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == - InternalCertificate.TRUSTED_CLIENT_CA) + if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == InternalCertificate.TRUSTED_CLIENT_CA) trust = "T"; X509CertImpl impl = null; @@ -1455,7 +1450,7 @@ CMS.debug("*** removing this interna cert"); String vvalue = pair.getValue(); pair.setValue(vvalue + ";" + certValue); - } + } } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT_FOR", nickname, e.toString())); // allow it to continue with other certs even if one blows @@ -1489,8 +1484,8 @@ CMS.debug("*** removing this interna cert"); if (cert instanceof InternalCertificate) { if (trust.equals("Trust")) { int trustflag = InternalCertificate.TRUSTED_CA | - InternalCertificate.TRUSTED_CLIENT_CA | - InternalCertificate.VALID_CA; + InternalCertificate.TRUSTED_CLIENT_CA | + InternalCertificate.VALID_CA; ((InternalCertificate) cert).setSSLTrust(trustflag); } else @@ -1503,7 +1498,7 @@ CMS.debug("*** removing this interna cert"); } } } - } catch (ParseException e) { + } catch (ParseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } catch (CertificateException e) { @@ -1514,12 +1509,13 @@ CMS.debug("*** removing this interna cert"); /** * Delete the CA certificate from the perm database. + * * @param nickname The nickname of the CA certificate. * @param notAfterTime The notAfter of the certificate. It is possible to get multiple - * certificates under the same nickname. If one of the certificates match the notAfterTime, - * then the certificate will get deleted. The format of the notAfterTime has to be - * in "MMMMM dd, yyyy HH:mm:ss" format. - */ + * certificates under the same nickname. If one of the certificates match the notAfterTime, + * then the certificate will get deleted. The format of the notAfterTime has to be + * in "MMMMM dd, yyyy HH:mm:ss" format. + */ public void deleteCACert(String nickname, String notAfterTime) throws EBaseException { try { if (mNicknameMapCertsTable != null) { @@ -1575,15 +1571,17 @@ CMS.debug("*** removing this interna cert"); /** * Delete any certificate from the any token. + * * @param nickname The nickname of the certificate. * @param notAfterTime The notAfter of the certificate. It is possible to get multiple - * certificates under the same nickname. If one of the certificates match the notAfterTime, - * then the certificate will get deleted. The format of the notAfterTime has to be - * in "MMMMM dd, yyyy HH:mm:ss" format. - */ + * certificates under the same nickname. If one of the certificates match the notAfterTime, + * then the certificate will get deleted. The format of the notAfterTime has to be + * in "MMMMM dd, yyyy HH:mm:ss" format. + */ public void deleteCert(String nickname, String notAfterTime) throws EBaseException { boolean isUserCert = false; - X509Certificate[] certs = null;; + X509Certificate[] certs = null; + ; try { if (mNicknameMapCertsTable != null) { @@ -1677,15 +1675,15 @@ CMS.debug("*** removing this interna cert"); CryptoStore store = tcert.getOwningToken().getCryptoStore(); tcert.getOwningToken().getCryptoStore().deleteCert(tcert); - } else + } else throw new EBaseException(CMS.getUserMessage("CMS_BASE_NOT_TOKEN_CERT")); int index = nickname.indexOf(":"); - + // the deleted certificate is on the hardware token. We should delete the same one from // the internal token. if (index > 0) { - CryptoToken cToken = CryptoManager.getInstance().getInternalKeyStorageToken(); + CryptoToken cToken = CryptoManager.getInstance().getInternalKeyStorageToken(); CryptoStore store = cToken.getCryptoStore(); X509Certificate[] allcerts = CryptoManager.getInstance().getCACerts(); @@ -1721,7 +1719,7 @@ CMS.debug("*** removing this interna cert"); } catch (CertificateEncodingException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); - } catch (IOException e) { + } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } @@ -1730,7 +1728,7 @@ CMS.debug("*** removing this interna cert"); public String getSubjectDN(String nickname) throws EBaseException { try { X509Certificate cert = - CryptoManager.getInstance().findCertByNickname(nickname); + CryptoManager.getInstance().findCertByNickname(nickname); X509CertImpl impl = new X509CertImpl(cert.getEncoded()); return impl.getSubjectDN().getName(); @@ -1750,14 +1748,14 @@ CMS.debug("*** removing this interna cert"); } public void setRootCertTrust(String nickname, String serialno, - String issuerName, String trust) throws EBaseException { - + String issuerName, String trust) throws EBaseException { + X509Certificate cert = getCertificate(nickname, serialno, issuerName); if (cert instanceof InternalCertificate) { if (trust.equals("trust")) { int trustflag = InternalCertificate.TRUSTED_CA | - InternalCertificate.TRUSTED_CLIENT_CA | - InternalCertificate.VALID_CA; + InternalCertificate.TRUSTED_CLIENT_CA | + InternalCertificate.VALID_CA; ((InternalCertificate) cert).setSSLTrust(trustflag); } else { @@ -1767,31 +1765,31 @@ CMS.debug("*** removing this interna cert"); } public X509Certificate getCertificate(String nickname, String serialno, - String issuerName) throws EBaseException { + String issuerName) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { - nickname = nickname.substring(index+1); + nickname = nickname.substring(index + 1); } try { X509Certificate[] certs = - CryptoManager.getInstance().findCertsByNickname(nickname); + CryptoManager.getInstance().findCertsByNickname(nickname); X509CertImpl impl = null; - int i=0; + int i = 0; if (certs != null && certs.length > 0) { for (; i < certs.length; i++) { impl = new X509CertImpl(certs[i].getEncoded()); if (impl.getIssuerDN().toString().equals(issuerName) && - impl.getSerialNumber().toString().equals(serialno)) + impl.getSerialNumber().toString().equals(serialno)) return certs[i]; } } else { EBaseException e = - new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); throw e; } } catch (NotInitializedException e) { @@ -1799,50 +1797,50 @@ CMS.debug("*** removing this interna cert"); throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) { + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } - + return null; } public String getRootCertTrustBit(String nickname, String serialno, - String issuerName) throws EBaseException { + String issuerName) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { - nickname = nickname.substring(index+1); + nickname = nickname.substring(index + 1); } try { X509Certificate[] certs = - CryptoManager.getInstance().findCertsByNickname(nickname); + CryptoManager.getInstance().findCertsByNickname(nickname); X509CertImpl impl = null; - int i=0; + int i = 0; if (certs != null && certs.length > 0) { for (; i < certs.length; i++) { impl = new X509CertImpl(certs[i].getEncoded()); if (impl.getIssuerDN().toString().equals(issuerName) && - impl.getSerialNumber().toString().equals(serialno)) + impl.getSerialNumber().toString().equals(serialno)) break; } } else { EBaseException e = - new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); throw e; } String trust = "U"; if (certs[i] instanceof InternalCertificate) { - InternalCertificate icert = (InternalCertificate)certs[i]; + InternalCertificate icert = (InternalCertificate) certs[i]; int flag = icert.getSSLTrust(); - if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == - InternalCertificate.TRUSTED_CLIENT_CA) + if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == InternalCertificate.TRUSTED_CLIENT_CA) trust = "T"; - } else + } else trust = "N/A"; return trust; } catch (NotInitializedException e) { @@ -1850,36 +1848,37 @@ CMS.debug("*** removing this interna cert"); throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) { + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } } public String getCertPrettyPrint(String nickname, String serialno, - String issuerName, Locale locale) throws EBaseException { + String issuerName, Locale locale) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { - nickname = nickname.substring(index+1); + nickname = nickname.substring(index + 1); } try { X509Certificate[] certs = - CryptoManager.getInstance().findCertsByNickname(nickname); + CryptoManager.getInstance().findCertsByNickname(nickname); X509CertImpl impl = null; if (certs != null && certs.length > 0) { for (int i = 0; i < certs.length; i++) { impl = new X509CertImpl(certs[i].getEncoded()); if (impl.getIssuerDN().toString().equals(issuerName) && - impl.getSerialNumber().toString().equals(serialno)) + impl.getSerialNumber().toString().equals(serialno)) break; } } else { - EBaseException e = - new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + EBaseException e = + new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); throw e; } CertPrettyPrint print = null; @@ -1904,42 +1903,42 @@ CMS.debug("*** removing this interna cert"); } public String getCertPrettyPrintAndFingerPrint(String nickname, String serialno, - String issuerName, Locale locale) throws EBaseException { + String issuerName, Locale locale) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { - nickname = nickname.substring(index+1); + nickname = nickname.substring(index + 1); } try { X509Certificate[] certs = - CryptoManager.getInstance().findCertsByNickname(nickname); + CryptoManager.getInstance().findCertsByNickname(nickname); X509CertImpl impl = null; if (certs != null && certs.length > 0) { for (int i = 0; i < certs.length; i++) { impl = new X509CertImpl(certs[i].getEncoded()); if (impl.getIssuerDN().toString().equals(issuerName) && - impl.getSerialNumber().toString().equals(serialno)) + impl.getSerialNumber().toString().equals(serialno)) break; } } else { - EBaseException e = - new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + EBaseException e = + new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); throw e; } CertPrettyPrint print = null; - String fingerPrint = ""; + String fingerPrint = ""; if (impl != null) { print = new CertPrettyPrint(impl); - fingerPrint = CMS.getFingerPrints(impl.getEncoded()); - } + fingerPrint = CMS.getFingerPrints(impl.getEncoded()); + } if ((print != null) && (fingerPrint != "")) { - String pp = print.toString(locale) + "\n" + - "Certificate Fingerprints:"+ '\n' + fingerPrint; + String pp = print.toString(locale) + "\n" + + "Certificate Fingerprints:" + '\n' + fingerPrint; return pp; } else return null; @@ -1958,14 +1957,14 @@ CMS.debug("*** removing this interna cert"); } } - public String getCertPrettyPrint(String nickname, String date, - Locale locale) throws EBaseException { + public String getCertPrettyPrint(String nickname, String date, + Locale locale) throws EBaseException { try { X509Certificate[] certs = - CryptoManager.getInstance().findCertsByNickname(nickname); + CryptoManager.getInstance().findCertsByNickname(nickname); if ((certs == null || certs.length == 0) && - mNicknameMapCertsTable != null) { + mNicknameMapCertsTable != null) { certs = (X509Certificate[]) mNicknameMapCertsTable.get(nickname); } if (certs == null) { @@ -2010,7 +2009,7 @@ CMS.debug("*** removing this interna cert"); } public String getCertPrettyPrint(String b64E, Locale locale) throws EBaseException { - try { + try { try { byte[] b = KeyCertUtil.convertB64EToByteArray(b64E); X509CertImpl impl = new X509CertImpl(b); @@ -2026,7 +2025,7 @@ CMS.debug("*** removing this interna cert"); byte data[] = com.netscape.osutil.OSUtil.AtoB(normalized); ContentInfo ci = (ContentInfo) - ASN1Util.decode(ContentInfo.getTemplate(), data); + ASN1Util.decode(ContentInfo.getTemplate(), data); if (!ci.getContentType().equals(ContentInfo.SIGNED_DATA)) { throw new CertificateException( @@ -2053,7 +2052,7 @@ CMS.debug("*** removing this interna cert"); } } catch (InvalidBERException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "Failed to decode")); } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); @@ -2064,8 +2063,8 @@ CMS.debug("*** removing this interna cert"); } } - public X509CertImpl getSignedCert(KeyCertData data, String certType, java.security.PrivateKey priKey) - throws EBaseException { + public X509CertImpl getSignedCert(KeyCertData data, String certType, java.security.PrivateKey priKey) + throws EBaseException { CertificateInfo cert = null; if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { @@ -2087,8 +2086,8 @@ CMS.debug("*** removing this interna cert"); try { certInfo = cert.getCertInfo(); - SignatureAlgorithm sigAlg = - (SignatureAlgorithm) data.get(Constants.PR_SIGNATURE_ALGORITHM); + SignatureAlgorithm sigAlg = + (SignatureAlgorithm) data.get(Constants.PR_SIGNATURE_ALGORITHM); signedCert = KeyCertUtil.signCert(priKey, certInfo, sigAlg); } catch (NoSuchTokenException e) { @@ -2115,15 +2114,15 @@ CMS.debug("*** removing this interna cert"); if (certinfo == null) return false; else { - CertificateExtensions exts = - (CertificateExtensions) certinfo.get(X509CertInfo.EXTENSIONS); + CertificateExtensions exts = + (CertificateExtensions) certinfo.get(X509CertInfo.EXTENSIONS); if (exts == null) return false; else { try { BasicConstraintsExtension ext = (BasicConstraintsExtension) - exts.get(BasicConstraintsExtension.class.getSimpleName()); + exts.get(BasicConstraintsExtension.class.getSimpleName()); if (ext == null) return false; @@ -2155,8 +2154,8 @@ CMS.debug("*** removing this interna cert"); } } - public CertificateExtensions getExtensions(String tokenname, String nickname) - throws EBaseException { + public CertificateExtensions getExtensions(String tokenname, String nickname) + throws EBaseException { try { return KeyCertUtil.getExtensions(tokenname, nickname); } catch (NotInitializedException e) { @@ -2190,25 +2189,24 @@ CMS.debug("*** removing this interna cert"); } public PQGParams getCAPQG(int keysize, IConfigStore store) - throws EBaseException { + throws EBaseException { return KeyCertUtil.getCAPQG(keysize, store); } public CertificateExtensions getCertExtensions(String tokenname, String nickname) - throws NotInitializedException, TokenException, ObjectNotFoundException, + throws NotInitializedException, TokenException, ObjectNotFoundException, IOException, CertificateException { return KeyCertUtil.getExtensions(tokenname, nickname); } } -class JSSDatabaseCloser extends org.mozilla.jss.DatabaseCloser -{ +class JSSDatabaseCloser extends org.mozilla.jss.DatabaseCloser { public JSSDatabaseCloser() throws Exception { - super(); + super(); } public void closeDatabases() { - super.closeDatabases(); + super.closeDatabases(); } } diff --git a/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java b/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java index 35b7cdf2..79988e7d 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java +++ b/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.IOException; import java.security.KeyPair; @@ -29,16 +28,15 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; - /** - * KRA transport certificate + * KRA transport certificate * * @author Christine Ho * @version $Revision$, $Date$ */ public class KRATransportCert extends CertificateInfo { - public static final String SUBJECT_NAME = - "CN=Data Recovery Manager, O=Netscape Communications, C=US"; + public static final String SUBJECT_NAME = + "CN=Data Recovery Manager, O=Netscape Communications, C=US"; private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME; public KRATransportCert(KeyCertData properties) { @@ -49,8 +47,8 @@ public class KRATransportCert extends CertificateInfo { super(properties, pair); String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME); - if ((tmp != null) && - (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) + if ((tmp != null) && + (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) mTokenname = tmp; mProperties.put(Constants.PR_AKI, Constants.TRUE); } @@ -72,8 +70,8 @@ public class KRATransportCert extends CertificateInfo { public String getNickname() { String name = (String) mProperties.get(Constants.PR_NICKNAME); - String instanceName = - (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME); + String instanceName = + (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME); if (name != null) return name; @@ -107,4 +105,3 @@ public class KRATransportCert extends CertificateInfo { return extension; } } - diff --git a/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java b/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java index c020fe8b..606c140f 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java +++ b/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.FilterOutputStream; @@ -116,7 +115,6 @@ import com.netscape.cmscore.dbs.DateMapper; import com.netscape.cmscore.dbs.X509CertImplMapper; import com.netscape.cmsutil.crypto.CryptoUtil; - /** * This class provides all the base methods to generate the key for different * kinds of certificates. @@ -155,11 +153,11 @@ public class KeyCertUtil { } } - public static String getTokenNames(CryptoManager manager) - throws TokenException { + public static String getTokenNames(CryptoManager manager) + throws TokenException { String tokenList = ""; @SuppressWarnings("unchecked") - Enumeration<CryptoToken> tokens = manager.getExternalTokens(); + Enumeration<CryptoToken> tokens = manager.getExternalTokens(); int num = 0; while (tokens.hasMoreElements()) { @@ -183,9 +181,9 @@ public class KeyCertUtil { ByteArrayOutputStream output = new ByteArrayOutputStream(); Base64OutputStream b64 = new Base64OutputStream(new PrintStream(new - FilterOutputStream(output) + FilterOutputStream(output) ) - ); + ); b64.write(bytes); b64.flush(); @@ -196,7 +194,7 @@ public class KeyCertUtil { } public static byte[] makeDSSParms(BigInteger P, BigInteger Q, BigInteger G) - throws IOException { + throws IOException { // Write P, Q, G to a DER stream DerOutputStream contents = new DerOutputStream(); @@ -213,8 +211,8 @@ public class KeyCertUtil { return sequence.toByteArray(); } - public static PrivateKey getPrivateKey(String tokenname, String nickname) - throws TokenException, EBaseException, + public static PrivateKey getPrivateKey(String tokenname, String nickname) + throws TokenException, EBaseException, NoSuchTokenException, NotInitializedException, CertificateException, CertificateEncodingException, EBaseException, ObjectNotFoundException { @@ -223,15 +221,15 @@ public class KeyCertUtil { String tokenName = store.getString("ca.signing.cacertnickname"); */ X509Certificate cert = getCertificate(tokenname, nickname); - + return CryptoManager.getInstance().findPrivKeyByCert(cert); } - public static String getCertSubjectName(String tokenname, String nickname) - throws TokenException, EBaseException, NoSuchTokenException, + public static String getCertSubjectName(String tokenname, String nickname) + throws TokenException, EBaseException, NoSuchTokenException, NotInitializedException, CertificateException, CertificateEncodingException, EBaseException { - + X509Certificate cert = getCertificate(tokenname, nickname); X509CertImpl impl = new X509CertImpl(cert.getEncoded()); @@ -239,16 +237,16 @@ public class KeyCertUtil { } public static X509CertImpl signCert(PrivateKey privateKey, X509CertInfo certInfo, - SignatureAlgorithm sigAlg) - throws NoSuchTokenException, EBaseException, NotInitializedException { + SignatureAlgorithm sigAlg) + throws NoSuchTokenException, EBaseException, NotInitializedException { try { CertificateAlgorithmId sId = (CertificateAlgorithmId) - certInfo.get(X509CertInfo.ALGORITHM_ID); + certInfo.get(X509CertInfo.ALGORITHM_ID); AlgorithmId sigAlgId = - (AlgorithmId) sId.get(CertificateAlgorithmId.ALGORITHM); + (AlgorithmId) sId.get(CertificateAlgorithmId.ALGORITHM); - org.mozilla.jss.crypto.PrivateKey priKey = - (org.mozilla.jss.crypto.PrivateKey) privateKey; + org.mozilla.jss.crypto.PrivateKey priKey = + (org.mozilla.jss.crypto.PrivateKey) privateKey; CryptoToken token = priKey.getOwningToken(); DerOutputStream tmp = new DerOutputStream(); @@ -283,7 +281,7 @@ public class KeyCertUtil { } catch (CertificateException e) { throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } - } + } public static SignatureAlgorithm getSigningAlgorithm(String keyType) { SignatureAlgorithm sAlg = null; @@ -318,9 +316,9 @@ public class KeyCertUtil { } public static AlgorithmId getAlgorithmId(String algname, IConfigStore store) - throws EBaseException { + throws EBaseException { try { - + if (algname.equals("DSA")) { byte[] p = store.getByteArray("ca.dsaP", null); byte[] q = store.getByteArray("ca.dsaQ", null); @@ -341,10 +339,10 @@ public class KeyCertUtil { } public static X509Certificate getCertificate(String tokenname, - String nickname) throws NotInitializedException, NoSuchTokenException, + String nickname) throws NotInitializedException, NoSuchTokenException, EBaseException, TokenException { CryptoManager manager = CryptoManager.getInstance(); - CryptoToken token = null; + CryptoToken token = null; if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { token = manager.getInternalKeyStorageToken(); @@ -365,12 +363,12 @@ public class KeyCertUtil { } } - public static KeyPair getKeyPair(String tokenname, String nickname) - throws NotInitializedException, NoSuchTokenException, TokenException, + public static KeyPair getKeyPair(String tokenname, String nickname) + throws NotInitializedException, NoSuchTokenException, TokenException, ObjectNotFoundException, EBaseException { X509Certificate cert = getCertificate(tokenname, nickname); PrivateKey priKey = - CryptoManager.getInstance().findPrivKeyByCert(cert); + CryptoManager.getInstance().findPrivKeyByCert(cert); PublicKey publicKey = cert.getPublicKey(); return new KeyPair(publicKey, priKey); @@ -384,8 +382,8 @@ public class KeyCertUtil { } } - public static PQGParams getCAPQG(int keysize, IConfigStore store) - throws EBaseException { + public static PQGParams getCAPQG(int keysize, IConfigStore store) + throws EBaseException { if (store != null) { try { int pqgKeySize = store.getInteger("ca.dsaPQG.keyLength", 0); @@ -422,9 +420,9 @@ public class KeyCertUtil { store.putInteger("ca.dsaCounter", pqg.getCounter()); store.putString("ca.dsaH", KeyCertUtil.base64Encode( pqg.getH().toByteArray())); - store.putString("ca.DSSParms", - KeyCertUtil.base64Encode( - KeyCertUtil.makeDSSParms(pqg.getP(), pqg.getQ(), pqg.getG()))); + store.putString("ca.DSSParms", + KeyCertUtil.base64Encode( + KeyCertUtil.makeDSSParms(pqg.getP(), pqg.getQ(), pqg.getG()))); store.commit(false); return pqg; } catch (IOException ee) { @@ -439,12 +437,12 @@ public class KeyCertUtil { } public static KeyPair generateKeyPair(CryptoToken token, - KeyPairAlgorithm kpAlg, int keySize, PQGParams pqg) - throws NoSuchAlgorithmException, TokenException, InvalidAlgorithmParameterException, + KeyPairAlgorithm kpAlg, int keySize, PQGParams pqg) + throws NoSuchAlgorithmException, TokenException, InvalidAlgorithmParameterException, InvalidParameterException, PQGParamGenException { KeyPairGenerator kpGen = token.getKeyPairGenerator(kpAlg); - + if (kpAlg == KeyPairAlgorithm.DSA) { if (pqg == null) { kpGen.initialize(keySize); @@ -464,8 +462,7 @@ public class KeyCertUtil { do { // 602548 NSS bug - to overcome it, we use isBadDSAKeyPair kp = kpGen.genKeyPair(); - } - while (isBadDSAKeyPair(kp)); + } while (isBadDSAKeyPair(kp)); return kp; } } @@ -490,7 +487,7 @@ public class KeyCertUtil { byte[] bits = bs.getBits(); ByteArrayInputStream bitstream = new ByteArrayInputStream(bs.getBits()); ASN1Header wrapper = new ASN1Header(bitstream); - byte[] valBytes = new byte[ (int) wrapper.getContentLength() ]; + byte[] valBytes = new byte[(int) wrapper.getContentLength()]; ASN1Util.readFully(valBytes, bitstream); @@ -504,7 +501,7 @@ public class KeyCertUtil { } public static KeyPair generateKeyPair(String tokenName, String alg, - int keySize, PQGParams pqg) throws EBaseException { + int keySize, PQGParams pqg) throws EBaseException { CryptoToken token = null; @@ -549,8 +546,8 @@ public class KeyCertUtil { } } - public static PKCS10 getCertRequest(String subjectName, KeyPair keyPair) - throws NoSuchAlgorithmException, NoSuchProviderException, + public static PKCS10 getCertRequest(String subjectName, KeyPair keyPair) + throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException, CertificateException, SignatureException { PublicKey pubk = keyPair.getPublic(); @@ -565,7 +562,7 @@ public class KeyCertUtil { alg = "DSA"; } java.security.Signature sig = - java.security.Signature.getInstance(alg, "Mozilla-JSS"); + java.security.Signature.getInstance(alg, "Mozilla-JSS"); sig.initSign(keyPair.getPrivate()); @@ -580,9 +577,9 @@ public class KeyCertUtil { } public static PKCS10 getCertRequest(String subjectName, KeyPair - keyPair, Extensions - exts) - throws NoSuchAlgorithmException, NoSuchProviderException, + keyPair, Extensions + exts) + throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException, CertificateException, SignatureException { PublicKey pubk = keyPair.getPublic(); @@ -597,7 +594,7 @@ public class KeyCertUtil { alg = "DSA"; } java.security.Signature sig = - java.security.Signature.getInstance(alg, "Mozilla-JSS"); + java.security.Signature.getInstance(alg, "Mozilla-JSS"); sig.initSign(keyPair.getPrivate()); @@ -605,8 +602,8 @@ public class KeyCertUtil { if (exts != null) { PKCS10Attribute attr = new - PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, - (CertAttrSet) exts); + PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, + (CertAttrSet) exts); PKCS10Attributes attrs = new PKCS10Attributes(); attrs.setAttribute(attr.getAttributeValue().getName(), attr); @@ -624,8 +621,8 @@ public class KeyCertUtil { return pkcs10; } - public static X509Key convertPublicKeyToX509Key(PublicKey pubk) - throws InvalidKeyException { + public static X509Key convertPublicKeyToX509Key(PublicKey pubk) + throws InvalidKeyException { X509Key xKey; @@ -654,23 +651,23 @@ public class KeyCertUtil { } public static X509Certificate - importCert(X509CertImpl signedCert, String nickname, - String certType) throws NotInitializedException, TokenException, - CertificateEncodingException, UserCertConflictException, - NicknameConflictException, NoSuchItemOnTokenException, CertificateException { - + importCert(X509CertImpl signedCert, String nickname, + String certType) throws NotInitializedException, TokenException, + CertificateEncodingException, UserCertConflictException, + NicknameConflictException, NoSuchItemOnTokenException, CertificateException { + return importCert(signedCert.getEncoded(), nickname, certType); } public static X509Certificate - importCert(String b64E, String nickname, String certType) - throws NotInitializedException, TokenException, - CertificateEncodingException, UserCertConflictException, - NicknameConflictException, NoSuchItemOnTokenException, CertificateException { - + importCert(String b64E, String nickname, String certType) + throws NotInitializedException, TokenException, + CertificateEncodingException, UserCertConflictException, + NicknameConflictException, NoSuchItemOnTokenException, CertificateException { + byte b[] = b64E.getBytes(); X509Certificate cert = getInternalCertificate(b, nickname, certType); - + if (cert instanceof InternalCertificate) { setTrust(certType, (InternalCertificate) cert); } @@ -678,10 +675,10 @@ public class KeyCertUtil { } public static X509Certificate - importCert(byte[] b, String nickname, String certType) - throws NotInitializedException, TokenException, - CertificateEncodingException, UserCertConflictException, - NicknameConflictException, NoSuchItemOnTokenException, CertificateException { + importCert(byte[] b, String nickname, String certType) + throws NotInitializedException, TokenException, + CertificateEncodingException, UserCertConflictException, + NicknameConflictException, NoSuchItemOnTokenException, CertificateException { X509Certificate cert = getInternalCertificate(b, nickname, certType); @@ -691,8 +688,8 @@ public class KeyCertUtil { return cert; } - public static X509Certificate getInternalCertificate(byte[] b, String nickname, String certType) - throws NotInitializedException, TokenException, CertificateEncodingException, + public static X509Certificate getInternalCertificate(byte[] b, String nickname, String certType) + throws NotInitializedException, TokenException, CertificateEncodingException, UserCertConflictException, NicknameConflictException, NoSuchItemOnTokenException, CertificateException { X509Certificate cert = null; @@ -701,12 +698,12 @@ public class KeyCertUtil { cert = CryptoManager.getInstance().importUserCACertPackage(b, nickname); } else if (certType.equals(Constants.PR_RA_SIGNING_CERT) || - certType.equals(Constants.PR_KRA_TRANSPORT_CERT) || - certType.equals(Constants.PR_OCSP_SIGNING_CERT) || - certType.equals(Constants.PR_SERVER_CERT) || - certType.equals(Constants.PR_SERVER_CERT_RADM) || - certType.equals(Constants.PR_OTHER_CERT) || - certType.equals(Constants.PR_SUBSYSTEM_CERT)) { + certType.equals(Constants.PR_KRA_TRANSPORT_CERT) || + certType.equals(Constants.PR_OCSP_SIGNING_CERT) || + certType.equals(Constants.PR_SERVER_CERT) || + certType.equals(Constants.PR_SERVER_CERT_RADM) || + certType.equals(Constants.PR_OTHER_CERT) || + certType.equals(Constants.PR_SUBSYSTEM_CERT)) { cert = CryptoManager.getInstance().importCertPackage(b, nickname); } else if (certType.equals(Constants.PR_SERVER_CERT_CHAIN)) { @@ -719,15 +716,15 @@ public class KeyCertUtil { cert = certchain[certchain.length - 1]; } } - return cert; + return cert; } public static void setTrust(String certType, InternalCertificate inCert) { if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { int flag = InternalCertificate.VALID_CA | - InternalCertificate.TRUSTED_CA | - InternalCertificate.USER | - InternalCertificate.TRUSTED_CLIENT_CA; + InternalCertificate.TRUSTED_CA | + InternalCertificate.USER | + InternalCertificate.TRUSTED_CLIENT_CA; inCert.setSSLTrust(flag); inCert.setObjectSigningTrust(flag); @@ -737,23 +734,23 @@ public class KeyCertUtil { inCert.setSSLTrust(flag); inCert.setObjectSigningTrust(flag); - inCert.setEmailTrust(flag); + inCert.setEmailTrust(flag); } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { int flag = InternalCertificate.USER | InternalCertificate.VALID_CA; inCert.setSSLTrust(flag); inCert.setObjectSigningTrust(flag); - inCert.setEmailTrust(flag); + inCert.setEmailTrust(flag); } else if (certType.equals(Constants.PR_SERVER_CERT) || - certType.equals(Constants.PR_SUBSYSTEM_CERT)) { + certType.equals(Constants.PR_SUBSYSTEM_CERT)) { int flag = InternalCertificate.USER | InternalCertificate.VALID_CA; inCert.setSSLTrust(flag); inCert.setObjectSigningTrust(flag); - inCert.setEmailTrust(flag); + inCert.setEmailTrust(flag); } else if (certType.equals(Constants.PR_TRUSTED_CA_CERT)) { inCert.setSSLTrust(InternalCertificate.TRUSTED_CA | InternalCertificate.TRUSTED_CLIENT_CA | - InternalCertificate.VALID_CA); + InternalCertificate.VALID_CA); //inCert.setEmailTrust(InternalCertificate.TRUSTED_CA); // cannot set this bit. If set, then the cert will not appear when you called getCACerts(). @@ -762,7 +759,7 @@ public class KeyCertUtil { } public static byte[] convertB64EToByteArray(String b64E) - throws CertificateException, IOException { + throws CertificateException, IOException { String str = CertUtils.stripCertBrackets(b64E); byte bCert[] = (byte[]) (com.netscape.osutil.OSUtil.AtoB(str)); @@ -776,33 +773,33 @@ public class KeyCertUtil { /** * ASN.1 structure: - * 0 30 142: SEQUENCE { - * 3 30 69: SEQUENCE { - * 5 06 3: OBJECT IDENTIFIER issuerAltName (2 5 29 18) - * 10 04 62: OCTET STRING - * : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A - * : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01 - * : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 - * : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01 - * : } - * 74 30 69: SEQUENCE { - * 76 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) - * 81 04 62: OCTET STRING - * : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A - * : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01 - * : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 - * : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01 - * : } - * : } + * 0 30 142: SEQUENCE { + * 3 30 69: SEQUENCE { + * 5 06 3: OBJECT IDENTIFIER issuerAltName (2 5 29 18) + * 10 04 62: OCTET STRING + * : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A + * : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01 + * : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 + * : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01 + * : } + * 74 30 69: SEQUENCE { + * 76 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) + * 81 04 62: OCTET STRING + * : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A + * : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01 + * : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 + * : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01 + * : } + * : } * Uses the following to test with configuration wizard: * MIGOMEUGA1UdEQQ+MDyCAWGCAWGkEDAOMQwwCgYDVQQDEwNkc2GHBAEBAQGGAWGB * FHRob21hc2tAbmV0c2NhcGUuY29tiAMpAQEwRQYDVR0SBD4wPIIBYYIBYaQQMA4x * DDAKBgNVBAMTA2RzYYcEAQEBAYYBYYEUdGhvbWFza0BuZXRzY2FwZS5jb22IAykB - * AQ== + * AQ== */ public static void setDERExtension( - CertificateExtensions ext, KeyCertData properties) - throws IOException { + CertificateExtensions ext, KeyCertData properties) + throws IOException { String b64E = properties.getDerExtension(); @@ -827,8 +824,8 @@ public class KeyCertUtil { } public static void setBasicConstraintsExtension( - CertificateExtensions ext, KeyCertData properties) - throws IOException { + CertificateExtensions ext, KeyCertData properties) + throws IOException { String isCA = properties.isCA(); String certLen = properties.getCertLen(); @@ -844,12 +841,12 @@ public class KeyCertUtil { else len = Integer.parseInt(certLen); - if ((isCA == null) || (isCA.equals("")) || - (isCA.equals(Constants.FALSE))) + if ((isCA == null) || (isCA.equals("")) || + (isCA.equals(Constants.FALSE))) bool = false; else bool = true; - + BasicConstraintsExtension basic = new BasicConstraintsExtension( bool, len); @@ -857,17 +854,17 @@ public class KeyCertUtil { } public static void setExtendedKeyUsageExtension( - CertificateExtensions ext, KeyCertData properties) throws IOException, + CertificateExtensions ext, KeyCertData properties) throws IOException, CertificateException { ExtendedKeyUsageExtension ns = new ExtendedKeyUsageExtension(); boolean anyExt = false; - + String sslClient = properties.getSSLClientBit(); - + if ((sslClient != null) && (sslClient.equals(Constants.TRUE))) { ns.addOID(new ObjectIdentifier("1.3.6.1.5.5.7.3.2")); anyExt = true; - } + } String sslServer = properties.getSSLServerBit(); @@ -908,7 +905,7 @@ public class KeyCertUtil { } public static void setNetscapeCertificateExtension( - CertificateExtensions ext, KeyCertData properties) throws IOException, + CertificateExtensions ext, KeyCertData properties) throws IOException, CertificateException { NSCertTypeExtension ns = new NSCertTypeExtension(); @@ -966,37 +963,37 @@ public class KeyCertUtil { ext.set(NSCertTypeExtension.class.getSimpleName(), ns); } - public static void setOCSPNoCheck(KeyPair keypair, - CertificateExtensions ext, KeyCertData properties) throws IOException, + public static void setOCSPNoCheck(KeyPair keypair, + CertificateExtensions ext, KeyCertData properties) throws IOException, NoSuchAlgorithmException, InvalidKeyException { String noCheck = properties.getOCSPNoCheck(); if ((noCheck != null) && (noCheck.equals(Constants.TRUE))) { - OCSPNoCheckExtension noCheckExt = - new OCSPNoCheckExtension(); + OCSPNoCheckExtension noCheckExt = + new OCSPNoCheckExtension(); ext.set(OCSPNoCheckExtension.class.getSimpleName(), noCheckExt); } } - public static void setOCSPSigning(KeyPair keypair, - CertificateExtensions ext, KeyCertData properties) throws IOException, + public static void setOCSPSigning(KeyPair keypair, + CertificateExtensions ext, KeyCertData properties) throws IOException, NoSuchAlgorithmException, InvalidKeyException { String signing = properties.getOCSPSigning(); - if ((signing != null) && (signing.equals(Constants.TRUE))) { - Vector<ObjectIdentifier> oidSet = new Vector<ObjectIdentifier>(); + if ((signing != null) && (signing.equals(Constants.TRUE))) { + Vector<ObjectIdentifier> oidSet = new Vector<ObjectIdentifier>(); oidSet.addElement( - ObjectIdentifier.getObjectIdentifier( - ExtendedKeyUsageExtension.OID_OCSPSigning)); - ExtendedKeyUsageExtension ocspExt = - new ExtendedKeyUsageExtension(false, oidSet); + ObjectIdentifier.getObjectIdentifier( + ExtendedKeyUsageExtension.OID_OCSPSigning)); + ExtendedKeyUsageExtension ocspExt = + new ExtendedKeyUsageExtension(false, oidSet); ext.set(ExtendedKeyUsageExtension.class.getSimpleName(), ocspExt); } } - public static void setAuthInfoAccess(KeyPair keypair, - CertificateExtensions ext, KeyCertData properties) throws IOException, + public static void setAuthInfoAccess(KeyPair keypair, + CertificateExtensions ext, KeyCertData properties) throws IOException, NoSuchAlgorithmException, InvalidKeyException { String aia = properties.getAIA(); @@ -1005,7 +1002,7 @@ public class KeyCertUtil { String port = CMS.getEENonSSLPort(); AuthInfoAccessExtension aiaExt = new AuthInfoAccessExtension(false); if (hostname != null && port != null) { - String location = "http://"+hostname+":"+port+"/ca/ocsp"; + String location = "http://" + hostname + ":" + port + "/ca/ocsp"; GeneralName ocspName = new GeneralName(new URIName(location)); aiaExt.addAccessDescription(AuthInfoAccessExtension.METHOD_OCSP, ocspName); } @@ -1014,42 +1011,42 @@ public class KeyCertUtil { } } - public static void setAuthorityKeyIdentifier(KeyPair keypair, - CertificateExtensions ext, KeyCertData properties) throws IOException, + public static void setAuthorityKeyIdentifier(KeyPair keypair, + CertificateExtensions ext, KeyCertData properties) throws IOException, NoSuchAlgorithmException, InvalidKeyException { String aki = properties.getAKI(); if ((aki != null) && (aki.equals(Constants.TRUE))) { KeyIdentifier id = createKeyIdentifier(keypair); - AuthorityKeyIdentifierExtension akiExt = - new AuthorityKeyIdentifierExtension(id, null, null); + AuthorityKeyIdentifierExtension akiExt = + new AuthorityKeyIdentifierExtension(id, null, null); ext.set(AuthorityKeyIdentifierExtension.class.getSimpleName(), akiExt); } } - public static void setSubjectKeyIdentifier(KeyPair keypair, - CertificateExtensions ext, - KeyCertData properties) throws IOException, NoSuchAlgorithmException, + public static void setSubjectKeyIdentifier(KeyPair keypair, + CertificateExtensions ext, + KeyCertData properties) throws IOException, NoSuchAlgorithmException, InvalidKeyException { String ski = properties.getSKI(); if ((ski != null) && (ski.equals(Constants.TRUE))) { KeyIdentifier id = createKeyIdentifier(keypair); SubjectKeyIdentifierExtension skiExt = - new SubjectKeyIdentifierExtension(id.getIdentifier()); + new SubjectKeyIdentifierExtension(id.getIdentifier()); ext.set(SubjectKeyIdentifierExtension.class.getSimpleName(), skiExt); } } public static void setKeyUsageExtension(CertificateExtensions ext, - KeyUsageExtension keyUsage) throws IOException { + KeyUsageExtension keyUsage) throws IOException { ext.set(KeyUsageExtension.class.getSimpleName(), keyUsage); } - public static KeyIdentifier createKeyIdentifier(KeyPair keypair) - throws NoSuchAlgorithmException, InvalidKeyException { + public static KeyIdentifier createKeyIdentifier(KeyPair keypair) + throws NoSuchAlgorithmException, InvalidKeyException { MessageDigest md = MessageDigest.getInstance("SHA-1"); X509Key subjectKeyInfo = convertPublicKeyToX509Key( keypair.getPublic()); @@ -1059,8 +1056,8 @@ public class KeyCertUtil { return new KeyIdentifier(md.digest()); } - public static BigInteger getSerialNumber(LDAPConnection conn, String baseDN) - throws LDAPException { + public static BigInteger getSerialNumber(LDAPConnection conn, String baseDN) + throws LDAPException { String dn = "ou=certificateRepository,ou=ca," + baseDN; BigInteger serialno = null; LDAPEntry entry = conn.read(dn); @@ -1080,9 +1077,9 @@ public class KeyCertUtil { return serialno; } - public static void setSerialNumber(LDAPConnection conn, - String baseDN, BigInteger serial) - throws LDAPException { + public static void setSerialNumber(LDAPConnection conn, + String baseDN, BigInteger serial) + throws LDAPException { String dn = "ou=certificateRepository,ou=ca," + baseDN; LDAPAttribute attr = new LDAPAttribute("serialno"); @@ -1097,19 +1094,19 @@ public class KeyCertUtil { } public static void addCertToDB(LDAPConnection conn, String dn, X509CertImpl cert) - throws LDAPException, EBaseException { + throws LDAPException, EBaseException { BigInteger serialno = cert.getSerialNumber(); X509CertImplMapper mapper = new X509CertImplMapper(); LDAPAttributeSet attrs = new LDAPAttributeSet(); mapper.mapObjectToLDAPAttributeSet(null, null, - cert, attrs); + cert, attrs); attrs.add(new LDAPAttribute("objectclass", "top")); attrs.add(new LDAPAttribute("objectclass", "certificateRecord")); attrs.add(new LDAPAttribute("serialno", BigIntegerMapper.BigIntegerToDB( - serialno))); + serialno))); attrs.add(new LDAPAttribute("dateOfCreate", DateMapper.dateToDB((CMS.getCurrentDate())))); attrs.add(new LDAPAttribute("dateOfModify", @@ -1125,12 +1122,12 @@ public class KeyCertUtil { conn.add(entry); } - public static CertificateExtensions getExtensions(String tokenname, String nickname) - throws NotInitializedException, TokenException, ObjectNotFoundException, + public static CertificateExtensions getExtensions(String tokenname, String nickname) + throws NotInitializedException, TokenException, ObjectNotFoundException, IOException, CertificateException { String fullnickname = nickname; - if (!tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) + if (!tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) fullnickname = tokenname + ":" + nickname; CryptoManager manager = CryptoManager.getInstance(); X509Certificate cert = manager.findCertByNickname(fullnickname); diff --git a/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java b/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java index efeade92..762db5e9 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java +++ b/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.IOException; import java.math.BigInteger; import java.security.KeyPair; @@ -34,7 +33,6 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; - /** * OCSP signing certificate. * @@ -42,8 +40,8 @@ import com.netscape.certsrv.security.KeyCertData; * @version $Revision$, $Date$ */ public class OCSPSigningCert extends CertificateInfo { - public static final String SUBJECT_NAME = - "CN=Certificate Authority, O=Netscape Communications, C=US"; + public static final String SUBJECT_NAME = + "CN=Certificate Authority, O=Netscape Communications, C=US"; public OCSPSigningCert(KeyCertData properties) { this(properties, null); @@ -85,7 +83,7 @@ public class OCSPSigningCert extends CertificateInfo { BigInteger P = new BigInteger(p); BigInteger Q = new BigInteger(q); BigInteger G = new BigInteger(g); - BigInteger pqgSeed = new BigInteger(seed); + BigInteger pqgSeed = new BigInteger(seed); BigInteger pqgH = new BigInteger(H); return new PQGParams(P, Q, G, pqgSeed, counter, pqgH); @@ -113,7 +111,7 @@ public class OCSPSigningCert extends CertificateInfo { cmsFileTmp.putString("ca.signing.cacertnickname", nickname); else cmsFileTmp.putString("ca.signing.cacertnickname", - tokenname + ":" + nickname); + tokenname + ":" + nickname); cmsFileTmp.commit(false); } @@ -140,4 +138,3 @@ public class OCSPSigningCert extends CertificateInfo { return extension; } } - diff --git a/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java b/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java index 48b19f62..49c84d52 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java +++ b/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.File; import java.io.InputStream; import java.io.OutputStream; @@ -30,7 +29,6 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.logging.ILogger; import com.netscape.cmscore.base.JDialogPasswordCallback; - /* * A class to retrieve passwords from the SDR password cache * @@ -41,7 +39,7 @@ import com.netscape.cmscore.base.JDialogPasswordCallback; public class PWCBsdr implements PasswordCallback { InputStream in = null; OutputStream out = null; - String mprompt = ""; + String mprompt = ""; boolean firsttime = true; private PasswordCallback mCB = null; private String mPWcachedb = null; @@ -50,7 +48,7 @@ public class PWCBsdr implements PasswordCallback { public PWCBsdr() { this(null); } - + public PWCBsdr(String prompt) { in = System.in; out = System.out; @@ -72,7 +70,7 @@ public class PWCBsdr implements PasswordCallback { try { mPWcachedb = CMS.getConfigStore().getString("pwCache"); CMS.debug("got pwCache from configstore: " + - mPWcachedb); + mPWcachedb); } catch (NullPointerException e) { System.out.println("after CMS.getConfigStore got NullPointerException ... testing ok"); } catch (Exception e) { @@ -81,7 +79,7 @@ public class PWCBsdr implements PasswordCallback { } // System.out.println("after CMS.getConfigStore"); - if (File.separator.equals("/")) { + if (File.separator.equals("/")) { // Unix mCB = new PWsdrConsolePasswordCallback(prompt); } else { @@ -98,7 +96,7 @@ public class PWCBsdr implements PasswordCallback { */ public Password getPasswordFirstAttempt(PasswordCallbackInfo info) - throws PasswordCallback.GiveUpException { + throws PasswordCallback.GiveUpException { CMS.debug("in getPasswordFirstAttempt"); @@ -144,7 +142,7 @@ public class PWCBsdr implements PasswordCallback { if (tmpPrompt == null) { /* no name, fail */ System.out.println("Shouldn't get here"); throw new PasswordCallback.GiveUpException(); - } else { /* get password from password cache */ + } else { /* get password from password cache */ CMS.debug("getting tag = " + tmpPrompt); PWsdrCache pwc = new PWsdrCache(mPWcachedb, mLogger); @@ -174,7 +172,7 @@ public class PWCBsdr implements PasswordCallback { * the password to the cache pw cache */ public Password getPasswordAgain(PasswordCallbackInfo info) - throws PasswordCallback.GiveUpException { + throws PasswordCallback.GiveUpException { CMS.debug("in getPasswordAgain"); try { @@ -208,12 +206,11 @@ public class PWCBsdr implements PasswordCallback { if (mLogger == null) { System.out.println(msg); } else { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "PWCBsdr " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "PWCBsdr " + msg); } } } - class PWsdrConsolePasswordCallback implements PasswordCallback { private String mPrompt = null; @@ -226,7 +223,7 @@ class PWsdrConsolePasswordCallback implements PasswordCallback { } public Password getPasswordFirstAttempt(PasswordCallbackInfo info) - throws PasswordCallback.GiveUpException { + throws PasswordCallback.GiveUpException { if (mPrompt == null) { System.out.println("Get password " + info.getName()); } else { @@ -239,7 +236,7 @@ class PWsdrConsolePasswordCallback implements PasswordCallback { } public Password getPasswordAgain(PasswordCallbackInfo info) - throws PasswordCallback.GiveUpException { + throws PasswordCallback.GiveUpException { System.out.println("Password Incorrect."); if (mPrompt == null) { System.out.println("Get password " + info.getName()); @@ -253,7 +250,6 @@ class PWsdrConsolePasswordCallback implements PasswordCallback { } } - class PWsdrDialogPasswordCallback extends JDialogPasswordCallback { private String mPrompt = null; @@ -270,4 +266,3 @@ class PWsdrDialogPasswordCallback extends JDialogPasswordCallback { } } } - diff --git a/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java b/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java index 3be63691..524e7a50 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java +++ b/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java @@ -17,23 +17,20 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.BufferedReader; import java.io.InputStreamReader; import org.mozilla.jss.util.Password; import org.mozilla.jss.util.PasswordCallback; - -public class -PWUtil { +public class PWUtil { public static Password - readPasswordFromStream() - throws PasswordCallback.GiveUpException { + readPasswordFromStream() + throws PasswordCallback.GiveUpException { BufferedReader in; in = new BufferedReader(new InputStreamReader(System.in)); - + StringBuffer buf = new StringBuffer(); String passwordString = new String(); int c; @@ -49,7 +46,7 @@ PWUtil { if (ch != '\r') { if (ch != '\n') { buf.append(ch); - } else { + } else { passwordString = buf.toString(); buf.setLength(0); break; @@ -80,4 +77,3 @@ PWUtil { } } } - diff --git a/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java b/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java index 12412f59..3d57c627 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java +++ b/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.BufferedReader; import java.io.ByteArrayOutputStream; import java.io.File; @@ -46,7 +45,6 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.logging.ILogger; import com.netscape.cmsutil.util.Utils; - /* * A class for managing passwords in the SDR password cache * @@ -86,13 +84,13 @@ public class PWsdrCache { try { cm = CryptoManager.getInstance(); mTokenName = CMS.getConfigStore().getString(PROP_PWC_TOKEN_NAME); - log (ILogger.LL_DEBUG, "pwcTokenname specified. Use token for SDR key. tokenname= "+mTokenName); + log(ILogger.LL_DEBUG, "pwcTokenname specified. Use token for SDR key. tokenname= " + mTokenName); mToken = cm.getTokenByName(mTokenName); } catch (NotInitializedException e) { - log (ILogger.LL_FAILURE, e.toString()); + log(ILogger.LL_FAILURE, e.toString()); throw new EBaseException(e.toString()); } catch (Exception e) { - log (ILogger.LL_DEBUG, "no pwcTokenname specified, use internal token for SDR key"); + log(ILogger.LL_DEBUG, "no pwcTokenname specified, use internal token for SDR key"); mToken = cm.getInternalKeyStorageToken(); } } @@ -103,11 +101,11 @@ public class PWsdrCache { if (mKeyID == null) { try { String keyID = CMS.getConfigStore().getString(PROP_PWC_KEY_ID); - log (ILogger.LL_DEBUG, "retrieved PWC SDR key"); + log(ILogger.LL_DEBUG, "retrieved PWC SDR key"); mKeyID = base64Decode(keyID); - + } catch (Exception e) { - log (ILogger.LL_DEBUG, "no pwcSDRKey specified"); + log(ILogger.LL_DEBUG, "no pwcSDRKey specified"); throw new EBaseException(e.toString()); } } @@ -131,10 +129,10 @@ public class PWsdrCache { cm = CryptoManager.getInstance(); if (mTokenName != null) { mToken = cm.getTokenByName(mTokenName); - mToken = cm.getInternalKeyStorageToken(); - debug("PWsdrCache: mToken = "+mTokenName); + mToken = cm.getInternalKeyStorageToken(); + debug("PWsdrCache: mToken = " + mTokenName); } else { - mToken = cm.getInternalKeyStorageToken(); + mToken = cm.getInternalKeyStorageToken(); debug("PWsdrCache: mToken = internal"); } } @@ -147,20 +145,18 @@ public class PWsdrCache { return mTokenName; } - public void deleteUniqueNamedKey( String nickName ) - throws Exception - { - KeyManager km = new KeyManager( mToken ); - km.deleteUniqueNamedKey( nickName ); + public void deleteUniqueNamedKey(String nickName) + throws Exception { + KeyManager km = new KeyManager(mToken); + km.deleteUniqueNamedKey(nickName); } - public byte[] generateSDRKey () throws Exception { - return generateSDRKeyWithNickName(PROP_PWC_NICKNAME); + public byte[] generateSDRKey() throws Exception { + return generateSDRKeyWithNickName(PROP_PWC_NICKNAME); } - public byte[] generateSDRKeyWithNickName (String nickName) - throws Exception - { + public byte[] generateSDRKeyWithNickName(String nickName) + throws Exception { try { if (mIsTool != true) { @@ -173,24 +169,24 @@ public class PWsdrCache { // prior to making an attempt to // generate it! // - if( !( km.uniqueNamedKeyExists( nickName ) ) ) { - mKeyID = km.generateUniqueNamedKey( nickName ); + if (!(km.uniqueNamedKeyExists(nickName))) { + mKeyID = km.generateUniqueNamedKey(nickName); } } catch (TokenException e) { - log (0, "generateSDRKey() failed on "+e.toString()); + log(0, "generateSDRKey() failed on " + e.toString()); throw e; } } } catch (Exception e) { - log (ILogger.LL_FAILURE, e.toString()); + log(ILogger.LL_FAILURE, e.toString()); throw e; } return mKeyID; } public byte[] base64Decode(String s) throws IOException { - byte[] d = com.netscape.osutil.OSUtil.AtoB(s); - return d; + byte[] d = com.netscape.osutil.OSUtil.AtoB(s); + return d; } public static String base64Encode(byte[] bytes) throws IOException { @@ -199,9 +195,9 @@ public class PWsdrCache { ByteArrayOutputStream output = new ByteArrayOutputStream(); Base64OutputStream b64 = new Base64OutputStream(new PrintStream(new - FilterOutputStream(output) + FilterOutputStream(output) ) - ); + ); b64.write(bytes); b64.flush(); @@ -211,10 +207,9 @@ public class PWsdrCache { return output.toString("8859_1"); } - // for PWCBsdr public PWsdrCache(String pwCache, ILogger logger) throws - EBaseException { + EBaseException { mLogger = logger; mPWcachedb = pwCache; initToken(); @@ -236,7 +231,7 @@ public class PWsdrCache { * add passwd in pwcache. */ public void addEntry(String tag, String pwd, Hashtable tagPwds) throws EBaseException { - + String stringToAdd = null; String bufs = null; @@ -249,7 +244,7 @@ public class PWsdrCache { tag = (String) enum1.nextElement(); pwd = (String) tagPwds.get(tag); debug("password tag: " + tag + " stored in " + mPWcachedb); - + if (stringToAdd == null) { stringToAdd = tag + ":" + pwd + "\n"; } else { @@ -277,7 +272,7 @@ public class PWsdrCache { debug("adding new tag: " + tag); bufs = stringToAdd; } - + // write update to cache writePWcache(bufs); } @@ -307,7 +302,7 @@ public class PWsdrCache { debug("password cache contains no tags"); return; } - + // write update to cache writePWcache(bufs); } @@ -394,35 +389,35 @@ public class PWsdrCache { File origFile = new File(mPWcachedb); try { - if( Utils.isNT() ) { + if (Utils.isNT()) { // NT is very picky on the path - Utils.exec( "copy " + - tmpPWcache.getAbsolutePath().replace( '/', - '\\' ) + + Utils.exec("copy " + + tmpPWcache.getAbsolutePath().replace('/', + '\\') + " " + - origFile.getAbsolutePath().replace( '/', - '\\' ) ); + origFile.getAbsolutePath().replace('/', + '\\')); } else { // Create a copy of the original file which // preserves the original file permissions. - Utils.exec( "cp -p " + tmpPWcache.getAbsolutePath() + " " + - origFile.getAbsolutePath() ); + Utils.exec("cp -p " + tmpPWcache.getAbsolutePath() + " " + + origFile.getAbsolutePath()); } // Remove the original file if and only if // the backup copy was successful. - if( origFile.exists() ) { - if( !Utils.isNT() ) { + if (origFile.exists()) { + if (!Utils.isNT()) { try { - Utils.exec( "chmod 00660 " + - origFile.getCanonicalPath() ); - } catch( IOException e ) { - CMS.debug( "Unable to change file permissions on " - + origFile.toString() ); + Utils.exec("chmod 00660 " + + origFile.getCanonicalPath()); + } catch (IOException e) { + CMS.debug("Unable to change file permissions on " + + origFile.toString()); } } tmpPWcache.delete(); - debug( "operation completed for " + mPWcachedb ); + debug("operation completed for " + mPWcachedb); } } catch (Exception exx) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_CACHE", exx.toString())); @@ -447,7 +442,7 @@ public class PWsdrCache { while (enum1.hasMoreElements()) { String tag = (String) enum1.nextElement(); String pwd = (String) ht.get(tag); - + if (returnString == null) { returnString = tag + ":" + pwd + "\n"; } else { @@ -566,22 +561,22 @@ public class PWsdrCache { if (process.exitValue() == 0) { /** - pOut = new BufferedReader( - new InputStreamReader(process.getInputStream())); - while ((l = pOut.readLine()) != null) { - System.out.println(l); - } + * pOut = new BufferedReader( + * new InputStreamReader(process.getInputStream())); + * while ((l = pOut.readLine()) != null) { + * System.out.println(l); + * } **/ return true; } else { /** - pOut = new BufferedReader( - new InputStreamReader(process.getErrorStream())); - l = null; - while ((l = pOut.readLine()) != null) { - System.out.println(l); - } + * pOut = new BufferedReader( + * new InputStreamReader(process.getErrorStream())); + * l = null; + * while ((l = pOut.readLine()) != null) { + * System.out.println(l); + * } **/ return false; } @@ -599,7 +594,7 @@ public class PWsdrCache { public void log(int level, String msg) { if (mLogger != null) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, - "PWsdrCache " + msg); + "PWsdrCache " + msg); } else if (mIsTool) { System.out.println(msg); } // else it's most likely the installation wizard...no logging @@ -636,7 +631,7 @@ public class PWsdrCache { line.length()); debug(tag.trim() + - " : " + passwd.trim()); + " : " + passwd.trim()); } else { //invalid format...log or throw...later debug("invalid format"); diff --git a/pki/base/common/src/com/netscape/cmscore/security/Provider.java b/pki/base/common/src/com/netscape/cmscore/security/Provider.java index 0e7f8e2e..540fe220 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/Provider.java +++ b/pki/base/common/src/com/netscape/cmscore/security/Provider.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - public class Provider extends java.security.Provider { /** @@ -27,7 +26,7 @@ public class Provider extends java.security.Provider { public Provider() { super("CMS", 1.4, - "Provides Signature and Message Digesting"); + "Provides Signature and Message Digesting"); ///////////////////////////////////////////////////////////// // Signature @@ -46,7 +45,7 @@ public class Provider extends java.security.Provider { put("Signature.MD5/RSA", "org.mozilla.jss.provider.MD5RSASignature"); put("Signature.MD2/RSA", "org.mozilla.jss.provider.MD2RSASignature"); put("Signature.SHA-1/RSA", - "org.mozilla.jss.provider.SHA1RSASignature"); + "org.mozilla.jss.provider.SHA1RSASignature"); put("Alg.Alias.Signature.SHA1/RSA", "SHA-1/RSA"); diff --git a/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java b/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java index 1ac8f0ea..581fc886 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java +++ b/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.IOException; import java.security.KeyPair; @@ -29,16 +28,15 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; - /** - * RA signing certificate + * RA signing certificate * * @author Christine Ho * @version $Revision$, $Date$ */ public class RASigningCert extends CertificateInfo { - public static final String SUBJECT_NAME = - "CN=Registration Authority, O=Netscape Communications, C=US"; + public static final String SUBJECT_NAME = + "CN=Registration Authority, O=Netscape Communications, C=US"; private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME; public RASigningCert(KeyCertData properties) { @@ -49,8 +47,8 @@ public class RASigningCert extends CertificateInfo { super(properties, pair); String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME); - if ((tmp != null) && - (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) + if ((tmp != null) && + (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) mTokenname = tmp; try { if (mProperties.get(Constants.PR_AKI) == null) { @@ -79,7 +77,7 @@ public class RASigningCert extends CertificateInfo { public String getNickname() { String name = (String) mProperties.get(Constants.PR_NICKNAME); String instanceName = - (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME); + (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME); if (name != null) return name; @@ -113,4 +111,3 @@ public class RASigningCert extends CertificateInfo { return extension; } } - diff --git a/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java b/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java index eab48bdf..b54f24dc 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java +++ b/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.IOException; import java.security.KeyPair; @@ -29,16 +28,15 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; - /** - * SSL server certificate + * SSL server certificate * * @author Christine Ho * @version $Revision$, $Date$ */ public class SSLCert extends CertificateInfo { - public static final String SUBJECT_NAME = - "CN=SSL, O=Netscape Communications, C=US"; + public static final String SUBJECT_NAME = + "CN=SSL, O=Netscape Communications, C=US"; private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME; public SSLCert(KeyCertData properties) { @@ -49,8 +47,8 @@ public class SSLCert extends CertificateInfo { super(properties, pair); String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME); - if ((tmp != null) && - (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) + if ((tmp != null) && + (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) mTokenname = tmp; try { if (mProperties.get(Constants.PR_AKI) == null) { @@ -88,7 +86,7 @@ public class SSLCert extends CertificateInfo { public String getNickname() { String name = (String) mProperties.get(Constants.PR_NICKNAME); String instanceName = - (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME); + (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME); if (name != null) return name; @@ -125,4 +123,3 @@ public class SSLCert extends CertificateInfo { return extension; } } - diff --git a/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java b/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java index ac7eb2ad..1d70e7a1 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java +++ b/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.IOException; import java.security.KeyPair; @@ -29,16 +28,15 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; - /** - * SSL server certificate + * SSL server certificate * * @author Christine Ho * @version $Revision$, $Date$ */ public class SSLSelfSignedCert extends CertificateInfo { - public static final String SUBJECT_NAME = - "CN=SSL, O=Netscape Communications, C=US"; + public static final String SUBJECT_NAME = + "CN=SSL, O=Netscape Communications, C=US"; private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME; public SSLSelfSignedCert(KeyCertData properties) { @@ -49,8 +47,8 @@ public class SSLSelfSignedCert extends CertificateInfo { super(properties, pair); String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME); - if ((tmp != null) && - (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) + if ((tmp != null) && + (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) mTokenname = tmp; mProperties.remove(Constants.PR_AKI); @@ -80,7 +78,7 @@ public class SSLSelfSignedCert extends CertificateInfo { public String getNickname() { String name = (String) mProperties.get(Constants.PR_NICKNAME); String instanceName = - (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME); + (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME); if (name != null) return name; @@ -119,4 +117,3 @@ public class SSLSelfSignedCert extends CertificateInfo { return extension; } } - diff --git a/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java b/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java index bd630de8..aede5e4d 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java +++ b/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.IOException; import java.security.KeyPair; @@ -29,7 +28,6 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; - /** * Subsystem certificate. * @@ -81,4 +79,3 @@ public class SubsystemCert extends CertificateInfo { return extension; } } - |